Options
2014
Conference Paper
Titel
Don't push it: Breaking iButton security
Abstract
Maxims iButtons are small portable (steel) tokens that can be attached to objects (e.g., keys, fobs) and are deployed in various applications from access control to devices and buildings to asset management and electronic cash. So far, the security and privacy aspects of iButtons have been widely unexplored. The so-called Secure iButtons are advocated for security critical applications for e.g., micropayment, authentication or feature activation. In this paper we present for the first time a detailed security analysis of the Secure iButtons DS1963S. Although no technical details are publicly available, Secure iButtons have a variety of physical and cryptographic built-in measures to protect against physical tampering as well as unauthorized access to cryptographic material. We developed methods to bypass all these protection mechanisms of the manufacturer. We present a differential fault attack and implementation attack on the SHA-1-enabled iButton (DS1963S chip). Beside the emulation and impersonation, our attacks succeed in extracting the secret keys stored in the iButton. Our methods allow an infinite rollback to the initial state, which is crucial when targeting micropayment systems based on iButtons. We also demonstrate our attacks on Maxims reference platform of a micropayment system. Our best attack requires a minimal financial invest and take less than ten minutes, including target preparation, while the pure attack on all eight 64-bit keys is completed in a few seconds.