Intro
Acoustic side-channel cryptanalysis
Dušan Klinec
Faculty of InformaticsMasaryk university
Brno
13. 3. 2014
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 1 / 36
Intro
Source paper
RSA Key Extraction via Low-Bandwidth Acoustic CryptanalysisDaniel Genkin, Technion and Tel Aviv University;
Adi Shamir, Weizmann Institute of Science;Eran Tromer, Tel Aviv University
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 2 / 36
Source of the sound
What is it about
Extracts RSA private key byobserving acoustic side-channel leak
during decryption.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 3 / 36
Source of the sound
Acoustic, really?
Why does modern PC emit audiblenoise?
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 4 / 36
Source of the sound
Capacitor noise
High-pitched audible noise - capacitor is culprit #1.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 5 / 36
Source of the sound
Capacitor noise - why?
Piezoelectric effect.The internal generation of a mechanical strain resulting from anapplied electrical field.Note: Reversible, not interested in inverse right now.
Ti , Zr2+ Pb 4+
T < T
4+ 2– O
P
CT > TC
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 6 / 36
Source of the sound
Capacitor noise - why?
Piezoelectric effect.The internal generation of a mechanical strain resulting from anapplied electrical field.Note: Reversible, not interested in inverse right now.
Ti , Zr2+ Pb 4+
T < T
4+ 2– O
P
CT > TC
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 6 / 36
Source of the sound
Capacitor noise - how exactly?
L-T L-W
Beforeapplyingvoltage
Afterapplyingvoltage
LW with metalterminal
The large portion ofmodification
is made into Free.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 7 / 36
Source of the sound
Capacitor noise - how exactly?
L-T L-W
Beforeapplyingvoltage
Afterapplyingvoltage
LW with metalterminal
The large portion ofmodification
is made into Free.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 7 / 36
Source of the sound
Coil - culprit #2
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 8 / 36
Source of the sound
Coil - culprit #2
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 8 / 36
Source of the sound
Sound source
Dynamics of the pulse-width-modulation-based voltage regulatorcircuitry.Regulates emount of energy for CPU.Best mic mounting: fan exhaust, ethernet port.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 9 / 36
Experiment setup
Lab grade setup
1.25M saples per second, professional HW
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 10 / 36
Experiment setup
Portable setup
200k saples per second, 100kHz resolution.Attack works up to 1 m, (4 m with parabolic mic).
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 11 / 36
Experiment setup
Mobile setup
48k saples per second, low sensitivity, noise, pushing to the limits.attack works up to the 30 cm distance.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 12 / 36
Experiment setup
Acoustic noise – multiple devices tested
(a) Asus N55SF (b) Dell Inspiron 7720 (c) HP ProBook 4530s
(d) HP Pavilion Sleek book 15-b005ej (e) Samsung NP300V5A (f) Lenovo ThinkPad W530
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 13 / 36
Experiment setup
Attack scenario
Attacking several GnuPG implementations.Goal: recovery of a 4096 bit private key.Adaptive chosen cipher text attack.Recovers priv. key bit-by-bit. Requires to observe at least 2048decryptions (n = pq).Attack vector: Enigmail - Thunderbird GPG plugin, automaticallydecrypts incoming message.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36
Experiment setup
Attack scenario
Attacking several GnuPG implementations.Goal: recovery of a 4096 bit private key.Adaptive chosen cipher text attack.Recovers priv. key bit-by-bit. Requires to observe at least 2048decryptions (n = pq).Attack vector: Enigmail - Thunderbird GPG plugin, automaticallydecrypts incoming message.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36
Experiment setup
Attack scenario
Attacking several GnuPG implementations.Goal: recovery of a 4096 bit private key.Adaptive chosen cipher text attack.Recovers priv. key bit-by-bit. Requires to observe at least 2048decryptions (n = pq).Attack vector: Enigmail - Thunderbird GPG plugin, automaticallydecrypts incoming message.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36
Experiment setup
Attack scenario
Attacking several GnuPG implementations.Goal: recovery of a 4096 bit private key.Adaptive chosen cipher text attack.Recovers priv. key bit-by-bit. Requires to observe at least 2048decryptions (n = pq).Attack vector: Enigmail - Thunderbird GPG plugin, automaticallydecrypts incoming message.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36
Experiment setup
Attack scenario
Attacking several GnuPG implementations.Goal: recovery of a 4096 bit private key.Adaptive chosen cipher text attack.Recovers priv. key bit-by-bit. Requires to observe at least 2048decryptions (n = pq).Attack vector: Enigmail - Thunderbird GPG plugin, automaticallydecrypts incoming message.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36
Experiment setup
Corelation of acoustic noise with executed code
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 15 / 36
Experiment setup
Corelation of acoustic noise with code length
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 16 / 36
Experiment setup
RSA implementation in GPG
n = pq where n is public modulus, p,q private prime numbers.e public, d secret private exponent, ed ≡ 1 (mod ϕ(n))Normal RSA decryption: m = cd (mod n)Optimization (by factor of 4):
dp = d (mod (p − 1))dq = d (mod (q − 1))m1 = cdp (mod p)m2 = cdq (mod q)m = combine m1 and m2 using CRT
Thus 2 modular exponentiations, attacking 2nd prime.Signal is somehow stabilized after first one, better SNR.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 17 / 36
Experiment setup
RSA implementation in GPG
n = pq where n is public modulus, p,q private prime numbers.e public, d secret private exponent, ed ≡ 1 (mod ϕ(n))Normal RSA decryption: m = cd (mod n)Optimization (by factor of 4):
dp = d (mod (p − 1))dq = d (mod (q − 1))m1 = cdp (mod p)m2 = cdq (mod q)m = combine m1 and m2 using CRT
Thus 2 modular exponentiations, attacking 2nd prime.Signal is somehow stabilized after first one, better SNR.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 17 / 36
Experiment setup
Attack 1 - Key distinguishability
5 GnuPG RSA signatures executed on a Lenovo ThinkPad T61.The transitions between p, q marked with yellow arrows.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 18 / 36
Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸
32bit
,00 . . . 0︸ ︷︷ ︸32bit
, . . . ,00 . . . 0︸ ︷︷ ︸32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36
Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸
32bit
,00 . . . 0︸ ︷︷ ︸32bit
, . . . ,00 . . . 0︸ ︷︷ ︸32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36
Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸
32bit
,00 . . . 0︸ ︷︷ ︸32bit
, . . . ,00 . . . 0︸ ︷︷ ︸32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36
Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸
32bit
,00 . . . 0︸ ︷︷ ︸32bit
, . . . ,00 . . . 0︸ ︷︷ ︸32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36
Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸
32bit
,00 . . . 0︸ ︷︷ ︸32bit
, . . . ,00 . . . 0︸ ︷︷ ︸32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36
Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸
32bit
,00 . . . 0︸ ︷︷ ︸32bit
, . . . ,00 . . . 0︸ ︷︷ ︸32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36
Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸
32bit
,00 . . . 0︸ ︷︷ ︸32bit
, . . . ,00 . . . 0︸ ︷︷ ︸32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):a) let qi = 1
q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):a) let qi = 1
q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):a) let qi = 1
q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):a) let qi = 1
q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):a) let qi = 1
q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):a) let qi = 1
q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):a) let qi = 1
q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):b) let qi = 0
q = q2048,q2047, . . . ,qi−1,0,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random lookingnumber.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):b) let qi = 0
q = q2048,q2047, . . . ,qi−1,0,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random lookingnumber.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):b) let qi = 0
q = q2048,q2047, . . . ,qi−1,0,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random lookingnumber.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):b) let qi = 0
q = q2048,q2047, . . . ,qi−1,0,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random lookingnumber.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):b) let qi = 0
q = q2048,q2047, . . . ,qi−1,0,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random lookingnumber.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):b) let qi = 0
q = q2048,q2047, . . . ,qi−1,0,qi−1,qi−2, . . . ,q1
gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1
gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random lookingnumber.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36
Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸
topmost bits recovered
,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones
Leakage: modular reduction (mod q):If qi = 1⇒ gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.If qi = 0⇒ gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bitrandom looking number.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 22 / 36
Experiment setup
Modular exponentiation
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 23 / 36
Experiment setup
Source of side-channel leakage
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 24 / 36
Experiment setup
Karatsuba
Recursive algorithm for fast integer multiplication in Θ(nlog23).Faster than schoolbook algorithm (for suitably larger integers).Based on the following identity:
u = uH |uL concatenation of high & low part
v = vH |vL
uv =
1.mult︷ ︸︸ ︷(22n + 2n)uHvH +
2.mult︷ ︸︸ ︷2n(uH − uL)( vH − vL︸ ︷︷ ︸
will be almost zero
)+
3.mult︷ ︸︸ ︷(2n + 1)vLuL
Ciphertext c is passed to Karatsuba as a second parameter.Special form of the ciphertext causes marked part to be zero.Recursion will invoke Karatsuba(uH − uL, vH − vL), leads tomultiplication by zero.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 25 / 36
Experiment setup
Karatsuba
Recursive algorithm for fast integer multiplication in Θ(nlog23).Faster than schoolbook algorithm (for suitably larger integers).Based on the following identity:
u = uH |uL concatenation of high & low part
v = vH |vL
uv =
1.mult︷ ︸︸ ︷(22n + 2n)uHvH +
2.mult︷ ︸︸ ︷2n(uH − uL)( vH − vL︸ ︷︷ ︸
will be almost zero
)+
3.mult︷ ︸︸ ︷(2n + 1)vLuL
Ciphertext c is passed to Karatsuba as a second parameter.Special form of the ciphertext causes marked part to be zero.Recursion will invoke Karatsuba(uH − uL, vH − vL), leads tomultiplication by zero.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 25 / 36
Experiment setup
Karatsuba
uv =
1.mult,h︷ ︸︸ ︷(22n + 2n)uHvH +
2.mult,t︷ ︸︸ ︷2n(uH − uL)( vH − vL︸ ︷︷ ︸
will be almost zero
)+
3.mult,l︷ ︸︸ ︷(2n + 1)vLuL
Karatsuba recursive expansion
If qi = 1⇒ c = q2048,q2047, . . . ,qi−1,0,1,1, . . . ,1⇒ many zerolimbs in 2nd mult. arg.If qi = 0⇒ c random-looking number
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 26 / 36
Experiment setup
Karatsuba
uv =
1.mult,h︷ ︸︸ ︷(22n + 2n)uHvH +
2.mult,t︷ ︸︸ ︷2n(uH − uL)( vH − vL︸ ︷︷ ︸
will be almost zero
)+
3.mult,l︷ ︸︸ ︷(2n + 1)vLuL
Karatsuba recursive expansion
If qi = 1⇒ c = q2048,q2047, . . . ,qi−1,0,1,1, . . . ,1⇒ many zerolimbs in 2nd mult. arg.If qi = 0⇒ c random-looking number
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 26 / 36
Experiment setup
Source of side-channel leakage
Computation is very fast (GHz), acoustic channel is narrow (kHz).Would not be able without amplification.Side-channel leakage function is called multiple times during onedecryption, 7× 12× 2048 = 172032Such number of invocations create detectable pattern (random vs.zero bits) in accoustic spectrum.
Karatsuba recursive expansion
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 27 / 36
Experiment setup
Source of side-channel leakage
(a) attacking 0 bit (b) attacking 1 bit
0
0.5
1
1.5
2
2.5
3
3.5
4
4.5
34 35 36 37 38 39
Pow
er (n
anov
olts
)
Frequency (kHz)
Attacked bit is 1Attacked bit is 0
(c) Frequency spectra of the second modular exponentiation
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 28 / 36
Experiment setup
Attack technicalities
More bits are recovered more closer frequency peaks in spectrumare.Analysis gets complicated, but the core idea still holds.Frequency spectrum for ciphertexts of size 2048 bits with varioussizes of zero words:
0
50000
100000
150000
200000
250000
35 35.5 36 36.5 37 37.5 38 38.5 39
num
ber o
f zer
o lim
bs in
the
seco
nd o
pera
nd o
f MU
L_B
AS
EC
AS
E
frequancy (kHz)
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 29 / 36
Experiment setup
Attack preview
-300
-280
-260
-240
-220
-200
-180
-160
35 35.5 36 36.5 37 37.5 38 38.5 39
Pow
er (d
B)
Frequency (kHz)
template for one bittemplate for zero bit
specturm of zero bit
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 30 / 36
Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.
2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).
3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some
shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36
Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.
2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).
3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some
shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36
Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.
2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).
3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some
shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36
Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.
2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).
3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some
shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36
Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.
2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).
3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some
shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36
Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.
2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).
3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some
shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36
Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.
2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).
3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some
shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36
Experiment setup
Attack scheme
If attack misclassifies some qi , use backtracking.Error is detected, next bits are still the same (e.g., ones).
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 32 / 36
Experiment setup
Countermeasures
Artificial CPU load on another core. Does not work. Reducesleakage frequency 35− 38 kHz to 32− 35 kHZ actually helpingthe attack.Another side-channel fix (CPU cache, multiplication),multiplication is performed regardless di , doubling number ofmultiplications, helping the attack.Ciphertext randomization. Works. Let r be random 4096 bitnumber. (re × c)d × r−1 mod n = ced mod nModulus randomization. Works. Let t be random medium sizedinteger. Compute m′q = cdq mod (tq), then mq = m′qmod q.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 33 / 36
Experiment setup
Countermeasures
Artificial CPU load on another core. Does not work. Reducesleakage frequency 35− 38 kHz to 32− 35 kHZ actually helpingthe attack.Another side-channel fix (CPU cache, multiplication),multiplication is performed regardless di , doubling number ofmultiplications, helping the attack.Ciphertext randomization. Works. Let r be random 4096 bitnumber. (re × c)d × r−1 mod n = ced mod nModulus randomization. Works. Let t be random medium sizedinteger. Compute m′q = cdq mod (tq), then mq = m′qmod q.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 33 / 36
Experiment setup
Countermeasures
Artificial CPU load on another core. Does not work. Reducesleakage frequency 35− 38 kHz to 32− 35 kHZ actually helpingthe attack.Another side-channel fix (CPU cache, multiplication),multiplication is performed regardless di , doubling number ofmultiplications, helping the attack.Ciphertext randomization. Works. Let r be random 4096 bitnumber. (re × c)d × r−1 mod n = ced mod nModulus randomization. Works. Let t be random medium sizedinteger. Compute m′q = cdq mod (tq), then mq = m′qmod q.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 33 / 36
Experiment setup
Countermeasures
Artificial CPU load on another core. Does not work. Reducesleakage frequency 35− 38 kHz to 32− 35 kHZ actually helpingthe attack.Another side-channel fix (CPU cache, multiplication),multiplication is performed regardless di , doubling number ofmultiplications, helping the attack.Ciphertext randomization. Works. Let r be random 4096 bitnumber. (re × c)d × r−1 mod n = ced mod nModulus randomization. Works. Let t be random medium sizedinteger. Compute m′q = cdq mod (tq), then mq = m′qmod q.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 33 / 36
Experiment setup
Conclusions
Attack is realistic.Within one hour recovers 4096-bit private key.Attack: Mobile phone near laptop, performing attack, generatingciphertexts on the fly.Attack: hidden microphone in docking station, in table.Attack: self-spying (malware on the PC).
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 34 / 36
Experiment setup
Questions?
Questions?
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 35 / 36
Experiment setup
References & sources
https://www.cs.tau.ac.il/˜tromer/acoustic/
https://68kmla.org/forums/viewtopic.php?f=10&t=13101
https://eeepitnl.tksc.jaxa.jp/mews/jp/26th/data/2_12_4.pdf
http://www.bjorn3d.com/2013/09/asus-gtx-780-directcu-ii-oc/
http://img.techpowerup.org/120520/vrm.jpg
https://en.wikipedia.org/wiki/Piezoelectricity
Disclaimer: Images are not mine own, some of them may be from unknownsource. Appologies for not referencing them correctly.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 36 / 36