Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Journal of Cryptographic Engineering
Erschienen in: Journal of Cryptographic Engineering 2/2015

01.06.2015 | CHES 2014

Get your hands off my laptop: physical side-channel key-extraction attacks on PCs

Extended version

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 2/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

We demonstrate physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers. Our attacks use novel side channels, based on the observation that the “ground” electric potential, in many computers, fluctuates in a computation-dependent way. An attacker can measure this signal by touching exposed metal on the computer’s chassis with a plain wire, or even with a bare hand. The signal can also be measured on the ground shield at the remote end of Ethernet, USB and display cables. Through suitable cryptanalysis and signal processing, we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing. Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency (MF) signals (around 2 MHz), or one hour using Low Frequency (LF) signals (up to 40  kHz).
Vorheriger Artikel Reversing stealthy dopant-level circuits
Nächster Artikel Practical feasibility evaluation and improvement of a pay-per-use licensing scheme for hardware IP cores in Xilinx FPGAs

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Fußnoten
1
A brief account of these results appeared in [18].
 
2
In the realm of small devices, such similar decoupling has been proposed as an intentional countermeasure against power analysis [35].
 
3
The combinations of side channel, attack technique, target algorithm, and target computer are too numerous to exhaustively demonstrate and discuss, especially due to the requisite analog and algorithmic tuning. This paper summarizes dozens of successful key extraction configurations.
 
4
In a follow research [17], we present attacks against the sliding window method used by GnuPG 1.4.16 using the electromagnetic channel.
 
5
After filtering out the strong, but cryptanalytically useless, components at 50 Hz or 60 Hz.
 
6
Recent GnuPG implementations use the side-channel mitigation technique of always multiplying the intermediate results by the input; but this helps our attack, since it doubles the number of multiplications.
 
7
3-prong laptop AC-DC power supplies typically do not have a low-resistance path between the grounding prong and the DC power plug.
 
8
The first few bits of \(p\) are harder to measure, due to stabilization time.
 
9
Here, we attack the exponentiation modulo \(q\), to avoid stabilization effects in the first exponentiation, modulo \(p\).
 
10
Grounding the laptop to mains earth, via some port, would improve the signal quality (see Sect. 5.1.1); but the adaptive attack is sufficiently robust to not require this.
 
11
The attack is especially effective in hot weather, since sweaty fingers offer lower electrical resistance.
 
12
The heatsink fins provide a particularly strong signal, and the paperclip merely bypasses the mechanical obstruction of the plastic vent grill, a few millimeters deep. The attack is also possible by touching fully exposed metal connectors, such as I/O port shields, but in that case the signal is weak and necessitates numerous measurements, so we applied the more robust adaptive attack (discussed at the end of this section).
 
Literatur
1.
2.
3.
Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2002, pp. 29–45. Springer (2002)
4.
Anderson, R.J.: Security Engineering—A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley, New York (2008)
5.
6.
Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: ESORICS 2011, pp. 355–371. Springer (2011)
7.
Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Netw. 48(5), 701–716 (2005)CrossRef
8.
Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP message format. RFC 4880, November (2007)
9.
Clark, S.S., Mustafa, H.A., Ransford, B., Sorber, J., Fu, K., Xu, W.: Current events: Identifying webpages by tapping the electrical outlet. In: ESORICS 2013, pp. 700–717. Springer (2013)
10.
Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)CrossRefMATHMathSciNet
11.
Courrège, J.-C., Feix, B., Roussellet, M.: Simple power analysis on exponentiation revisited. In: Smart Card Research and Advanced Application (CARDIS) 2010, pp. 65–79. Springer (2010)
12.
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)CrossRefMATHMathSciNet
13.
14.
15.
Fouque, P.-A., Valette, F.: The doubling attack—why upwards is better than downwards. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2003, pp. 269–280. Springer (2003)
16.
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2001, pp. 251–261. Springer (2001)
17.
Genkin, D., Pachmanov, L., Pipman, I., Tromer, E.: Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation. Cryptology ePrint Archive, Report 2015/170 (2015). http://​eprint.​iacr.​org/​2015/​170. Accessed 4 Dec 2014
18.
Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: CRYPTO 2014, Extended version: Cryptology ePrint Archive, Report 2013/857, vol. 1, pp. 444–461. Springer (2014)
19.
Homma, N., Miyamoto, A., Aoki, T., Satoh, A., Shamir, A.: Collision-based power analysis of modular exponentiation using chosen-message pairs. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2008, pp. 15–29. Springer (2008)
20.
Hu, W.-M.: Lattice scheduling and covert channels. In: Proceedings of the IEEE Symposium on Security and Privacy 1992, pp. 52–61. IEEE Computer Society (1992)
21.
Karatsuba, A., Ofman, Y.: Multiplication of many-digital numbers by automatic computers. Proc. USSR Acad. Sci. 145, 293–294 (1962)
22.
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO 1999, pp. 388–397. Springer (1999)
23.
Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptogr. Eng. 1(1), 5–27 (2011)
24.
Kocher, P.C.: Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and other systems. In: CRYPTO 1996, pp. 104–113. Springer (1996)
25.
Kuhn, M.G.: Compromising emanations: eavesdropping risks of computer displays. Ph.D. dissertation (2003)
26.
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks—Revealing the Secrets of Smart Cards. Springer, Berlin (2007)MATH
27.
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 1999, pp. 144–157. Springer (1999)
28.
29.
Novak, R.: SPA-based adaptive chosen-ciphertext attack on RSA implementation. In: Public Key Cryptography (PKC) 2002, pp. 252–262. Springer (2002)
30.
31.
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: RSA Conference Cryptographers’ Track (CT-RSA) 2006, pp. 1–20. Springer (2006)
32.
33.
Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (EMA): measures and counter-measures for smart cards. In: E-smart’01, pp. 200–210 (2001)
34.
Schmidt, J.-M., Plos, T., Kirschbaum, M., Hutter, M., Medwed, M., Herbst, C.: Side-channel leakage across borders. In: Smart Card Research and Advanced Application (CARDIS) 2010, pp. 36–48. Springer (2010)
35.
Tokunaga, C., Blaauw, D.: Securing encryption systems with a switched capacitor current equalizer. Solid-State Circuits IEEE J. 45(1), 23–31 (2010)CrossRef
36.
Walter, C.D., Samyde, D.: Data dependent power use in multipliers. In: IEEE Symposium on Computer Arithmetic (ARITH) 2005, pp. 4–12. IEEE Computer Society (2005)
37.
Walter, C.D., Thompson, Susan: Distinguishing exponent digits by observing modular subtractions. In: RSA Conference the Cryptographer’s Track (CT-RSA) 2001, pp. 192–207. Springer (2001)
38.
Yarom, Y., Falkner, K.: FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In: USENIX Security Symposium 2014, pp. 719–732. USENIX Association (2014)
39.
Yen, S.-M., Lien, W.-C., Moon, S.-J., Ha, J.: Power analysis by exploiting chosen message and internal collisions – vulnerability of checking mechanism for RSA-decryption. In: Mycrypt, pp. 183–195. Springer (2005)
40.
Zajic, A., Prvulovic, M.: Experimental demonstration of electromagnetic information leakage from modern processor-memory systems. IEEE Trans. Electromagn. Compat (EMC) 56(4), 885–893 (2014)CrossRef
Metadaten
Titel
Get your hands off my laptop: physical side-channel key-extraction attacks on PCs
Extended version
Publikationsdatum
01.06.2015
Erschienen in
Journal of Cryptographic Engineering / Ausgabe 2/2015
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI
https://doi.org/10.1007/s13389-015-0100-7

Weitere Artikel der Ausgabe 2/2015

Journal of Cryptographic Engineering 2/2015 Zur Ausgabe

CHES 2014

Reversing stealthy dopant-level circuits

Regular Paper

Fast prime field elliptic-curve cryptography with 256-bit primes

CHES 2014

Introduction to the CHES 2014 special issue

CHES 2014

Fast evaluation of polynomials over binary finite fields and application to side-channel countermeasures

Regular Paper

Practical feasibility evaluation and improvement of a pay-per-use licensing scheme for hardware IP cores in Xilinx FPGAs

Regular Paper

A machine learning approach against a masked AES

Premium Partner

    Bildnachweise