One time password generator1/8/2023 Moradi, A., Oswald, D., Paar, C., Swierczynski, P.: Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering. Moradi, A., Kasper, M., Paar, C.: Black-Box Side-Channel Attacks Highlight the Importance of Countermeasures. Moradi, A., Barenghi, A., Kasper, T., Paar, C.: On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. ![]() Attacks on and Countermeasures for USB Hardware Token Devices Presentation at Black Hat USA 2004 (2004) Journal of Cryptographic Engineering 2(1), 63–74 (2012) Springer, Heidelberg (2008)Įlaabid, M.A., Guilley, S.: Portability of templates. blog entry (June 2012)Įisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. Springer, Heidelberg (2003)Ĭurry, S.: Don’t Believe Everything You Read. Springer, Heidelberg (2004)īright, P.: RSA finally comes clean: SecurID is compromised (June 2011)Ĭhari, S., Rao, J.R., Rohatgi, P.: Template Attacks. IACR Cryptology ePrint Archive, 501 (2009)īrier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. Springer, Heidelberg (2012)īos, J.W., Osvik, D.A., Stefan, D.: Fast Implementations of AES on Various Platforms. Springer, Heidelberg (2003)īardou, R., Focardi, R., Kawamoto, Y., Simionato, L., Steel, G., Tsay, J.-K.: Efficient padding oracle attacks on cryptographic hardware. KeywordsĪgrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM Side-Channel(s). In consequence, an adversary is able to generate valid OTPs, even after the Yubikey 2 has been returned to the owner. The attack leaves no physical traces on the device and can be performed using low-cost equipment. We show that by non-invasively measuring the power consumption and the electro-magnetic emanation of the device, an adversary is able to extract the full 128-bit AES key with approximately one hour of access to the Yubikey 2. In this paper, we analyse the susceptibility of the Yubikey 2 to side-channel attacks. ![]() This device employs an open-source protocol based on the mathematically secure AES and emulates a USB keyboard to enter the OTP in a platform-independent manner. ![]() A relatively new yet wide-spread example for an OTP token is the Yubikey 2 produced by Yubico. The token itself comprises a secret cryptographic key that, together with timestamps and counters, is used to derive a fresh OTP for each authentication. A particularly wide-spread approach provides each user with a hardware token that generates a One-Time Password (OTP) in addition to the traditional credentials. To overcome this problem, numerous solutions incorporating a second factor in the authentication process have been proposed. The classical way of authentication with a username-password pair is often insufficient: an adversary can choose from a multitude of methods to obtain the credentials, e.g., by guessing passwords using a dictionary, by eavesdropping on network traffic, or by installing malware on the system of the target user.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |