I am curious what is the current status of smart card support from the SCA perspective?
I believe, it is pretty easy to make the CW308T smart card extension board to connect it to the main CW308 UFO board.
At least, I don’t see the problems to run and communicate with the smart card in terms of physical connections:
- 3.3 V power can be provided from the main board.
- Reset can be performed by the PROG-RESET CW-lite pin.
- 3.57 Mhz clock can be provided via the FPGA-HS2 CW-lite pin.
- Ground from the main board
- I/O via FPGA-TARG1, FPGA-TARG2 CW-lite pins.
…but it is not clear, whether the ChipWhisperer API has out of the box python API to communicate (set I/O speed, interpret direct/inverse convention, etc) with a smart card.
Another unclear thing is what python API can be used to prepare an APDU message, capture the power trace after sending the APDU for processing, get the result of encryption/decryption from the smart card, and collect things together in the NumPy database.
I agree with this conclusion that this is low hanging fruit for the script kiddies like me to compromise the smart cards security.
…but at least I already know that I will not reinvent the wheel by extending CW functionality.
In my opinion, this looks a bit overengineered, especially hardware part.
BTW, what is the best option to apply the VCC glitch on the CW308T board (via CW308 UFO board)?
Connect the CW glitch port to the CW308 SMA port. If you want to measure and glitch at the same time, use a T SMA adapter on the CW308 so that you can connect both the glitch and measure cables. We provide a T adapter with our starter pack (i.e. pictured right above the 308 here: Side-Channel & Glitching Starter Pack (Level 1) - NewAE Technology Inc)
1 Like
@NewDwarf
Do you think that by glitching or analyzing the current measurement you will be able to break the security in today’s smart cards? They were all secured against so-called low-budget attacks 15 years ago. I am convinced that the chipwhisperer is a device that can be manipulated in a low budget processor. Wherever there is state-of-the-art security and someone paid a lot of money to protect sensitive data, carrying out such attacks successfully is unrealistic 
It is definitely possible to run Vcc glitch attacks against the smart card using such low budget equipment!
But you will not be able to run the SCA out of the box against most AES smart card implementation. But it is mostly the problem of creating the leakage model for the masked AES implementation.
@NewDwarf Which cards do you mean? Those used to secure sensitive content in pay-tv after 2010 have never been cracked again. These cards have very precise protection against fault injection, something that is more complicated than the well-known brown out detector. No glitches work on these cards +vcc -vcc and clks. Regarding voltage measurements, I would suggest you read the irma card hack pdf. In the document, the authors tried to break the protection against side-channel, unfortunately it turned out to be impossible due to the number of protections used. However, they found some error that allowed bypassing the implemented protections. In any case, this document clearly presents the protections used in infineon sle66p processors. I will add that this processor is very old, currently we have much newer, more advanced and complicated ones.
Maybe you mean some very old cards that are used for low-value security such as java cards? If you mean those, you can probably do a voltage glitch on them.
I personally worked with st19, sle66(don’t remember the suffix) and nxp(also don’t remember the model).
Glitch length 40-100ns perfectly worked on these cards. The main problem was glitch shape.
As I know, most pay TV operators doesn’t use the external smart cards since 10’s.