author        = {Michael Hutter and Marcel Medwed and Daniel Hein and Johannes Wolkerstorfer},
  title         = {Attacking ECDSA-Enabled RFID Devices},
  booktitle     = {Applied Cryptography and Network Security -- ACNS 2009, 7th International Conference, Paris-Rocquencourt, France, June 2-5},
  year          = {2009},
  editor        = {Michel Abdalla and David Pointcheval and Pierre-Alain Fouque and Damien Vergnaud},
  volume        = {5536},
  series        = {Lecture Notes in Computer Science},
  pages         = {519--534},
  month         = {May},
  publisher     = {Springer},
  doi           = {10.1007/978-3-642-01957-9},
  keywords      = {Radio-Frequency Identification; RFID; Side-Channel Analysis; ECDSA; Elliptic Curve Cryptography; Implementation Security},
  url           = {http://www.springerlink.com/content/y5n63228428v6572/}, 
  abstract      = {The elliptic curve digital signature algorithm (ECDSA) is used in many devices to provide authentication. In the last few years, more and more ECDSA implementations have been proposed that allow the integration into resource-constrained devices like RFID tags. Their resistance against power-analysis attacks has not been scrutinized so far. In this article, we provide first results of power-analysis attacks on an RFID device that implements ECDSA. To this end, we designed and implemented a passive RFID-tag prototype. The core element of the prototype is a low-power ECDSA implementation realized on 180 nm CMOS technology. We performed power and electromagnetic attacks on that platform and describe an attack that successfully reveals the private-key during signature generation. Our experiments confirm that ECDSA-enabled RFID tags are susceptible to these attacks. Hence, it is important that they implement countermeasures which prevent the forging of digital signatures.}