Advertisement

Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs

  • Daniel Genkin
  • Itamar Pipman
  • Eran Tromer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8731)

Abstract

We demonstrate physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers. Our attacks use novel side channels, based on the observation that the “ground” electric potential, in many computers, fluctuates in a computation-dependent way. An attacker can measure this signal by touching exposed metal on the computer’s chassis with a plain wire, or even with a bare hand. The signal can also be measured at the remote end of Ethernet, VGA or USB cables.

Through suitable cryptanalysis and signal processing, we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing. Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency signals (around 2 MHz), or one hour using Low Frequency signals (up to 40 kHz).

Keywords

Side Channel Modular Exponentiation Probe Wire Decryption Operation Simple Power Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    GNU multiple precision arithmetic library, http://gmplib.org/
  2. 2.
    The GNU Privacy Guard, http://www.gnupg.org
  3. 3.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Anderson, R.J.: Security engineering — a guide to building dependable distributed systems, 2nd edn. Wiley (2008)Google Scholar
  5. 5.
    Brumley, D., Boneh, D.: Remote timing attacks are practical. Computer Networks 48(5), 701–716 (2005)CrossRefGoogle Scholar
  6. 6.
    Clark, S.S., Mustafa, H., Ransford, B., Sorber, J., Fu, K., Xu, W.: Current events: Identifying webpages by tapping the electrical outlet. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 700–717. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptology 10(4), 233–260 (1997)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Courrège, J.-C., Feix, B., Roussellet, M.: Simple power analysis on exponentiation revisited. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 65–79. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Enigmail Project, T.: Enigmail: A simple interface for OpenPGP email security, https://www.enigmail.net
  10. 10.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis (extended version). IACR Cryptology ePrint Archive 2013, 857 (2013), extended version of [12]Google Scholar
  12. 12.
    Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 444–461. Springer, Heidelberg (2014), See [11] for extended versionCrossRefGoogle Scholar
  13. 13.
    Hu, W.M.: Lattice scheduling and covert channels. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 52–61 (1992)Google Scholar
  14. 14.
    Karatsuba, A., Ofman, Y.: Multiplication of Many-Digital Numbers by Automatic Computers. Proceedings of the USSR Academy of Sciences 145, 293–294 (1962)Google Scholar
  15. 15.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. Journal of Cryptographic Engineering 1(1), 5–27 (2011)CrossRefGoogle Scholar
  17. 17.
    Kuhn, M.G.: Compromising emanations: Eavesdropping risks of computer displays. PhD dissertation (2003)Google Scholar
  18. 18.
    Mangard, S., Oswald, E., Popp, T.: Power analysis attacks — revealing the secrets of smart cards. Springer (2007)Google Scholar
  19. 19.
    MITRE: Common vulnerabilities and exposures list, entry CVE-2013-4576 (2013), http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576
  20. 20.
    Oren, Y., Shamir, A.: How not to protect PCs from power analysis (2006), http://iss.oy.ne.ro/HowNotToProtectPCsFromPowerAnalysis, CRYPTO rump session
  21. 21.
    Quisquater, J.J., Samyde, D.: Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In: E-smart 2001, pp. 200–210 (2001)Google Scholar
  22. 22.
    Schmidt, J.-M., Plos, T., Kirschbaum, M., Hutter, M., Medwed, M., Herbst, C.: Side-channel leakage across borders. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 36–48. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Tokunaga, C., Blaauw, D.: Securing encryption systems with a switched capacitor current equalizer. IEEE Journal of Solid-State Circuits 45(1), 23–31 (2010)CrossRefGoogle Scholar
  24. 24.
    Walter, C.D., Samyde, D.: Data dependent power use in multipliers. In: IEEE Symposium on Computer Arithmetic, pp. 4–12 (2005)Google Scholar
  25. 25.
    Yarom, Y., Falkner, K.E.: Flush+reload: a high resolution, low noise, L3 cache side-channel attack. IACR Cryptology ePrint Archive 2013, 448 (2013)Google Scholar
  26. 26.
    Yen, S.-M., Lien, W.-C., Moon, S.-J., Ha, J.: Power analysis by exploiting chosen message and internal collisions – vulnerability of checking mechanism for RSA-decryption. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 183–195. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  27. 27.
    Zajic, A., Prvulovic, M.: Experimental demonstration of electromagnetic information leakage from modern processor-memory systems. IEEE Transactions on Electromagnetic Compatibility (to appear)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Daniel Genkin
    • 1
    • 2
  • Itamar Pipman
    • 2
  • Eran Tromer
    • 2
  1. 1.TechnionIsrael
  2. 2.Tel Aviv UniversityIsrael

Personalised recommendations