CARDIS '02 Abstract
Automatic Code Recognition for Smartcards Using a Kohonen Neural Network
Jean-Jacques Quisquater and David Samyde, Université catholique de Louvain
A processor can leak information by different
ways. Although, the possibility of attacking
smart cards by analyzing their power
consumption [Kocher] or their electromagnetic
radiations is now commonly accepted
[Gandolfi]. A lot of publications recognize
the possibility to recover the signature of
an instruction in a side channel trace. It
seems that no article demonstrate how to automate
reverse engineering of software code,
using this assumption. Our work describes
a method to recognize the instructions carried
out by the processor. In a general way,
a classifier permits to identify the right or
wrong value during the comparison of a pin
code or large parts of a software code. On a
few microcontrollers, using a classical correlation
between the power trace and a dictionary,
we show how to identify the CPU's actions.
Sometimes, silicon manufacturers hide
specific opcodes deliberately. The EM investigation
and the template attack demonstrated
by IBM, at Cryptographic Hardware
and Embedded Systems 2002, rely on multi-variate
signal processing for electromagnetic
and power traces. The method presented in
this article is based on a self organizing map.
On a CISC processor, it is then obvious to
find a hidden instruction looking for a hole or
a bad construction of the map. The case of
pipelined processors is a little bit different: as
they decode, execute, fetch, several parts of
different opcodes at the same time, it is more
difficult to recognize a specific signature.
- View the full text of this paper in PDF. Until November 2003, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.