サイドチャネル攻撃に対する安全性評価の研究動向とEMVカード固有の留意点

Size: px

Start display at page:

Download "サイドチャネル攻撃に対する安全性評価の研究動向とEMVカード固有の留意点"

ゆずさますはら
5 years ago
Views:

1 EMV IC IC 20 IC EMV IC EMV IC EMV / /

1. IC 2011 40 1 IC IC ATM 23.0 91.4 2012 8 ATM IC IC IC IC IC 65.6 63.

2 1. IC IC IC ATM ATM IC IC IC IC IC IC IC SEPA 1 IC SEPA IC IC 2 1 IC Single Euro Payments Area EU 34 2SEPA IC IC IC IC 108 /

3 EMV European Payment Council: EPC [2011] 1 VISA IC VISA [2011] IC IC IC Kocher [1995] 2000 Eisenbarth et al. [2008] Oswald and Paar [2011] CMVP JCMVP ISO/IEC Common Criteria Liability Shift IC IC IC 4 VISA [2011] IBM µ ABYSS Anderson [2008] Chap.4 6CMVP Cryptographic Module Validation Program JCMVP Japan Cryptographic Module Validation Program URL CMVP JCMVP 109

4 CMVP JCMVP 1 7 Common Criteria 8 IC IC EMV 9 IC EMV EMV 2. IC Covert channel attack 8 Joint Interpretation Library [2013]. 9EMV Europay International MasterCard International Visa International 2011 EMV 4.3 EMVCo [2011a, b, c, d] /

EMV 2 1 IC 11 12 2. IC 3 1980 Anderson [2008] Chap. 4 4 IC IC.

5 EMV 2 1 IC IC Anderson [2008] Chap. 4 4 IC IC invasive attack non-invasive attack

6 3 IC IC Skorobogatov [2005] Bellcore [1996] Boneh, DeMillo, and Liption [1997] /

7 EMV IC Kocher [1995, 1996] PC 113

8 A 1 B a 14 RSA 7 b A 1 2 B /

9 EMV 8 B IC 8 a CMOS 8 b AES 8 c r t+1 r t t

10 9 IC DES Kocher, Jaffe, and Jun [1999] Kocher, Jaffe, and Jun [1998, 1999] Gandolfi, Mourtel, and Olivier [2001] Kocher [1996] trace 16 Genkin, Shamir, and Tromer [2014] 116 /

11 EMV Common Criteria a 0 A B 12 b

12 11 Joint Interpretation Library [2013] /

13 EMV 3. IC N 13 i ii

14 N N Goodwill, Jun, Jaffe, and Rohatgi [2011], Jaffe and Rohatgi [2011]. 120 /

15 EMV Mizuno et al. [2014] 15 S Z S+Z S Z C = 1 ( 2 log S ) [bit/sample] Z

16 /

17 EMV Step 1. 2 Step 2. Step 3. Step 4. Step ,

18 4. EMV EMV EMV EMV 1 EMV POS ATM MAC MAC 18 SK 1 PK 1 EMV 22 RSA SK 1 /PK 1 PK 1 SK 2 /PK Message Authentication Code EMV Application Cryptogram Generation 21 MAC EMV 22 Dynamic Data Authentication EMV Static Data Authentication 23 EMV SK 1 /PK 1 SK 2 /PK /

19 EMV 18 PIN PK 2 SK 2 PIN EMV PIN RSA MAC 1 MAC MAC SK 3 MAC MAC SK 3 MAC MAC SK 3 3 SK 3 MAC EMV MAC AES 125

20 2 EMV 19 EMV SK 1 /PK 1 SK 2 /PK 2 SK 3 /PK 3 PIN 3 MAC POS SK 1 POS PIN POS POS Murdoch et al. [2010] /

21 EMV PIN POS PIN MAC SK 3 MAC MAC SK 1 SK 2 SK 3 PIN MAC MAC ATM IC Box Box ATM IC IC PIN ATM IC PIN 3 1 IC IC 2 Match on Card ATM PIN 3 PIN ATM ATM PIN PIN 2 IC PIN 127

22 3 EMV EMV 3 SK 1 SK 2 SK 3 SK 1 POS 25 SK 1 SK 2 MAC MAC MAC MAC SK 3 SK 3 SK 3 EMV SK 3 EMV SK 3 26 SK 3 SK 3 POS 1 MAC ,536 = 2 16 EMV SK 3 MAC SK Man-in-the-Middle 26 EMV Application Transaction Counter 128 /

23 EMV 20 EMV 21 EMV MAC 2 1 EMV 1 Issuer Script 5. IC IC 129

24 20 IC IC IC 130 /

25 EMV enc/cryptrec/fy15/doc/c02_2.pdf IC LSI IC topics_37.html download/inv_05_ pdf IC jdm.pdf Vol. 64, No Vol. 57, No Vol. 49, No A Anderson, Ross, Security Engineering Second Edition, Wiley,

26 Bellcore, Now, Smart Cards Can Leak Secrets, Bellcore Media Advisory, 25 Sept Boneh, Dan, Richard A. DeMillo, and Richard J. Liption, On the Importance of Checking Cryptographic Protocols for Faults, EUROCRYPT 97, Lecture Notes in Computer Science (LNCS), Vol. 1233, 1997, pp Eisenbarth, Thomas, Timo Kasper, Amir Moradi, Christof Paar, Mahmoud Salmasizadeh, and Mohammad T. Manzuri Shalmani, On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme, CRYPTO 2008, LNCS, Vol. 5157, 2008, pp EMVCo, EMV 4.3 Book 1 Application Independent ICC to Terminal Interface Requirements, EMVCo, 2011a., EMV 4.3 Book 2 Security and Key Management, EMVCo, 2011b., EMV 4.3 Book 3 Application Specification, EMVCo, 2011c., EMV 4.3 Book 4 Cardholder, Attendant, and Acquirer Interface Requirements, EMVCo, 2011d. European Payments Council (EPC), Resolution: Preventing Card Fraud in a mature EMV Environment, Doc EPC424-10, 31 Jan., Gandolfi, Karine, Christophe Mourtel, and Francis Olivier, Electromagnetic analysis: concrete results, Cryptographic Hardware and Embedded Systems (CHES) 2001, LNCS, Vol. 2162, 2001, pp Genkin, Daniel, Adi Shamir, and Eran Tromer, RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, CRYPTO 2014, LNCS, Vol. 8616, 2014, pp Goodwill, Gilbert, Benjamin Jun, Josh Jaffe, and Pankaj Rohatgi, A Testing Methodology for Side-channel Resistance Validation, Non-Invasive Attack Testing Workshop (NIAT), Jaffe, Josh, and Pankaj Rohatgi, Efficient side-channel testing for public key algorithms: RSA case study, NIAT, Joint Interpretation Library, Application of Attack Potential of Smartcards, version 2.9, Kocher, Paul C., Crytptanalysis of Diffie-Hellman, RSA, DSS, and Other Systems Using Timing Attacks, extended abstract, 1995., Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, CRYPTO 96, LNCS, Vol. 1109, 1996, pp , Joshua Jaffe, and Benjamin Jun, Introduction to Differential Power Analysis and Related Attacks, 1998.,,and, Differential Power Analysis, CRYPTO 99, LNCS, Vol. 1666, 1999, pp /

27 EMV Mizuno, Hiroaki, Keisuke Iwai, Hidema Tanaka, and Takakazu Kurokawa, Analysis of Side-Channel Attack Based on Information Theory, IEICE Transactions on Fundamentals of Electromics, E97-A 7, 2014, pp Murdoch, Steven J., Saar Drimer, Ross Anderson, and Mike Bond, Chip and PIN is Broken, 2010 IEEE Symposium on Security and Privacy, Oswald, David, and Christof Paar, Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World, CHES 2011, LNCS, Vol. 6917, 2011, pp Skorobogatov, Sergei P., Semi-invasive attacks A new approach to hardware security analysis, University of Cambridge Computer Laboratory Technical Report, UCAM-CL- TR-630, VISA, Visa Announce U.S. Participation in Global Point-of-Sale Counterfeit Liability Shift, VISA BULLETIN, 9 Aug.,

28 134 /

ICカード利用システムにおいて新たに顕現化したPre-play attackとその対策

ICカード利用システムにおいて新たに顕現化したPre-play attackとその対策 IC Pre-play attack IC IC IC EMV EMV 1 IC IC Pre-play attack ATM Pre-play attack Pre-play attack IC EMV Pre-play attack... E-mail: hidemitsu.izawa@boj.or.jp E-mail: katsuhisa.hirokawa@boj.or.jp / /2015.10