ElectroMagnetic analysis (EMA) of software AES on Java mobile phones

Aboulkassimi, Driss; Agoyan, Michel; Freund, L.; Fournier, Jacques; Robisson, Bruno; Tria, Assia

doi:10.1109/wifs.2011.6123131

Cited by 19 publications

(23 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Starting with iOS 9, Com-monCrypto uses a new EC implementation, including sidechannel mitigation techniques such as operand-independent control flow and Montgomery-ladder multiplication. 5 Our current attacks are not applicable to this new EC implementation, and we have no evidence that it is vulnerable. CoreBitcoin.…”

Section: Discussionmentioning

confidence: 85%

“…Key-Extraction Side-Channel Attacks on Phones. High bandwidth electromagnetic attacks (sampling at clockrate speeds) on symmetric ciphers were demonstrated by Aboulkassimi et al [5] on Java-based feature-phones. Attacks at clock-rate frequencies on public key cryptography were also recently demonstrated by Goller and Sigl [33] on Android smartphones running a naive square-and-sometimesmultiply RSA, with the phone's shielding plate often removed.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels

Genkin

Pachmanov

Pipman

et al. 2016

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

134

View full text Add to dashboard Cite

We show that elliptic-curve cryptography implementations on mobile devices are vulnerable to electromagnetic and power side-channel attacks. We demonstrate full extraction of ECDSA secret signing keys from OpenSSL and CoreBitcoin running on iOS devices, and partial key leakage from OpenSSL running on Android and from iOS's Common-Crypto. These non-intrusive attacks use a simple magnetic probe placed in proximity to the device, or a power probe on the phone's USB cable. They use a bandwidth of merely a few hundred kHz, and can be performed cheaply using an audio card and an improvised magnetic probe. * The authors thank Noam Nissan for programming and lab support during the course of this research.

show abstract

Section: Discussionmentioning

confidence: 85%

Section: Related Workmentioning

confidence: 99%

ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels

Genkin

Pachmanov

Pipman

et al. 2016

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

134

View full text Add to dashboard Cite

show abstract

“…Attacks were performed in the last few years on advanced system. In [8], Aboulkassimi et al attacked a software implementation of AES under JAVA ME using EM measures. In [9], Longo et al added an OS and attacked a SoC running under Debian to extract AES encryption key exploiting electro-1 https://dx.doi.org/10.1145/3304080.3304084 Authors' version Proceedings of the Sixth Workshop on Cryptography and Security in Computing Systems CS2 2019 magnetic emanations.…”

Section: Previous Attacks On Socmentioning

confidence: 99%

Comparison of side-channel leakage on Rich and Trusted Execution Environments

Leignac

Potin

Rigaud

et al. 2019

Proceedings of the Sixth Workshop on Cryptography and Security in Computing Systems

View full text Add to dashboard Cite

A Trusted Execution Environment (TEE) is a software solution made to improve security inside system on chip (SoC) based on ARM architecture. It offers a compromise between the functionality of the Rich Operating System (Rich OS), for example Android, and the security of a Secure Element (SE). ARM TrustZone separates the SoC between two worlds (Normal World and Secure World). The Trusted OS (the OS on the TEE) has several security mechanisms that isolate and secure its execution and data from the Rich OS and save it from data theft. If these mechanisms are made to prevent software attack from Rich OS, this paper proposes to take a look at the identification of data leakage from a TEE facing physical attack. In particular, how a side-channel analysis on electromagnetic (EM) emissions using the Test Vector Leakage Assessment (TVLA) methodology permits to identify the leakage and a correlation electromagnetic analysis (CEMA) can exploit the results.

show abstract

“…Aboulkassimi et al [29] performed an EM attack on symmetric ciphers by capturing signals at the device clock rate on a Java based cellphone. However, they placed a MicroSD extension cable to the MicroSD card to extract EM information.…”

Section: Electromagnetic Attacksmentioning

confidence: 99%

“…In addition, the research in [34] recently demonstrated the ability to recover partial (12 out of the 16 subkeys) AES-128 cryptographic keys from a Raspberry Pi. As it is a new field the research [27][28][29][30][31][32][33][34] has followed attacks introduced by targeting smartcards, RFID tags, FPGAs and microcontrollers. However, each attack against these higher frequency devices had different approaches with regards to recovery EM information and applying digital filtering techniques to recover sensitive information.…”

Section: Electromagnetic Attacksmentioning

confidence: 99%

Developing an Electromagnetic Noise Generator to Protect a Raspberry PI from Side Channel Analysis

Frieslaar

Irwin

2018

SAIEE Afr. Res. J.

View full text Add to dashboard Cite

This research investigates the Electromagnetic (EM) side channel leakage of a Raspberry Pi 2 B+. An evaluation is performed on the EM leakage as the device executes the AES-128 cryptographic algorithm contained in the libcrypto++ library in a threaded environment. Four multi-threaded implementations are evaluated. These implementations are Portable Operating System Interface Threads, C++11 threads, Threading Building Blocks, and OpenMP threads. It is demonstrated that the various thread techniques have distinct variations in frequency and shape as EM emanations are leaked from the Raspberry Pi. It is demonstrated that the AES-128 cryptographic implementation within the libcrypto++ library on a Raspberry Pi is vulnerable to Side Channel Analysis (SCA) attacks. The cryptographic process was seen visibly within the EM spectrum and the data for this process was extracted where digital filtering techniques was applied to the signal. The resultant data was utilised in the Differential Electromagnetic Analysis (DEMA) attack and the results revealed 16 sub-keys that are required to recover the full AES-128 secret key. Based on this discovery, this research introduced a multi-threading approach with the utilisation of Secure Hash Algorithm (SHA) to serve as a software based countermeasure to mitigate SCA attacks. The proposed countermeasure known as the FRIES noise generator executed as a Daemon and generated EM noise that was able to hide the cryptographic implementations and prevent the DEMA attack and other statistical analysis.

show abstract

ElectroMagnetic analysis (EMA) of software AES on Java mobile phones

Cited by 19 publications

References 8 publications

ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels

ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels

Comparison of side-channel leakage on Rich and Trusted Execution Environments

Developing an Electromagnetic Noise Generator to Protect a Raspberry PI from Side Channel Analysis

Contact Info

Product

Resources

About