Power analysis of atmel CryptoMemory - Recovering keys from secure EEPROMs

Abstract

Atmel CryptoMemory devices offer non-volatile memory with access control and authenticated encryption. They are used in commercial and military applications e.g. to prevent counterfeiting, to store secrets such as biometric data and cryptographic keys, and in electronic payment systems. Atmel advertises the devices as "secure against all the most sophisticated attacks, [...] including physical attacks". We developed a successful power analysis attack on the authentication step of CryptoMemory devices. Despite the physical security claims by Atmel we found that the devices are not protected against power analysis attacks, except for counters that limit the number of (failed) authentication attempts, and thus power traces, to at most three. We examined the handling of these counters and discovered a flaw that allows us to bypass them, and to obtain power traces from an unlimited number of failed authentication attempts. Our attacks need as few as 100 power traces to recover the secret 64-bit authentication keys. From measurements to full key extraction, the attacks can be carried out in less than 20 minutes on a standard laptop. Once the keys are known, an adversary can read protected contents, clone devices, and manipulate the memory at will, e.g. to set the balance of an electronic wallet. To our knowledge, this is the first power analysis attack on Atmel CryptoMemory products reported in the literature. © 2012 Springer-Verlag.