Electronic payment fraud is considered a serious international crime by Europol. An important part of this fraud comes from payment card data skimming. This type of fraud consists of an illegal acquisition of payment card details when a user is withdrawing cash at an automated teller machine (ATM) or paying at a point of sale (POS). Modern skimming devices, also known as skimmers, use secure crypto-algorithms (e.g. Advanced Encryption Standard (AES)) to protect skimmed data stored within their memory. In order to provide digital evidence in criminal cases involving skimmers, law enforcement agencies (LEAs) must retrieve the plaintext skimmed data, generally without having knowledge of the secret key. This article proposes an alternative to the current solution at the Bundeskriminalamt (BKA) to reveal the secret key. The proposed solution is non-invasive, based on Power Analysis Attack (PAA). This article first describes the structure and the behaviour of an AES skimmer, followed by the proposal of the full operational PAA process, from power measurements to attack computation. Finally, it presents results obtained in several cases, explaining the latest improvements and providing some ideas for further developments.
[1]
Thomas S. Messerges,et al.
Using Second-Order Power Analysis to Attack DPA Resistant Software
,
2000,
CHES.
[2]
Stefan Mangard,et al.
Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers
,
2006,
CT-RSA.
[3]
Siva Sai Yerubandi,et al.
Differential Power Analysis
,
2002
.
[4]
Philip Turner,et al.
Forensic data recovery and examination of magnetic swipe card cloning devices
,
2007
.
[5]
Marc Joye,et al.
Cryptographic hardware and embedded systems - CHES 2004 : 6th International Workshop, Cambridge, MA, USA, August 11-13, 2004 : proceedings
,
2004
.
[6]
Nidhal Selmane.
Attaques en fautes globales et locales sur les cryptoprocesseurs : mise en oeuvre et contremesures
,
2010
.
[7]
Stefan Mangard,et al.
Power analysis attacks - revealing the secrets of smart cards
,
2007
.