1 Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs CHES 2014 25 September 2014 Daniel Genkin Technion and Tel Aviv University Eran Tromer Tel Aviv University Laboratory for Experimental Information Security Itamar Pipman Tel Aviv University
88
Embed
Physical Side-Channel Key-Extraction Attacks on PCs
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Get Your Hands Off My Laptop:Physical Side-Channel
Key-Extraction Attacks on PCs
CHES 2014 25 September 2014
Daniel GenkinTechnion and Tel Aviv University
Eran TromerTel Aviv University
Laboratory for Experimental Information Security
Itamar PipmanTel Aviv University
2
Side channel attacks
3
Side channel attacks
4
Side channel attacks
electromagnetic
5
Side channel attacks
electromagnetic
probing
6
Side channel attacks
electromagnetic
probing
power
7
Side channel attacks
electromagnetic
probing
opticalpower
8
Side channel attacks
electromagnetic
probing
opticalpower
CPUarchitecture
9
Side channel attacks
electromagnetic acoustic
probing
opticalpower
CPUarchitecture
10
Side channel attacks
electromagnetic acoustic
probing
opticalpower
CPUarchitecture
chassis potential
11
Traditional side channel attacks methodology
1. Grab/borrow/steal device
12
Traditional side channel attacks methodology
1. Grab/borrow/steal device
2. Find key-dependent instruction
for i=1…2048
sqr(…)
if key[i]=1
mul(…)
13
Traditional side channel attacks methodology
1. Grab/borrow/steal device
2. Find key-dependent instruction
3. Record emanations using
high-bandwidth equipment
(> clock rate , PC: >2GHz)
for i=1…2048
sqr(…)
if key[i]=1
mul(…)
14
Traditional side channel attacks methodology
1. Grab/borrow/steal device
2. Find key-dependent instruction
3. Record emanations using
high-bandwidth equipment
(> clock rate , PC: >2GHz)
4. Obtain traces
for i=1…2048
sqr(…)
if key[i]=1
mul(…)
15
Traditional side channel attacks methodology
1. Grab/borrow/steal device
2. Find key-dependent instruction
3. Record emanations using
high-bandwidth equipment
(> clock rate , PC: >2GHz)
4. Obtain traces
5. Signal and cryptanalytic analysis
for i=1…2048
sqr(…)
if key[i]=1
mul(…)
16
Traditional side channel attacks methodology
1. Grab/borrow/steal device
2. Find key-dependent instruction
3. Record emanations using
high-bandwidth equipment
(> clock rate , PC: >2GHz)
4. Obtain traces
5. Signal and cryptanalytic analysis
6. Recover key
for i=1…2048
sqr(…)
if key[i]=1
mul(…)
17
Traditional side channel attacks methodology
1. Grab/borrow/steal device
2. Find key-dependent instruction
3. Record emanations using
high-bandwidth equipment
(> clock rate , PC: >2GHz)
4. Obtain traces
5. Signal and cryptanalytic analysis
6. Recover key
for i=1…2048
sqr(…)
if key[i]=1
mul(…)
Hard for PCs
18
1. Grab/borrow/steal device
2. Find key-dependent instruction
3. Record emanations using
high-bandwidth equipment
(> clock rate , PC: >2GHz)
4. Obtain traces
5. Signal and cryptanalytic analysis
6. Recover key
Traditional side channel attacks methodology
Hard for PCs
19
1. Grab/borrow/steal device
2. Find key-dependent instruction
3. Record emanations using
high-bandwidth equipment
(> clock rate , PC: >2GHz)
4. Obtain traces
5. Signal and cryptanalytic analysis
6. Recover key
Traditional side channel attacks methodology
Hard for PCs
Not handed out
vs.
20
1. Grab/borrow/steal device
2. Find key-dependent instruction
3. Record emanations using
high-bandwidth equipment
(> clock rate , PC: >2GHz)
4. Obtain traces
5. Signal and cryptanalytic analysis
6. Recover key
Traditional side channel attacks methodology
Hard for PCs
Not handed out
vs.
Measuring a 2GHz PC requires expansive and bulky equipment (compared to a 100 MHz smart card)
vs.
100,000$
1,000$
21
1. Grab/borrow/steal device
2. Find key-dependent instruction
3. Record emanations using
high-bandwidth equipment
(> clock rate , PC: >2GHz)
4. Obtain traces
5. Signal and cryptanalytic analysis
6. Recover key
Traditional side channel attacks methodology
Hard for PCs
Not handed out
vs.
Measuring a 2GHz PC requires expansive and bulky equipment (compared to a 100 MHz smart card)
vs.
100,000$
1,000$
Complex electronicsrunning complicated software (in parallel)
vs.
22
New channel: Chassis potential
23
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
24
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
25
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
26
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
27
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
28
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
29
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
30
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
31
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
32
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
33
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
34
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
35
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
36
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
37
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
38
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
39
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
40
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
41
Ground-potential analysis
• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields?
Dump them to the circuit ground!”
(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential
fluctuates relative to the mains earth ground.
Computation
affects currents and EM fields
dumped to device ground
connected to conductive chassis
Key =
101011…
42
Our results
• Channels for attacking PCs
– Ground potential (chassis and others)
– Power
– Electromagnetic
43
Our results
• Channels for attacking PCs
– Ground potential (chassis and others)
– Power
– Electromagnetic
• Exploited via low-bandwidth cryptanalytic attacks