@inproceedings{Korak2012AttackingAnAES,
  author        = {Thomas Korak and Thomas Plos and Michael Hutter},
  title         = {Attacking an AES-enabled NFC Tag - Implications from Design to a Real-World Scenario},
  booktitle     = {Constructive Side-Channel Analysis and Secure Design -- COSADE 2012, 3rd International Workshop, Darmstadt, Germany, May 3-4},
  year          = {2012},
  editor        = {Schindler, Werner and Huss, SorinA.},
  volume        = {7275},
  series        = {Lecture Notes in Computer Science},
  pages         = {17--32},
  publisher     = {Springer},
  doi           = {10.1007/978-3-642-29912-4_2},
  isbn          = {978-3-642-29911-7},
  keywords      = {Radio Frequency Identification (RFID), Advanced Encryption Standard (AES), Side-Channel Analysis, Differential Poweer Analysis (DPA), Differential Electromagnetic Analysis (DEMA)},
  url           = {http://dx.doi.org/10.1007/978-3-642-29912-4_2},
  abstract      = {Radio-frequency identication (RFID) technology is the enabler for applications like the future internet of things (IoT), where security plays an important role. When integrating security to RFID tags, not only the cryptographic algorithms need to be secure but also their implementation. In this work we present differential power analysis (DPA) and dierential electromagnetic analysis (DEMA) attacks on a security-enabled RFID tag. The attacks are conducted on both an ASIC-chip version and on an FPGA-prototype version of the tag. The design of the ASIC version equals that of commercial RFID tags and has analog and digital part integrated on a single chip. Target of the attacks is an implementation of the Advanced Encryption Standard (AES) with 128-bit key length and DPA countermeasures. The countermeasures are shuffing of operations and insertion of dummy rounds. Our results illustrate that the effort for successfully attacking the ASIC chip in a real-world scenario is only 4.5 times higher than for the FPGA prototype in a laboratory environment. This let us come to the conclusion that the effort for attacking contactless devices like RFID tags is only slightly higher than that for contact-based devices. The results further underline that the design of countermeasures like the insertion of dummy rounds has to be done with great care, since the detection of patterns in power or electromagnetic traces can be used to signicantly lower the attacking effort.}
}