Article

Automatic code recognition for smart cards using a Kohonen neural network

Authors:

Jean-Jacques Quisquater,

David SamydeAuthors Info & Claims

CARDIS'02: Proceedings of the 5th conference on Smart Card Research and Advanced Application Conference - Volume 5

Page 6

Published: 21 November 2002 Publication History

Publisher Site

Abstract

A processor can leak information by different ways. Although, the possibility of attacking smart cards by analyzing their power consumption [Kocher] or their electromagnetic radiations is now commonly accepted [Gandolfi]. A lot of publications recognize the possibility to recover the signature of an instruction in a side channel trace. It seems that no article demonstrate how to automate reverse engineering of software code, using this assumption. Our work describes a method to recognize the instructions carried out by the processor. In a general way, a classifier permits to identify the right or wrong value during the comparison of a pin code or large parts of a software code. On a few micro-controllers, using a classical correlation between the power trace and a dictionary, we show how to identify the CPU's actions. Sometimes, silicon manufacturers hide specific opcodes deliberately. The EM investigation and the template attack demonstrated by IBM, at Cryptographic Hardware and Embedded Systems 2002, rely on multivariate signal processing for electromagnetic and power traces. The method presented in this article is based on a self organizing map. On a CISC processor, it is then obvious to find a hidden instruction looking for a hole or a bad construction of the map. The case of pipelined processors is a little bit different: as they decode, execute, fetch, several parts of different opcodes at the same time, it is more difficult to recognize a specific signature.

References

[1]

{Kocher} P. Kocher, J. Jaffe and B. Jun, Differential Power Analysis, In M. Wiener, editor, Advances in Cryptology-CRYPTO'99, vol. 1666 of Lecture Notes in Computer Science, pp. 388-397, Springer-Verlag, 1999. Also available at: http://www.cryptography.com/dpa/Dpa.pdf.]]

Digital Library

Google Scholar

[2]

{Gandolfi} K. Gandolfi, C. Mourtel and F. Olivier, Electromagnetic analysis : concrete results, In Ko, Naccache, Paar editor, Cryptographic Hardware and Embedded Systems, vol 2162 of Lecture Notes in Computer Science, pp. 251-261, Springer-Verlag, 2001.]]

Digital Library

Google Scholar

[3]

{Quisquater} J.-J Quisquater and D. Samyde, ElectroMagnetic Analysis (EMA) Measures and Counter-Measures for Smart Cards, in I. Attali and T. Jensen, editors, E-Smart Smartcard Programming and Security, vol. 2140 of Lecture Notes in Computer Science, pp. 200-210, Springer-Verlag 2001.]]

Digital Library

Google Scholar

[4]

{Boneh} D. Boneh, R.A. Demillo, and R. J. Lipton, On the Importance of Checking Cryptographic Protocols for Faults, in Proc. of Advances in Cryptology-Eurocrypt'97, Springer-Verlag, 1997, pp. 37-51.]]

Google Scholar

[5]

{Anderson} R. Anderson, M. Kuhn, Tamper resistance-A Cautionary Note, Proc. of the Second USENIX Workshop on Electronic Commerce, USENIX Association, 1996.]]

Digital Library

Google Scholar

[6]

{Messerges} T. Messerges and E. Dabbish, Investigations of power analysis attacks on smartcards, In Proc. of the USENIX Workshop on Smartcard Technology (Smartcard'99). USENIX Association, 1999.]]

Digital Library

Google Scholar

[7]

{Fahn} P. N. Fahn and P. K. Pearson, IPA : A new class of power attacks, Proc. of CHES'99, editors C. K. Ko and C. Paar, Lecture Notes in Computer Science, vol. 1717, Springer-Verlag, pp. 173-186, 1999.]]

Digital Library

Google Scholar

[8]

{Kommerling} O. Kommerling and M. Kuhn, Design principles for tamper-resistant smartcard processors, In Proc. of the USENIX Workshop on Smartcard Technology (Smarcard'99), pp. 9-20. USENIX Association, 1999.]]

Digital Library

Google Scholar

[9]

{Coron} J-S. Coron, P. Kocher, and D. Naccache, Statistics and Secret Leakage, Financial Cryptography 2000 (FC'00), Lecture Notes in Computer Science, Springer-Verlag.]]

Digital Library

Google Scholar

[10]

{Kuhn} M. Kuhn and R. Anderson, Soft tempest: Hidden data transmission using electromagnetic emanations, In D. Aucsmith, editor, Information Hiding, vol 1525 of Lecture Notes in Computer Science, pp 124-142. Springer-Verlag, 1998.]]

Google Scholar

[11]

{Biham} E. Biham, and A. Shamir, Power Analysis of the Key Scheduling of the AES Canditates, in Second Advanced Encryption Standard Canditate Conference, Rome, March 1999.]]

Google Scholar

[12]

{Kelsey} J. Kelsey, B. Schneier, D. Wagner, and C. Hall, Side Channel Cryptanalysis of Product Ciphers, in Proc. of ESORICS'98, Springer-Verlag, September 1998, pp. 97-110.]]

Digital Library

Google Scholar

[13]

{Kohonen1} T. Kohonen, Self-Organizing Maps, Third Edition, in Information Science, Springer-Verlag, 2001.]]

Digital Library

Google Scholar

[14]

{Kohonen2} T. Kohonen, The self-organizing map, Proceedings of the IEEE 78, pp. 1464-1480, 1990.]]

Crossref

Google Scholar

Cited By

View all

Mahmoud DLenders VStojilović M(2022)Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous EraACM Computing Surveys10.1145/349833755:3(1-40)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3498337
Strobel DBache FOswald DSchellenberg FPaar CNebel WAtienza D(2015)ScandaleeProceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition10.5555/2755753.2755784(139-144)Online publication date: 9-Mar-2015
https://dl.acm.org/doi/10.5555/2755753.2755784
Msgna MFerradi HAkram RMarkantonakis K(2015)Secure Application Execution in Mobile DevicesLNCS Essays on The New Codebreakers - Volume 910010.1007/978-3-662-49301-4_26(417-438)Online publication date: 1-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-662-49301-4_26
Show More Cited By

Index Terms

Automatic code recognition for smart cards using a Kohonen neural network

Recommendations

Enhancing the performance of 16-bit code using augmenting instructions
Special Issue: Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool support for embedded systems (San Diego, CA).

In the embedded domain, memory usage and energy consumption are critical constraints. Dual width instruction set embedded processors such as the ARM provide a 16-bit instruction set in addition to the 32-bit instruction set to address these concerns. ...
Enhancing the performance of 16-bit code using augmenting instructions
LCTES '03: Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool for embedded systems

In the embedded domain, memory usage and energy consumption are critical constraints. Dual width instruction set embedded processors such as the ARM provide a 16-bit instruction set in addition to the 32-bit instruction set to address these concerns. ...
A study of source-level compiler algorithms for automatic construction of pre-execution code

Pre-execution is a promising latency tolerance technique that uses one or more helper threads running in spare hardware contexts ahead of the main computation to trigger long-latency memory operations early, hence absorbing their latency on behalf of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CARDIS'02: Proceedings of the 5th conference on Smart Card Research and Advanced Application Conference - Volume 5

November 2002

156 pages

Publisher

USENIX Association

United States

Publication History

Published: 21 November 2002

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
44
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mahmoud DLenders VStojilović M(2022)Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous EraACM Computing Surveys10.1145/349833755:3(1-40)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3498337
Strobel DBache FOswald DSchellenberg FPaar CNebel WAtienza D(2015)ScandaleeProceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition10.5555/2755753.2755784(139-144)Online publication date: 9-Mar-2015
https://dl.acm.org/doi/10.5555/2755753.2755784
Msgna MFerradi HAkram RMarkantonakis K(2015)Secure Application Execution in Mobile DevicesLNCS Essays on The New Codebreakers - Volume 910010.1007/978-3-662-49301-4_26(417-438)Online publication date: 1-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-662-49301-4_26
Msgna MMarkantonakis KMayes K(2014)Precise Instruction-Level Side Channel Profiling of Embedded ProcessorsProceedings of the 10th International Conference on Information Security Practice and Experience - Volume 843410.1007/978-3-319-06320-1_11(129-143)Online publication date: 5-May-2014
https://dl.acm.org/doi/10.1007/978-3-319-06320-1_11
Eisenbarth TPaar CWeghenkel B(2010)Building a side channel based disassemblerTransactions on computational science X10.5555/1985581.1985585(78-99)Online publication date: 1-Jan-2010
https://dl.acm.org/doi/10.5555/1985581.1985585
Dyrkolbotn GWold KSnekkenes E(2010)Security implications of crosstalk in switching CMOS gatesProceedings of the 13th international conference on Information security10.5555/1949317.1949347(269-275)Online publication date: 25-Oct-2010
https://dl.acm.org/doi/10.5555/1949317.1949347
Fournigault MLiardet PTeglia YTrémeau ARobert-Inacio F(2006)Reverse engineering of embedded software using syntactic pattern recognitionProceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I10.1007/11915034_76(527-536)Online publication date: 29-Oct-2006
https://dl.acm.org/doi/10.1007/11915034_76

Abstract

References

Cited By

Index Terms

Recommendations

Enhancing the performance of 16-bit code using augmenting instructions

Enhancing the performance of 16-bit code using augmenting instructions

A study of source-level compiler algorithms for automatic construction of pre-execution code

Comments

Information

Published In

Sponsors

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations