Image for post
Image for post

Crypto Can Be Cracked ... Through Walls

Watch out for those side channels …

Introduction

Devices too are becoming faster, and, as they do, they are likely to emit an increasing amount of radio and electromagnetic (EM) emissions. A 2GHz processor, for example, is running at the same frequency as our wi-fi signals (2.4 GHz), and often the chips are not protected from emitting radio waves, and that is it a natural by-product of the fast operation of the device. As these high frequencies it is often difficult to stop EM emissions and from these being coupled into nearby wires and into other circuits.

Image for post
Image for post

Side-channel attacks

ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs

Within this paper, the authors outline the cracking of ECDH (Elliptic Curve Diffie-Hellman) which is one of the most popular key exchange methods and is often used when connecting to sites such as Microsoft Live, Google and Facebook.

In the work, they attack the ECDH public-key encryption algorithm and measure electromagnetic changes. It uses carefully chosen ciphertext, and a time-frequency signal analysis technique, in order to crack the key. This releases the decryption key within seconds, including from an antenna in another room.

Image for post
Image for post

ECDH is now a popular method and is basically the Diffie-Hellman key exchange method with the usage of elliptic curve methods.

Power analysis

Differential Power analysis on SIM cards

The access to SIM encryption keys is a key focus for law enforcement, and it was highlighted earlier in the year when law enforcement agents were suspected of stealing the billions of encryption keys from Dutch SIM card manufacturer Gemalto. These keys would allow access to both the data and voice messages on the phones.

In his Black Hat USA 2015 presentation this week Prof Yu-Yu outlined how a differential power analysis method that recovers encryption keys from SIM cards and which allows them to be cloned. Overall it takes 10–40 minutes to recover the key, and his method has succeeded on eight of the most popular SIM card manufacturers.

He uses basically an oscilloscope to capture the power changes and a MP300-SC2 protocol analyser, along with a PC to analyse the cryptography (Figure 1). The work uses Differential Power Analysis (DPA). With Simple Power Analysis (SPA) we monitoring the power consumed by the processor, and this can give hints on the contents of its registers and data buses.

Image for post
Image for post

Figure 1: Prof Yu-Yu’s experimental setup

With DPA, the chips are given some tests for encryption, and then the power levels are observed for the chips, after which they are analysed to show a correlation of the bit patterns used (Figure 2). The differences in the encryption process are then used to crack the key. For example, we take some test data, and apply a range of keys to the device, and watch the power levels. Each of the power consumption levels will change depending on the activity within the chip.

Image for post
Image for post

Figure 2: Power analysis of the AES method

Conclusions

The crypto methods that we have often have not been designed to take into account electrical current drain, and also for electromagnetic radiation. Perhaps a rethink is required for general-purpose processors, as they seem to be responsible for giving clues to those who might monitor the systems?

A designer thus needs to think about:

  • Will my encryption keys appear on the system bus?
  • Does the processing of the crypto algorithm generate electrical changes which can be observed?
  • How does the processing affect electromagnetic radiation around the system?

I can see a time where chips are surrounded by metal shielding and with an increasing number of filtering capacitors fitted to the electrical supplies. As the speed of chips increase, the changes of radiation through electrical supplies and from electromagnetic radiation also increases, so the problem is likely to get worse.

Apart from putting lots of shielding around a chip, there’s not much that can be done to stop the emission, so designers need to think about smart ways to obfuscate the processing operations. If we work in the microwave region, we’re going to be emitting lots of radio waves, and it’s these waves which often give away the keys to the castle.

Footnote

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store