ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels

Genkin, Daniel; Pachmanov, Lev; Pipman, Itamar; Tromer, Eran; Yarom, Yuval

doi:10.1145/2976749.2978353

Cited by 134 publications

(79 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While physical side channel attacks can be used to extract secret information from complex devices such as PCs and mobile phones [15,16], these devices face additional threats that do not require external measurement equipment because they execute code from potentially unknown origins. While some software-based attacks exploit software vulnerabilities (such as buffer overflow or use-after-free vulnerabilities ) other software attacks leverage hardware vulnerabilities in order to leak sensitive information.…”

Section: Introductionmentioning

confidence: 99%

Spectre Attacks: Exploiting Speculative Execution

Kocher

Horn

Fogh³

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

Self Cite

1,316

1,283

View full text Add to dashboard Cite

Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access to the victim's memory and registers, and can perform operations with measurable side effects.Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim's process. More broadly, the paper shows that speculative execution implementations violate the security assumptions underpinning numerous software security mechanisms, including operating system process separation, static analysis, containerization, just-in-time (JIT) compilation, and countermeasures to cache timing/side-channel attacks. These attacks represent a serious threat to actual systems, since vulnerable speculative execution capabilities are found in microprocessors from Intel, AMD, and ARM that are used in billions of devices.While makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs as well as updates to instruction set architectures (ISAs) to give hardware architects and software developers a common understanding as to what computation state CPU implementations are (and are not) permitted to leak. * After reporting the results here, we were informed that our work partly overlaps the results of independent work done at Google's Project Zero.

show abstract

Section: Introductionmentioning

confidence: 99%

Spectre Attacks: Exploiting Speculative Execution

Kocher

Horn

Fogh³

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

Self Cite

1,316

1,283

View full text Add to dashboard Cite

show abstract

“…We will show how this monitoring app can utilize some OS-level sidechannel attack vectors on iOS (to be discussed shortly) to breach user privacy. Out of the scope are CPU cache side channels [66], electronic magnetic side channels [24], [39], [40], and mobile sensor based side channels [50], [52], [53], [57]. As they explore leakage through micro-architectures, electronic magnetic emission, or device orientation, which are not specific to iOS.…”

Section: A Threat Modelmentioning

confidence: 99%

“…For example, Marquardt et al utilized accelerometers on iPhone 4 to perform inference attack against a keyboard placed next to the device [48], while our work targets at other apps on the same device. Genkin et al [39] demonstrated that using magnetic probes placed close to the iPhone or power probes connected to the iPhone's USB cable, ECDSA keys used in OpenSSL and CoreBitcoin on iPhones can be extracted. Our attacks do not assume physical possession of the device by the attacker.…”

Section: Related Workmentioning

confidence: 99%

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

Zhang¹,

Wang²,

Bai³

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-It has been demonstrated in numerous previous studies that Android and its underlying Linux operating systems do not properly isolate mobile apps to prevent cross-app sidechannel attacks. Cross-app information leakage enables malicious Android apps to infer sensitive user data (e.g., passwords), or private user information (e.g., identity or location) without requiring specific permissions. Nevertheless, no prior work has ever studied these side-channel attacks on iOS-based mobile devices. One reason is that iOS does not implement procfsthe most popular side-channel attack vector; hence the previously known attacks are not feasible.In this paper, we present the first study of OS-level sidechannel attacks on iOS. Specifically, we identified several new side-channel attack vectors (i.e., iOS APIs that enable cross-app information leakage); developed machine learning frameworks (i.e., classification and pattern matching) that combine multiple attack vectors to improve the accuracy of the inference attacks; demonstrated three categories of attacks that exploit these vectors and frameworks to exfiltrate sensitive user information. We have reported our findings to Apple and proposed mitigations to the attacks. Apple has incorporated some of our suggested countermeasures into iOS 11 and MacOS High Sierra 10.13 and later versions.

show abstract

“…Solutions such as WeaselBoard [38] and CPAC [10] perform runtime PLC execution monitoring using control logic and firmware-level reference monitor implementations. Most related to our paper, there have been attack and defense solutions that employ side-channel analyses to either disclose secret information (e.g., cryptographic keys [17]), or detect anomalous misbehavior (e.g., execution tracking [31]). Side channel-based attacks require selective monitoring of only execution points of interest, such as the encryption subroutines.…”

Section: Introductionmentioning

confidence: 99%

Watch Me, but Don't Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations

Han

Etigowni

Liu

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Trustworthy operation of industrial control systems depends on secure and real-time code execution on the embedded programmable logic controllers (PLCs). The controllers monitor and control the critical infrastructures, such as electric power grids and healthcare platforms, and continuously report back the system status to human operators. We present Zeus, a contactless embedded controller security monitor to ensure its execution control flow integrity. Zeus leverages the electromagnetic emission by the PLC circuitry during the execution of the controller programs. Zeus's contactless execution tracking enables non-intrusive monitoring of security-critical controllers with tight real-time constraints. Those devices often cannot tolerate the cost and performance overhead that comes with additional traditional hardware or software monitoring modules. Furthermore, Zeus provides an air-gap between the monitor (trusted computing base) and the target (potentially compromised) PLC. This eliminates the possibility of the monitor infection by the same attack vectors.Zeus monitors for control flow integrity of the PLC program execution. Zeus monitors the communications between the humanmachine interface and the PLC, and captures the control logic binary uploads to the PLC. Zeus exercises its feasible execution paths, and fingerprints their emissions using an external electromagnetic sensor. Zeus trains a neural network for legitimate PLC executions, and uses it at runtime to identify the control flow based on PLC's electromagnetic emissions. We implemented Zeus on a commercial Allen Bradley PLC, which is widely used in industry, and evaluated it on real-world control program executions. Zeus was able to distinguish between different legitimate and malicious executions with 98.9% accuracy and with zero overhead on PLC execution by design.

show abstract

ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels

Cited by 134 publications

References 50 publications

Spectre Attacks: Exploiting Speculative Execution

Spectre Attacks: Exploiting Speculative Execution

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

Watch Me, but Don't Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations

Contact Info

Product

Resources

About