Skip to main content
SpringerLink
Log in

Get your hands off my laptop: physical side-channel key-extraction attacks on PCs

Extended version

  • CHES 2014
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

We demonstrate physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers. Our attacks use novel side channels, based on the observation that the “ground” electric potential, in many computers, fluctuates in a computation-dependent way. An attacker can measure this signal by touching exposed metal on the computer’s chassis with a plain wire, or even with a bare hand. The signal can also be measured on the ground shield at the remote end of Ethernet, USB and display cables. Through suitable cryptanalysis and signal processing, we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing. Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency (MF) signals (around 2 MHz), or one hour using Low Frequency (LF) signals (up to 40  kHz).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Notes

  1. A brief account of these results appeared in [18].

  2. In the realm of small devices, such similar decoupling has been proposed as an intentional countermeasure against power analysis [35].

  3. The combinations of side channel, attack technique, target algorithm, and target computer are too numerous to exhaustively demonstrate and discuss, especially due to the requisite analog and algorithmic tuning. This paper summarizes dozens of successful key extraction configurations.

  4. In a follow research [17], we present attacks against the sliding window method used by GnuPG 1.4.16 using the electromagnetic channel.

  5. After filtering out the strong, but cryptanalytically useless, components at 50 Hz or 60 Hz.

  6. Recent GnuPG implementations use the side-channel mitigation technique of always multiplying the intermediate results by the input; but this helps our attack, since it doubles the number of multiplications.

  7. 3-prong laptop AC-DC power supplies typically do not have a low-resistance path between the grounding prong and the DC power plug.

  8. The first few bits of \(p\) are harder to measure, due to stabilization time.

  9. Here, we attack the exponentiation modulo \(q\), to avoid stabilization effects in the first exponentiation, modulo \(p\).

  10. Grounding the laptop to mains earth, via some port, would improve the signal quality (see Sect. 5.1.1); but the adaptive attack is sufficiently robust to not require this.

  11. The attack is especially effective in hot weather, since sweaty fingers offer lower electrical resistance.

  12. The heatsink fins provide a particularly strong signal, and the paperclip merely bypasses the mechanical obstruction of the plastic vent grill, a few millimeters deep. The attack is also possible by touching fully exposed metal connectors, such as I/O port shields, but in that case the signal is weak and necessitates numerous measurements, so we applied the more robust adaptive attack (discussed at the end of this section).

References

  1. GNU multiple precision arithmetic library. http://gmplib.org/. Accessed 4 Dec 2014

  2. GNU Privacy Guard. https://www.gnupg.org. Accessed 4 Dec 2014

  3. Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2002, pp. 29–45. Springer (2002)

  4. Anderson, R.J.: Security Engineering—A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley, New York (2008)

    Google Scholar 

  5. Bernstein, D.J.: Cache-timing attacks on AES (2005). http://cr.yp.to/papers.html#cachetiming. Accessed 4 Dec 2014

  6. Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: ESORICS 2011, pp. 355–371. Springer (2011)

  7. Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Netw. 48(5), 701–716 (2005)

    Article  Google Scholar 

  8. Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP message format. RFC 4880, November (2007)

  9. Clark, S.S., Mustafa, H.A., Ransford, B., Sorber, J., Fu, K., Xu, W.: Current events: Identifying webpages by tapping the electrical outlet. In: ESORICS 2013, pp. 700–717. Springer (2013)

  10. Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)

    Article  MATH  MathSciNet  Google Scholar 

  11. Courrège, J.-C., Feix, B., Roussellet, M.: Simple power analysis on exponentiation revisited. In: Smart Card Research and Advanced Application (CARDIS) 2010, pp. 65–79. Springer (2010)

  12. ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)

    Article  MATH  MathSciNet  Google Scholar 

  13. Elkins, M., Del Torto, D., Levien, R., Roessler, T.: MIME security with OpenPGP. RFC 3156 (2001). http://www.ietf.org/rfc/rfc3156.txt. Accessed 4 Dec 2014

  14. The Enigmail Project. Enigmail: a simple interface for OpenPGP email security. https://www.enigmail.net. Accessed 4 Dec 2014

  15. Fouque, P.-A., Valette, F.: The doubling attack—why upwards is better than downwards. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2003, pp. 269–280. Springer (2003)

  16. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2001, pp. 251–261. Springer (2001)

  17. Genkin, D., Pachmanov, L., Pipman, I., Tromer, E.: Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation. Cryptology ePrint Archive, Report 2015/170 (2015). http://eprint.iacr.org/2015/170. Accessed 4 Dec 2014

  18. Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: CRYPTO 2014, Extended version: Cryptology ePrint Archive, Report 2013/857, vol. 1, pp. 444–461. Springer (2014)

  19. Homma, N., Miyamoto, A., Aoki, T., Satoh, A., Shamir, A.: Collision-based power analysis of modular exponentiation using chosen-message pairs. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2008, pp. 15–29. Springer (2008)

  20. Hu, W.-M.: Lattice scheduling and covert channels. In: Proceedings of the IEEE Symposium on Security and Privacy 1992, pp. 52–61. IEEE Computer Society (1992)

  21. Karatsuba, A., Ofman, Y.: Multiplication of many-digital numbers by automatic computers. Proc. USSR Acad. Sci. 145, 293–294 (1962)

    Google Scholar 

  22. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO 1999, pp. 388–397. Springer (1999)

  23. Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptogr. Eng. 1(1), 5–27 (2011)

  24. Kocher, P.C.: Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and other systems. In: CRYPTO 1996, pp. 104–113. Springer (1996)

  25. Kuhn, M.G.: Compromising emanations: eavesdropping risks of computer displays. Ph.D. dissertation (2003)

  26. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks—Revealing the Secrets of Smart Cards. Springer, Berlin (2007)

    MATH  Google Scholar 

  27. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 1999, pp. 144–157. Springer (1999)

  28. MITRE. Common vulnerabilities and exposures list, entry CVE-2013-4576 (2013). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576. Accessed 4 Dec 2014

  29. Novak, R.: SPA-based adaptive chosen-ciphertext attack on RSA implementation. In: Public Key Cryptography (PKC) 2002, pp. 252–262. Springer (2002)

  30. Oren, Y., Shamir, A.: How not to protect PCs from power analysis. presented during CRYPTO 2006 rump session (2006). http://iss.oy.ne.ro/HowNotToProtectPCsFromPowerAnalysis. Accessed 4 Dec 2014

  31. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: RSA Conference Cryptographers’ Track (CT-RSA) 2006, pp. 1–20. Springer (2006)

  32. Percival, C.: Cache missing for fun and profit. Presented at BSDCan (2005). http://www.daemonology.net/hyperthreading-considered-harmful. Accessed 4 Dec 2014

  33. Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (EMA): measures and counter-measures for smart cards. In: E-smart’01, pp. 200–210 (2001)

  34. Schmidt, J.-M., Plos, T., Kirschbaum, M., Hutter, M., Medwed, M., Herbst, C.: Side-channel leakage across borders. In: Smart Card Research and Advanced Application (CARDIS) 2010, pp. 36–48. Springer (2010)

  35. Tokunaga, C., Blaauw, D.: Securing encryption systems with a switched capacitor current equalizer. Solid-State Circuits IEEE J. 45(1), 23–31 (2010)

    Article  Google Scholar 

  36. Walter, C.D., Samyde, D.: Data dependent power use in multipliers. In: IEEE Symposium on Computer Arithmetic (ARITH) 2005, pp. 4–12. IEEE Computer Society (2005)

  37. Walter, C.D., Thompson, Susan: Distinguishing exponent digits by observing modular subtractions. In: RSA Conference the Cryptographer’s Track (CT-RSA) 2001, pp. 192–207. Springer (2001)

  38. Yarom, Y., Falkner, K.: FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In: USENIX Security Symposium 2014, pp. 719–732. USENIX Association (2014)

  39. Yen, S.-M., Lien, W.-C., Moon, S.-J., Ha, J.: Power analysis by exploiting chosen message and internal collisions – vulnerability of checking mechanism for RSA-decryption. In: Mycrypt, pp. 183–195. Springer (2005)

  40. Zajic, A., Prvulovic, M.: Experimental demonstration of electromagnetic information leakage from modern processor-memory systems. IEEE Trans. Electromagn. Compat (EMC) 56(4), 885–893 (2014)

    Article  Google Scholar 

Download references

Acknowledgments

We are indebted to Adi Shamir for insightful discussions and suggestions, and to Lev Pachmanov for writing much of the software setup used in our experiments. Ezra Shaked assisted in constructing and configuring the experimental setup. Assa Naveh assisted in experiments and offered valuable suggestions. Sharon Kessler provided copious editorial advice. This work was sponsored by the Check Point Institute for Information Security; by European Union’s Tenth Framework Programme (FP10/2010-2016) under grant agreement no. 259426 ERC-CaC, by the Leona M. & Harry B. Helmsley Charitable Trust; by the Israeli Ministry of Science and Technology; by the Israeli Centers of Research Excellence I-CORE program (center 4/11); and by NATO’s Public Diplomacy Division in the Framework of “Science for Peace”.

Author information

Authors and Affiliations

  1. Technion, Haifa, Israel

    Daniel Genkin

  2. Tel Aviv University, Tel Aviv, Israel

    Daniel Genkin, Itamar Pipman & Eran Tromer

Authors
  1. Daniel Genkin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Itamar Pipman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eran Tromer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eran Tromer.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Genkin, D., Pipman, I. & Tromer, E. Get your hands off my laptop: physical side-channel key-extraction attacks on PCs. J Cryptogr Eng 5, 95–112 (2015). https://doi.org/10.1007/s13389-015-0100-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-015-0100-7

Keywords

Search

Navigation