• DocumentCode
    3349007
  • Title

    SPA-based Security Evaluation of RSA Implementation in Internet Banking USB Token

  • Author

    Zhou, Yuanyuan ; Guo, Shize

  • Author_Institution
    G&D (China) Inf. Technol. Co., Ltd., Beijing, China
  • fYear
    2011
  • fDate
    21-23 Oct. 2011
  • Firstpage
    499
  • Lastpage
    503
  • Abstract
    Almost all the commercial banks in China use USB Token with RSA-coprocessor tamper-resistant crypto-device to ensure the security of Internet Banking transactions. To evaluate the security of such Tokens objectively, finished practical SPA (Simple Power Analysis) attack on four kinds of USB Token from different suppliers in this paper, and all the correct RSA private keys were gotten successfully although the Tokens use different Montgomery or Sliding-Window implementations. This paper also presents some simple countermeasures against such attack.
  • Keywords
    Internet; banking; public key cryptography; Internet banking USB Token; Internet banking transactions; Montgomery implementations; RSA implementation; RSA private keys; RSA-coprocessor tamper-resistant crypto-device; SPA-based security evaluation; commercial banks; sliding-window implementations; Cryptography; Hardware; Integrated circuits; Online banking; Power demand; Universal Serial Bus; Internet Banking; RSA; SPA; Side-Channel Attack; USB Token;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Instrumentation, Measurement, Computer, Communication and Control, 2011 First International Conference on
  • Conference_Location
    Beijing
  • Print_ISBN
    978-0-7695-4519-6
  • Type

    conf

  • DOI
    10.1109/IMCCC.2011.130
  • Filename
    6154155
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3349007