Side channel attacks against the Solo key - HMAC-SHA256 scheme

Today, two-factor authentication tokens have become more and more popular due to the increasing number of attacks against the classical user-password online authentication. This master thesis aims to assess the security of an open source security token, the Solo key, against some side channel attacks. The Solo key relies on the U2F authentication protocol from the Fido Alliance to provide a strong second factor authentication. The surface of attack found in the authentication protocol is first described. Then a measurement setup relying on EM emanations is mounted. Next the research of the POI required by the 2 strategies attempted to break part of the HMAC-SHA256 construction is described. After that four side channel attacks, three CPA with different leakage models and a template attack are launched against the HMAC-SHA256 construction. Finally, it is shown that, employing the measurement setup and the trace alignment algorithm described, the outer hash requires a greater number than 200 000 traces to be forged while one can forge the inner hash in more or less 200 000 traces.