preloader

LEIA by H2Lab: a Laboratory Smart card Analyzer

  • Tuesday, Jun 2, 2020
blog-image

Shop opened: see the H2Lab shop page for more informations!!!


What is LEIA?

LEIA is an open hardware and open source device targeting smart card side-channel analysis (SCA) and evaluation, for educational and evaluation purpose. It implements a fully controlled ISO7816 stack with a dedicated custom hardware platform to acquire clean measurements for SCA characterization.

The LEIA board is made of two main parts: a STM32 MCU that contains the firmware handling the ISO7816-3 stack, and the ISO7816-3 connector that communicates with the target smart card (i.e. handling the physical connection) and is isolated with optocouplers for clean measurements. Having a fully controlled ISO7816 stack allows to position precise triggers at dedicated events (sending an APDU, receiving the response, etc.), which helps to get synchronized traces of smart card consumption activity (and then analyze and extract secrets using classical SCA techniques). Low-level access to the ISO7816-3 protocol also allows to explore interesting paths such as smart cards conformity checks and so on. With this versatility in mind, We have tried to make the implementation to cover as much as possible of the specification (T=0 and T=1, PTS negotiation, etc.).

A big advantage of the LEIA board is also its software ecosystem: it is compatible with the ChipWhisperer SDK, and the board can be driven from a PC using an UART TTL or an USB connection with high level and easy to use Python library and scripts.

NOTE: More technical information will be soon provided in a dedicated blog post.

Board remix

Hardware redesign and optimization step

The H2Lab LEIA project is based on the original LEIA board, as published in the SSTIC 2019 conference. The original Leia board design was the following:

leia-orig

This design was made to work in association with the CW308 extention board of the ChipWhisperer SDK. This constraint requires to buy the CW308 extention board and make the Leia hardware design more expensive. As a consequence, various updates have been made on the original LEIA project:

  • The LEIA board has been remixed to reduce the overall production cost and to provide both standalone (denoted Solo) and ChipWhisperer 20 pins interface compatible modes. This makes the Chipwhisperer CW308 board no more required.
  • The power supply domains are kept but can be linked using a jumper in case of Solo mode if the user doesn’t provide an external power supply, through a single USB port to reduce the required additional hardware.
  • The form factor is no more constrained by the CW308, reducing the board size.
  • A supplementary trigger I/O has been added on the reader side to allow the connection of supplementary measurement or active tools.

The LEIA software has also been updated:

  • The Solo mode is enhanced, including the tooling
  • The firmware is to be USB DFU compatible, to make firmware updates easier. The SWD interface is kept for debugging and development purpose
  • The project documentation is to be upgraded accordingly
  • A smartcard reader mode has been added, associated to PC/SC daemon to use Leia as a smartcard reader transparently
  • Host-side software is being packaged for Debian and Debian derivatives

The new board is designed as follows:

leia-new

Supported features

The new LEIA board is versatile and supports multiple features:

leia-new

Smartcard communication

  • Hardware based ISO7816 stack supporting both ISO7816-3 T=0 and ISO7816-3 T=1
  • BitBanged ISO7816 stack allowing to fully control the communication
  • Timing measurement between ISO7816 transaction
  • PTS negotiation (flexible ETU selection)
  • ISO7816 clock frequency tuning

Triggering

  • Up to 4 trigger strategies, each one on 10 possible trigger events corresponding to classical ISO7816 elements (beginning of ATR, end of ATR, sending an APDU and receiving a response, etc.).
  • The triggers also have a configurable delay, and support a ‘single’ mode.
  • All the triggers states (number of observed triggers, etc.) can be recovered.
  • Dedicated trigger pin in SOLO mode (standalone mode)
  • ChipWhisperer triggering through the 20-pins standard interface

Power analysis and glitching

  • USB-powered mode with octocouplers for more efficient measurements
  • Direct power mode (external controled power supply not delivered)

Smartcard reader mode

  • Fully integrated with PC/SC, which allows to use LEIA as a classical smart card reader.

Open-Source and Open-Hardware

A big advantage of the LEIA board is also its software ecosystem: it is compatible with the NewAE Technology Inc. ChipWhisperer SDK, and the board can be driven from a PC an USB connection with high level and easy to use Python library and scripts. The LEIA project is fully Open-Source and Open-Hardware. All the software components aims to be published:

  • LEIA firmware
  • LEIA host-part tooling (python API, PC/SC backend support)
  • ChipWhisperer SDK add-on
  • Smart Card demonstration applet

The board hardware design will be published on the H2Lab github repository at the end of the Kickstarter campaigns.

Board Production steps

The Leia by H2Lab production follows the H2Lab production mechanism described in H2Lab production page. See this page for more complete information about each production step.

   
Preparation Stage Status
Initial device design check done
Hardware redesign and optimization done
Software stack check done
Industrialization constraints done
   
Production Stage Status
Cost calculation done
New board samples testing notdone
Crowdfunding start notdone
Shop integration notdone
   
Post-Production Stage Status
Board validation notdone
packaging and delivery notdone
   
KICKSTARTER START TIME 11 September 2020->not enough sponsors
SHOP INTEGRATION 4 November 2020
1ST BATCH RECEPTION 1 March 2021
1ST BATCH FULL VAIDATION COMPLETED 17 March 2021
   

External references

The LEIA board has been presented by the ANSSI team who made it in 2019. The presentation of the video (in french) can be found here.

The conference article (in english) and presentation (in french) are also accessible on the conference website.

Questions ?

Any questions, remarks ? Contact us on any of our social networks or communications interfaces !