For the last six months I’ve been playing around with the idea to run differential power analysis attacks against ciphers in RFID smartcards. This became the topic of my master thesis, but due to the lack of my analogue expertise, someone else was responsible for the measurement setup which however did not work out. Consequently that part failed and I had to produce something without an adequate measurement setup. Unfortunately, the attainable results were not good enough to launch an actual attack, but sufficient to illustrate the power profile of the targeted cards. The actual result is a revised topic and a bunch of software, which I’ll release soon (bug me if not!) or already released:
- libdpa: a library for dpa preprocessing
- a Mifare DESFire implementation for the proxmark3
Furthermore, there is the presentation of the thesis (SVG), which illustrates process and design rather graphically than in words. The latter part though is handled by the official document: Design of a Framework for Side-Channel Attacks on RFID-Tags (PDF). I elaborate on the basics of RFID and Side-Channel Attacks, give an overview of the DESFire protocol (parts of which had to be reverse-engineered for thesis) and present the results of the experiments conducted, concluding that SCA on RFID-tags seems very likely to be possible with slightly improved measurement setups.