Abstract
We demonstrate physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers. Our attacks use novel side channels, based on the observation that the “ground” electric potential, in many computers, fluctuates in a computation-dependent way. An attacker can measure this signal by touching exposed metal on the computer’s chassis with a plain wire, or even with a bare hand. The signal can also be measured on the ground shield at the remote end of Ethernet, USB and display cables. Through suitable cryptanalysis and signal processing, we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing. Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency (MF) signals (around 2 MHz), or one hour using Low Frequency (LF) signals (up to 40 kHz).
Similar content being viewed by others
Notes
A brief account of these results appeared in [18].
In the realm of small devices, such similar decoupling has been proposed as an intentional countermeasure against power analysis [35].
The combinations of side channel, attack technique, target algorithm, and target computer are too numerous to exhaustively demonstrate and discuss, especially due to the requisite analog and algorithmic tuning. This paper summarizes dozens of successful key extraction configurations.
In a follow research [17], we present attacks against the sliding window method used by GnuPG 1.4.16 using the electromagnetic channel.
After filtering out the strong, but cryptanalytically useless, components at 50 Hz or 60 Hz.
Recent GnuPG implementations use the side-channel mitigation technique of always multiplying the intermediate results by the input; but this helps our attack, since it doubles the number of multiplications.
3-prong laptop AC-DC power supplies typically do not have a low-resistance path between the grounding prong and the DC power plug.
The first few bits of \(p\) are harder to measure, due to stabilization time.
Here, we attack the exponentiation modulo \(q\), to avoid stabilization effects in the first exponentiation, modulo \(p\).
Grounding the laptop to mains earth, via some port, would improve the signal quality (see Sect. 5.1.1); but the adaptive attack is sufficiently robust to not require this.
The attack is especially effective in hot weather, since sweaty fingers offer lower electrical resistance.
The heatsink fins provide a particularly strong signal, and the paperclip merely bypasses the mechanical obstruction of the plastic vent grill, a few millimeters deep. The attack is also possible by touching fully exposed metal connectors, such as I/O port shields, but in that case the signal is weak and necessitates numerous measurements, so we applied the more robust adaptive attack (discussed at the end of this section).
References
GNU multiple precision arithmetic library. http://gmplib.org/. Accessed 4 Dec 2014
GNU Privacy Guard. https://www.gnupg.org. Accessed 4 Dec 2014
Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2002, pp. 29–45. Springer (2002)
Anderson, R.J.: Security Engineering—A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley, New York (2008)
Bernstein, D.J.: Cache-timing attacks on AES (2005). http://cr.yp.to/papers.html#cachetiming. Accessed 4 Dec 2014
Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: ESORICS 2011, pp. 355–371. Springer (2011)
Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Netw. 48(5), 701–716 (2005)
Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP message format. RFC 4880, November (2007)
Clark, S.S., Mustafa, H.A., Ransford, B., Sorber, J., Fu, K., Xu, W.: Current events: Identifying webpages by tapping the electrical outlet. In: ESORICS 2013, pp. 700–717. Springer (2013)
Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)
Courrège, J.-C., Feix, B., Roussellet, M.: Simple power analysis on exponentiation revisited. In: Smart Card Research and Advanced Application (CARDIS) 2010, pp. 65–79. Springer (2010)
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)
Elkins, M., Del Torto, D., Levien, R., Roessler, T.: MIME security with OpenPGP. RFC 3156 (2001). http://www.ietf.org/rfc/rfc3156.txt. Accessed 4 Dec 2014
The Enigmail Project. Enigmail: a simple interface for OpenPGP email security. https://www.enigmail.net. Accessed 4 Dec 2014
Fouque, P.-A., Valette, F.: The doubling attack—why upwards is better than downwards. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2003, pp. 269–280. Springer (2003)
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2001, pp. 251–261. Springer (2001)
Genkin, D., Pachmanov, L., Pipman, I., Tromer, E.: Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation. Cryptology ePrint Archive, Report 2015/170 (2015). http://eprint.iacr.org/2015/170. Accessed 4 Dec 2014
Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: CRYPTO 2014, Extended version: Cryptology ePrint Archive, Report 2013/857, vol. 1, pp. 444–461. Springer (2014)
Homma, N., Miyamoto, A., Aoki, T., Satoh, A., Shamir, A.: Collision-based power analysis of modular exponentiation using chosen-message pairs. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2008, pp. 15–29. Springer (2008)
Hu, W.-M.: Lattice scheduling and covert channels. In: Proceedings of the IEEE Symposium on Security and Privacy 1992, pp. 52–61. IEEE Computer Society (1992)
Karatsuba, A., Ofman, Y.: Multiplication of many-digital numbers by automatic computers. Proc. USSR Acad. Sci. 145, 293–294 (1962)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO 1999, pp. 388–397. Springer (1999)
Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptogr. Eng. 1(1), 5–27 (2011)
Kocher, P.C.: Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and other systems. In: CRYPTO 1996, pp. 104–113. Springer (1996)
Kuhn, M.G.: Compromising emanations: eavesdropping risks of computer displays. Ph.D. dissertation (2003)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks—Revealing the Secrets of Smart Cards. Springer, Berlin (2007)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 1999, pp. 144–157. Springer (1999)
MITRE. Common vulnerabilities and exposures list, entry CVE-2013-4576 (2013). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576. Accessed 4 Dec 2014
Novak, R.: SPA-based adaptive chosen-ciphertext attack on RSA implementation. In: Public Key Cryptography (PKC) 2002, pp. 252–262. Springer (2002)
Oren, Y., Shamir, A.: How not to protect PCs from power analysis. presented during CRYPTO 2006 rump session (2006). http://iss.oy.ne.ro/HowNotToProtectPCsFromPowerAnalysis. Accessed 4 Dec 2014
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: RSA Conference Cryptographers’ Track (CT-RSA) 2006, pp. 1–20. Springer (2006)
Percival, C.: Cache missing for fun and profit. Presented at BSDCan (2005). http://www.daemonology.net/hyperthreading-considered-harmful. Accessed 4 Dec 2014
Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (EMA): measures and counter-measures for smart cards. In: E-smart’01, pp. 200–210 (2001)
Schmidt, J.-M., Plos, T., Kirschbaum, M., Hutter, M., Medwed, M., Herbst, C.: Side-channel leakage across borders. In: Smart Card Research and Advanced Application (CARDIS) 2010, pp. 36–48. Springer (2010)
Tokunaga, C., Blaauw, D.: Securing encryption systems with a switched capacitor current equalizer. Solid-State Circuits IEEE J. 45(1), 23–31 (2010)
Walter, C.D., Samyde, D.: Data dependent power use in multipliers. In: IEEE Symposium on Computer Arithmetic (ARITH) 2005, pp. 4–12. IEEE Computer Society (2005)
Walter, C.D., Thompson, Susan: Distinguishing exponent digits by observing modular subtractions. In: RSA Conference the Cryptographer’s Track (CT-RSA) 2001, pp. 192–207. Springer (2001)
Yarom, Y., Falkner, K.: FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In: USENIX Security Symposium 2014, pp. 719–732. USENIX Association (2014)
Yen, S.-M., Lien, W.-C., Moon, S.-J., Ha, J.: Power analysis by exploiting chosen message and internal collisions – vulnerability of checking mechanism for RSA-decryption. In: Mycrypt, pp. 183–195. Springer (2005)
Zajic, A., Prvulovic, M.: Experimental demonstration of electromagnetic information leakage from modern processor-memory systems. IEEE Trans. Electromagn. Compat (EMC) 56(4), 885–893 (2014)
Acknowledgments
We are indebted to Adi Shamir for insightful discussions and suggestions, and to Lev Pachmanov for writing much of the software setup used in our experiments. Ezra Shaked assisted in constructing and configuring the experimental setup. Assa Naveh assisted in experiments and offered valuable suggestions. Sharon Kessler provided copious editorial advice. This work was sponsored by the Check Point Institute for Information Security; by European Union’s Tenth Framework Programme (FP10/2010-2016) under grant agreement no. 259426 ERC-CaC, by the Leona M. & Harry B. Helmsley Charitable Trust; by the Israeli Ministry of Science and Technology; by the Israeli Centers of Research Excellence I-CORE program (center 4/11); and by NATO’s Public Diplomacy Division in the Framework of “Science for Peace”.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Genkin, D., Pipman, I. & Tromer, E. Get your hands off my laptop: physical side-channel key-extraction attacks on PCs. J Cryptogr Eng 5, 95–112 (2015). https://doi.org/10.1007/s13389-015-0100-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-015-0100-7