university/smartcardshue1
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add pseudocode
All checks were successful
Build Typst document / build_typst_documents (push) Successful in 8s
Details

Browse Source
This commit is contained in:
lukas-heilgenbrunner 2024-10-22 13:12:10 +02:00
parent ee745f3491
commit 6529bf97b3
2 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
main.pdf
View File

Binary file not shown.

41
main.typ
View File

@ -1,4 +1,6 @@
#import "@preview/ichigo:0.1.0": config, prob #import "@preview/ichigo:0.1.0": config, prob
#import "@preview/algorithmic:0.1.0"
#import algorithmic: algorithm
#show: config.with( #show: config.with(
course-name: "SMART CARDS & NFC", course-name: "SMART CARDS & NFC",
@ -20,9 +22,16 @@
][ ][
- The PiN_TRY_COUNTER is prone to turn off attacks. - The PiN_TRY_COUNTER is prone to turn off attacks.
Each time the chip resets the ram value of the counter is cleared and one gets basically infinite retries. Each time the chip resets the ram value of the counter is cleared and one gets basically infinite retries.
todo solution
Solution:
- Store counter in non-volatile memory eg. EEPROM, flash, eMMC.
- Store counter in a secure server backend.
- Depending on the implementation of the comparison operation, it might leak side-channel information. - Depending on the implementation of the comparison operation, it might leak side-channel information.
For example, if the comparison is done byte-wise, the attacker can determine the correct byte by comparing the time it takes to compare the bytes. For example, if the comparison is done byte-wise, the attacker can determine the correct byte by comparing the time it takes to compare the bytes.
Solution:
- Implement a constant time comparison operation.
] ]
#prob[ #prob[
@ -33,5 +42,33 @@
], ],
) )
][ ][
todo solution - The comparison of the entered pin and the reference pin is array entry wise.
If a entry doesn't match the comparison is short-handed and the function returns no match.
This is prone to a timing side-channel attack. If a pin digit matches the comparison takes longer than if it doesn't.
Solution:
- Implement a constant time comparison operation. (no comparison shorthand)
For example:
#algorithm({
import algorithmic: *
Function("Constant-Time-Compare", args: ("PIN", "Ref_PIN"), {
Cmt[Check if lengths are equal]
If(cond: $"length" ("PIN") != "length"("Ref_PIN")$, {
Return[false]
})
State[]
Cmt[Initialize result variable to 0]
Assign[$"result"$][$0$]
State[]
Cmt[Loop through each character in PIN and Ref_PIN]
For(cond: [$i=0$; $i < "length"("PIN") - 1$], {
Cmt[XOR corresponding characters and accumulate result]
Assign[$"result"$][$"result" or ("PIN"[i] xor "Ref_PIN"[i])$]
})
State[]
Cmt[Return true if result is 0, else false]
Return[$"result" == 0$]
})
})
] ]