DOCSLIB.ORG

Physical Key Extraction Attacks On

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Physical Key Extraction Attacks On contributed articles DOI:10.1145/2851486 needs to never output it or anything that Computers broadcast their secrets via may reveal it. (The operating system may be misused to allow someone else’s inadvertent physical emanations that process to peek into the program’s are easily measured and exploited. memory or files, though we are getting better at avoiding such attacks, too.) BY DANIEL GENKIN, LEV PACHMANOV, ITAMAR PIPMAN, Yet programs’ control over their ADI SHAMIR, AND ERAN TROMER own outputs is a convenient fiction, for a deeper reason. The hardware run- ning the program is a physical object and, as such, interacts with its envi- ronment in complex ways, including Physical electric currents, electromagnetic fields, sound, vibrations, and light emissions. All these “side channels” may depend on the computation per- Key Extraction formed, along with the secrets within it. “Side-channel attacks,” which ex- ploit such information leakage, have been used to break the security of nu- merous cryptographic implementa- Attacks on PCs tions; see Anderson,2 Kocher et al.,19 and Mangard et al.23 and references therein. Side channels on small devices. Many past works addressed leakage from small devices (such as smart- cards, RFID tags, FPGAs, and simple embedded devices); for such devices, CRYPTOGRAPHY IS UBIQUITOUS. Secure websites and physical key extraction attacks have financial, personal communication, corporate, and been demonstrated with devastating effectiveness and across multiple phys- national secrets all depend on cryptographic algorithms ical channels. For example, a device’s operating correctly. Builders of cryptographic systems power consumption is often correlated with the computation it is currently ex- have learned (often the hard way) to devise algorithms ecuting. Over the past two decades, this and protocols with sound theoretical analysis, physical phenomenon has been used write software that implements them correctly, extensively for key extraction from small devices,19,23 often using power- and robustly integrate them with the surrounding ful techniques, including differential applications. Consequentially, direct attacks against power analysis.18 state-of-the-art cryptographic software are getting key insights increasingly difficult. ˽ Small differences in a program’s data For attackers, ramming the gates of cryptography is can cause large differences in acoustic, electric, and electromagnetic emanations not the only option. They can instead undermine the as the program runs. fortification by violating basic assumptions made by ˽ These emanations can be measured through inexpensive equipment and used the cryptographic software. One such assumption is to extract secret data, even from fast and software can control its outputs. Our programming complex devices like laptop computers and mobile phones. courses explain that programs produce their outputs ˽ Common hardware and software are through designated interfaces (whether print, write, vulnerable, and practical mitigation of these risks requires careful application- send, or mmap); so, to keep a secret, the software just specific engineering and evaluation. 70 COMMUNICATIONS OF THE ACM | JUNE 2016 | VOL. 59 | NO. 6 The electromagnetic emanations emanations from transistors, as they transistors, on a motherboard with other from a device are likewise affected by the switch state, are exploitable as a side circuitry and peripherals, running an computation-correlated currents inside channel for reading internal registers operating system and handling various it. Starting with Agrawal et al.,1 Gandolfi leading and extracting keys.29 asynchronous events. All these intro- et al.,11 and Quisquater and Samyde,28 See Anderson2 for an extensive sur- duce complexity, unpredictability, and such attacks have been demonstrated vey of such attacks. noise into the physical emanations as on numerous small devices involving Vulnerability of PCs. Little was the cryptographic code executes. various cryptographic implementations. known, however, about the possibility Second is speed. Typical side-chan- Optical and thermal imaging of cir- of cryptographic attacks through physi- nel techniques require the analog leak- cuits provides layout information and cal side channels on modern commod- age signal be acquired at a bandwidth coarse activity maps that are useful for ity laptop, desktop, and server com- greater than the target’s clock rate. reverse engineering. Miniature probes puters. Such “PC-class” computers (or For PCs running GHz-scale CPUs, this can be used to access individual inter- “PCs,” as we call them here) are indeed means recording analog signals at nal wires in a chip, though such tech- very different from the aforementioned multi-GHz bandwidths requiring ex- niques require invasive disassembly small devices, for several reasons. pensive and delicate lab equipment, in of the chip package, as well as con- First, a PC is a very complex environ- addition to a lot of storage space and IMAGE BY IWONA USAKIEWICZ/ANDRIJ BORYS ASSOCIATES BORYS USAKIEWICZ/ANDRIJ IWONA BY IMAGE siderable technical expertise. Optical ment—a CPU with perhaps one billion processing power. JUNE 2016 | VOL. 59 | NO. 6 | COMMUNICATIONS OF THE ACM 71 contributed articles Figure 1. An acoustic attack using a parabolic microphone (left) on a target laptop (right); various trade-offs among attack range, keys can be extracted from a distance of 10 meters. speed, and equipment cost. The follow- ing sections explore our findings, as pub- lished in several recent articles.12,15,16 Acoustic. The power consumption of a CPU and related chips changes dras- tically (by many Watts) depending on the computation being performed at each moment. Electronic compo- nents in a PC’s internal power supply, struggling to provide constant voltage to the chips, are subject to mechani- cal forces due to fluctuations of volt- ages and currents. The resulting vi- brations, as transmitted to the ambient air, create high-pitched acoustic noise, known as “coil whine,” even though it of- ten originates from capacitors. Because this noise is correlated with the ongo- Figure 2. Measuring the chassis potential by touching a conductive part of the laptop; ing computation, it leaks information the wristband is connected to signal-acquisition equipment. about what applications are running and what data they process. Most dramati- cally, it can acoustically leak secret keys during cryptographic operations. By recording such noise while a target is using the RSA algorithm to decrypt ciphertexts (sent to it by the attacker), the RSA secret key can be ex- tracted within one hour for a high-grade 4,096-bit RSA key. We experimentally demonstrated this attack from as far as 10 meters away using a parabolic micro- phone (see Figure 1) or from 30cm away through a plain mobile phone placed next to the computer. Electric. While PCs are typically grounded to the mains earth (through their power supply “brick,” or ground- ed peripherals), these connections are, in practice, not ideal, so the elec- tric potential of the laptop’s chassis A third difference involves attack many other effects can be used to fluctuates. These fluctuations depend scenarios. Traditional techniques for glean sensitive information across the on internal currents, and thus on the side-channel attacks require long, un- boundaries between processes or even ongoing computation. An attacker interrupted physical access to the target virtual machines. Here, we focus on can measure the fluctuations directly device. Moreover, some such attacks physical attacks that do not require de- through a plain wire connected to a involve destructive mechanical intru- ployment of malicious software on the conductive part of the laptop, or in- sion into the device (such as decapsu- target PC. directly through any cable with a con- lating chips). For small devices, these Our research thus focuses on two ductive shield attached to an I/O port scenarios make sense; such devices main questions: Can physical side- on the laptop (such as USB, Ethernet, are often easily stolen and sometimes channel attacks be used to nonintru- display, or audio). Perhaps most sur- even handed out to the attacker (such sively extract secret keys from PCs, prising, the chassis potential can be as in the form of cable TV subscription despite their complexity and operating measured, with sufficient fidelity, cards). However, when attacking other speed? And what is the cost of such at- even through a human body; human people’s PCs, the attacker’s physical tacks in time, equipment, expertise, attackers need to touch only the tar- access is often brief, constrained, and and physical access? get computer with a bare hand while must proceed unobserved. Results. We have identified multiple their body potential is measured (see Note numerous side channels in side channels for mounting physical Figure 2). PCs are known at the software level; key-extraction attacks on PCs, appli- This channel offers a higher band- timing,8 cache contention,6,26,27 and cable in various scenarios and offering width than the acoustic one, allowing 72 COMMUNICATIONS OF THE ACM | JUNE 2016 | VOL. 59 | NO. 6 contributed articles observation of the effect of individual TEMPEST. Most of this work remains prone to side-channel leakage due to key bits on the computation. RSA and classified. What little is declassified their physical nature and lower operat- ElGamal keys can thus be extracted confirms the existence and risk of ing speed; for example, acoustic noise from a signal obtained from just a few physical information leakage but says from keyboards can reveal keystrokes,3 seconds of measurement, by touching nothing about the feasibility of the key printer-noise printed content,4 and sta- a conductive part of the laptop’s chas- extraction scenarios discussed in this tus LEDs data on a communication sis, or by measuring the chassis po- article. Acoustic leakage, in particular, line.22 Computer screens inadvertently tential from the far side of a 10-meter- has been used against electromechan- broadcast their content as “van Eck” long cable connected to the target’s ical ciphers (Wright31 recounts how electromagnetic radiation that can be I/O port.
Load more

Recommended publications
  • Future EW Capabilities
    CRITICAL UNCLASSIFIED INFORMATION Future EW Capabilities COL Daniel Holland, ACM-EW Director [email protected] 706-791-8476 CRITICAL17 UNCLASSIFIEDAug 2021 INFORMATION Future Army EW Capabilities AISR Target identification, geo-location, and advanced non-kinetic effects delivery for the MDO fight. HELIOS (MDSS) Altitude 60k’ EW Planning and Management Tool LOS 500 kms (nadir 18 kms) HADES (MDSS) Altitude 40k+’ UAV LOS 400 kms Spectrum Analyzer MFEW Air Large MFEW Air Small Altitude 15k-25k’ Altitude 2500-8000’ LOS 250-300 kms LOS 100-150 kms C2 Counter Fire XX Radar SAM SRBM MEMSS C2 TT Radar Tech Effects CP TA Radar C2 AISR – Aerial ISR DEA – Defensive Electromagnetic Attack GSR- Ground Surveillance Radar TA Radar ERCA – Extended Range Cannon Artillery FLOT – Forward Line of Troops IFPC – Indirect Fire Protection Capability GMLS-ER – Guided Multiple Launch Rocket System Extended Rng UGS HADES – High Accuracy Detection & Exploitation System HELIOS – High altitude Extended range Long endurance Intel Observation System LOS – Line of Sight MDSS – Multi-Domain Sensor System MEMSS - Modular Electromagnetic Spectrum System TLS EAB MFEW – Multifunction Electromagnetic Warfare Ground to Air TLS BCT M-SHORAD – Mobile Short Range Air Defense Close fight TLS – Terrestrial Layer System 30km 70km 150km TT – Target Tracking 500km FLOT THREAT TA – Target Acquisition PrSM Ver 14.6 – 30 Jul 21 155mm ERCA GMLS-ER UGS – Unmanned Ground System AREA UNCLASSIFIED Electronic Warfare Planning and Management Tool (EWPMT) Electromagnetic Warfare/Spectrum
    [Show full text]
  • Electromagnetic Side Channels of an FPGA Implementation of AES
    Electromagnetic Side Channels of an FPGA Implementation of AES Vincent Carlier, Herv´e Chabanne, Emmanuelle Dottax and Herv´e Pelletier SAGEM SA Abstract. We show how to attack an FPGA implementation of AES where all bytes are processed in parallel using differential electromag- netic analysis. We first focus on exploiting local side channels to isolate the behaviour of our targeted byte. Then, generalizing the Square at- tack, we describe a new way of retrieving information, mixing algebraic properties and physical observations. Keywords: side channel attacks, DEMA, FPGA, AES hardware im- plementation, Square attack. 1 Introduction Side channel attacks first appear in [Koc96] where timing attacks are de- scribed. This kind of attack tends to retrieve information from the secret items stored inside a device by observing its behaviour during a crypto- graphical computation. In a timing attack, the adversary measures the time taken to perform the computations and deduces additionnal information about the cryptosystems. Similarly, power analysis attacks are introduced in [KJJ99] where the attacker wants to discover the secrets by analysing the power consumption. Smart cards are targets of choice as their power is sup- plied externally. Usually we distinguish Simple Power Analysis (SPA), that tries to gain information directly from the power consumption, and Differ- ential Power Analysis (DPA) where a large number of traces are acquired and statistically processed. Another side channel is the one that exploits the Electromagnetic (EM) emanations. Indeed, these emanations are correlated with the current flowing through the device. EM leakage in a PC environ- ment where eavesdroppers reconstruct video screens has been known for a 1 long time [vE85], see also [McN] for more references.
    [Show full text]
  • Exploiting Switching Noise for Stealthy Data Exfiltration from Desktop Computers
    Your Noise, My Signal: Exploiting Switching Noise for Stealthy Data Exfiltration from Desktop Computers Zhihui Shao∗ Mohammad A. Islam∗† Shaolei Ren University of California, Riverside University of Texas at Arlington University of California, Riverside [email protected] [email protected] [email protected] ABSTRACT program’s usage pattern of CPU resources, if detected by another Attacks based on power analysis have been long existing and stud- program, can be modulated for information transfer between the ied, with some recent works focused on data exfiltration from victim two [50, 57]. Consequently, to mitigate data theft risks, enterprise systems without using conventional communications (e.g., WiFi). users commonly have restricted access to outside networks — all Nonetheless, prior works typically rely on intrusive direct power data transfer from and to the outside is tightly scrutinized. measurement, either by implanting meters in the power outlet or Nevertheless, such systems may still suffer from data exfiltration tapping into the power cable, thus jeopardizing the stealthiness of at- attacks that bypass the conventional communications protocols tacks. In this paper, we propose NoDE (Noise for Data Exfiltration), (e.g., WiFi) by transforming the affected computer into a transmitter a new system for stealthy data exfiltration from enterprise desk- and establishing a covert channel. For example, the transmitting top computers. Specifically, NoDE achieves data exfiltration over computer can modulate the intensity of the generated acoustic a building’s power network by exploiting high-frequency voltage noise by varying its cooling fan or hard disk spinning speed to ripples (i.e., switching noises) generated by power factor correction carry 1/0 bit information (e.g., a high fan noise represents “1” and circuits built into today’s computers.
    [Show full text]
  • Conductive Concrete’ Shields Electronics from EMP Attack
    ‘Conductive concrete’ shields electronics from EMP attack November 14, 2016 Credit: Craig Chandler/University Communication/University of Nebraska-Lincoln An attack via a burst of electromagnetic energy could cripple vital electronic systems, threatening national security and critical infrastructure, such as power grids and data centers. The technology is ready for commercialization, and the University of Nebraska-Lincoln has signed an agreement to license this shielding technology to American Business Continuity Group LLC, a developer of disaster-resistant structures. Electromagnetic energy is everywhere. It travels in waves and spans a wide spectrum, from sunlight, radio waves and microwaves to X- rays and gamma rays. But a burst of electromagnetic waves caused by a high-altitude nuclear explosion or an EMP device could induce electric current and voltage surges that cause widespread electronic failures. "EMP is very lethal to electronic equipment," said Tuan, professor of civil engineering. "We found a key ingredient that dissipates wave energy. This technology oöers a lot of advantages so the construction industry is very interested." EMP-shielding concrete stemmed from Tuan and Nguyen's partnership to study concrete that conducts electricity. They ñrst developed their patented conductive concrete to melt snow and ice from surfaces, such as roadways and bridges. They also recognized and conñrmed it has another important property – the ability to block electromagnetic energy. Their technology works by both absorbing and reòecting electromagnetic waves. The team replaced some standard concrete aggregates with their key ingredient – magnetite, a mineral with magnetic properties that absorbs microwaves like a sponge. Their patented recipe includes carbon and metal components for better absorption as well as reòection.
    [Show full text]
  • Analysis of EM Emanations from Cache Side-Channel Attacks on Iot Devices
    Analysis of EM Emanations from Cache Side-Channel Attacks on IoT Devices Moumita Dey School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, USA [email protected] Abstract— As the days go by, the number of IoT devices are growing exponentially and because of their low computing capabilities, they are being targeted to perform bigger attacks that are compromising their security. With cache side channel attacks increasing on devices working on different platforms, it is important to take precautions beforehand to detect when a cache side channel attack is performed on an IoT device. In this paper, the FLUSH+RELOAD attack, a popular cache side channel attack, is first implemented and the proof of concept is demonstrated on GnuPG RSA and bitcnts benchmark of MiBench suite. The effects it has are then seen through EM emanations of the device under different conditions. There was distinctive activity observed due to FLUSH+RELOAD attack, which can be identified by profiling the applications to be monitored. INTRODUCTION Fig. 1. IoT devices demand trend [1] The Internet of Things (IoT) is the next frontier in technology, and there’s already several companies trying to capitalize it. Its a network of products that are connected to the Internet, thus they have their own IP address and can GitHub, Netflix, Shopify, SoundCloud, Spotify, Twitter, and connect to each other to automate simple tasks. As prices a number of other major websites. This piece of malicious of semiconductor fall and connectivity technology develops, code took advantage of devices running out-of-date versions more machines are going online.
    [Show full text]
  • Some Words on Cryptanalysis of Stream Ciphers Maximov, Alexander
    Some Words on Cryptanalysis of Stream Ciphers Maximov, Alexander 2006 Link to publication Citation for published version (APA): Maximov, A. (2006). Some Words on Cryptanalysis of Stream Ciphers. Department of Information Technology, Lund Univeristy. Total number of authors: 1 General rights Unless other specific re-use rights are stated the following general rights apply: Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Read more about Creative commons licenses: https://creativecommons.org/licenses/ Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. LUND UNIVERSITY PO Box 117 221 00 Lund +46 46-222 00 00 Some Words on Cryptanalysis of Stream Ciphers Alexander Maximov Ph.D. Thesis, June 16, 2006 Alexander Maximov Department of Information Technology Lund University Box 118 S-221 00 Lund, Sweden e-mail: [email protected] http://www.it.lth.se/ ISBN: 91-7167-039-4 ISRN: LUTEDX/TEIT-06/1035-SE c Alexander Maximov, 2006 Abstract n the world of cryptography, stream ciphers are known as primitives used Ito ensure privacy over a communication channel.
    [Show full text]
  • Key Update Countermeasure for Correlation-Based Side-Channel Attacks
    Key Update Countermeasure for Correlation-Based Side-Channel Attacks Yutian Gui, Suyash Mohan Tamore, Ali Shuja Siddiqui & Fareena Saqib Journal of Hardware and Systems Security ISSN 2509-3428 J Hardw Syst Secur DOI 10.1007/s41635-020-00094-x 1 23 Your article is protected by copyright and all rights are held exclusively by Springer Nature Switzerland AG. This e-offprint is for personal use only and shall not be self- archived in electronic repositories. If you wish to self-archive your article, please use the accepted manuscript version for posting on your own website. You may further deposit the accepted manuscript version in any repository, provided it is only made publicly available 12 months after official publication or later and provided acknowledgement is given to the original source of publication and a link is inserted to the published article on Springer's website. The link must be accompanied by the following text: "The final publication is available at link.springer.com”. 1 23 Author's personal copy Journal of Hardware and Systems Security https://doi.org/10.1007/s41635-020-00094-x Key Update Countermeasure for Correlation-Based Side-Channel Attacks Yutian Gui1 · Suyash Mohan Tamore1 · Ali Shuja Siddiqui1 · Fareena Saqib1 Received: 14 January 2020 / Accepted: 13 April 2020 © Springer Nature Switzerland AG 2020 Abstract Side-channel analysis is a non-invasive form of attack that reveals the secret key of the cryptographic circuit by analyzing the leaked physical information. The traditional brute-force and cryptanalysis attacks target the weakness in the encryption algorithm, whereas side-channel attacks use statistical models such as differential analysis and correlation analysis on the leaked information gained from the cryptographic device during the run-time.
    [Show full text]
  • Sok: Design Tools for Side-Channel-Aware Implementations
    SoK: Design Tools for Side-Channel-Aware Implementations Ileana Buhan∗, Lejla Batina∗, Yuval Yarom†, and Patrick Schaumont‡ ∗ Radboud University, Digital Security † University of Adelaide and Data61 ‡ Worcester Polytechnic Institute Abstract—Side-channel attacks that leak sensitive information involve collecting side-channel traces, e.g., power traces, from through a computing device’s interaction with its physical envi- the device and analyzing these traces to demonstrate an attack ronment have proven to be a severe threat to devices’ security, or the existence of leaks. While effective, such methodologies particularly when adversaries have unfettered physical access to the device. Traditional approaches for leakage detection measure require the physical device’s presence for evaluation, and this the physical properties of the device. Hence, they cannot be demand poses significant challenges. used during the design process and fail to provide root cause In the pre-silicon stage of the development, the device does analysis. An alternative approach that is gaining traction is to not yet exist; hence it cannot be adequately assessed. Con- automate leakage detection by modeling the device. The demand versely, in the post-silicone stage, detailed design information to understand the scope, benefits, and limitations of the proposed tools intensifies with the increase in the number of proposals. may not be accessible, for example, when using third-party In this SoK, we classify approaches to automated leakage components. Consequently, it may be challenging to identify detection based on the model’s source of truth. We classify the root cause of leakage. Moreover, detecting, verifying, and the existing tools on two main parameters: whether the model mitigating side-channel leaks require expert knowledge and includes measurements from a concrete device and the abstrac- expensive equipment.
    [Show full text]
  • Method for Effectiveness Assessment of Electronic Warfare Systems In
    S S symmetry Article Method for Effectiveness Assessment of Electronic Warfare Systems in Cyberspace Seungcheol Choi 1, Oh-Jin Kwon 1,* , Haengrok Oh 2 and Dongkyoo Shin 3 1 Department of Electrical Engineering, Sejong University, 209 Neungdong-ro, Gwangjin-gu, Seoul 05006, Korea; [email protected] 2 Agency for Defense Development (ADD), Seoul 05771, Korea; [email protected] 3 Department of Computer Engineering, Sejong University, 209 Neungdong-ro, Gwangjin-gu, Seoul 05006, Korea; [email protected] * Correspondence: [email protected] Received: 27 November 2020; Accepted: 16 December 2020; Published: 18 December 2020 Abstract: Current electronic warfare (EW) systems, along with the rapid development of information and communication technology, are essential elements in the modern battlefield associated with cyberspace. In this study, an efficient evaluation framework is proposed to assess the effectiveness of various types of EW systems that operate in cyberspace, which is recognized as an indispensable factor affecting modern military operations. The proposed method classifies EW systems into primary and sub-categories according to EWs’ types and identifies items for the measurement of the effectiveness of each EW system by considering the characteristics of cyberspace for evaluating the damage caused by cyberattacks. A scenario with an integrated EW system incorporating two or more different types of EW equipment is appropriately provided to confirm the effectiveness of the proposed framework in cyber electromagnetic warfare. The scenario explicates an example of assessing the effectiveness of EW systems under cyberattacks. Finally, the proposed method is demonstrated sufficiently by assessing the effectiveness of the EW systems using the scenario.
    [Show full text]
  • Bad Cryptography Bruce Barnett Who Am I?
    Bad Cryptography Bruce Barnett Who am I? • Security consultant @ NYSTEC • 22 years a research scientist @ GE’s R&D Center • 15 years software developer, system administrator @ GE and Schlumberger • I’m not a cryptographer • I attended a lot of talks at Blackhat/DEFCON • Then I took a course on cryptography……….. Who should attend this talk? • Project Managers • Computer programmers • Those that are currently using cryptography • Those that are thinking about using cryptography in systems and protocols • Security professionals • Penetration testers who don’t know how to test cryptographic systems and want to learn more • … and anybody who is confused by cryptography Something for everyone What this presentation is … • A gentle introduction to cryptography • An explanation why cryptography can’t be just “plugged in” • Several examples of how cryptography can be done incorrectly • A brief description of why certain choices are bad and how to exploit it. • A checklist of warning signs that indicate when “Bad Cryptography” is happening. Example of Bad Cryptography!!! Siren from snottyboy http://soundbible.com/1355-Warning-Siren.html What this talk is not about • No equations • No certificates • No protocols • No mention of SSL/TLS/HTTPS • No quantum cryptography • Nothing that can cause headaches • (Almost) no math used Math: Exclusive Or (XOR) ⊕ Your Cat Your Roommates' Will you have Cat kittens? No kittens No kittens Note that this operator can “go backwards” (invertible) What is encryption and decryption? Plain text Good Morning, Mr. Phelps
    [Show full text]
  • RSA Key Extraction Via Low-Bandwidth Acoustic Cryptanalysis∗
    RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis∗ Daniel Genkin Adi Shamir Eran Tromer Technion and Tel Aviv University Weizmann Institute of Science Tel Aviv University [email protected] [email protected] [email protected] December 18, 2013 Abstract Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations. In a preliminary presentation (Eurocrypt’04 rump session), we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was that the acoustic side channel has a very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers. In this paper we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG’s current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away. Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis.
    [Show full text]
  • Side-Channel Analysis of AES Based on Deep Learning
    DEGREE PROJECT IN ELECTRICAL ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2019 Side-Channel Analysis of AES Based on Deep Learning Huanyu Wang KTH ROYAL INSTITUTE OF TECHNOLOGY ELECTRICAL ENGINEERING AND COMPUTER SCIENCE Abstract Side-channel attacks avoid complex analysis of cryptographic algorithms, instead they use side-channel signals captured from a software or a hardware implementation of the algorithm to recover its secret key. Recently, deep learning models, especially Convolutional Neural Networks (CNN), have been shown successful in assisting side-channel analysis. The attacker first trains a CNN model on a large set of power traces captured from a device with a known key. The trained model is then used to recover the unknown key from a few power traces captured from a victim device. However, previous work had three important limitations: (1) little attention is paid to the effects of training and testing on traces captured from different devices; (2) the effect of different power models on the attack’s efficiency has not been thoroughly evaluated; (3) it is believed that, in order to recover all bytes of a key, the CNN model must be trained as many times as the number of bytes in the key. This thesis aims to address these limitations. First, we show that it is easy to overestimate the attack’s efficiency if the CNN model is trained and tested on the same device. Second, we evaluate the effect of two common power models, identity and Hamming weight, on CNN-based side-channel attack’s efficiency. The results show that the identity power model is more effective under the same training conditions.
    [Show full text]