Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs

Genkin, Daniel; Pipman, Itamar; Tromer, Eran

doi:10.1007/978-3-662-44709-3_14

Cited by 75 publications

(55 citation statements)

References 16 publications

(24 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Emanations of interest have been shown at the USB port [30] and through the power outlet [12]. Recently, low-bandwidth physical side-channel key-extraction attacks on PCs were demonstrated [20,21], utilizing various physical channels. These last two works presented two different lowbandwidth attacks, with different equipment and attack time requirements:…”

Section: Overviewmentioning

confidence: 99%

“…See Table 1 for a comparison. Another limitation of [20,21] is that they target the square-and-multiply algorithm. These attacks do not work for sliding-window or fixed-window exponentiation, used in most RSA and ElGamal implementations nowadays.…”

Section: Overviewmentioning

confidence: 99%

“…Similarly to [20,21], this work targets commodity laptop computers. We have tested numerous laptops of various models and makes.…”

Section: Vulnerable Software and Hardwarementioning

confidence: 99%

“…1 GnuPG 2.1 (developed in parallel to GnuPG 1.x), as well as its underlying cryptographic library, libgcrypt (version 1.6.2), utilize very similar cryptographic codes and thus may also be vulnerable to our attack. Following past attacks [20,21], GnuPG uses ciphertext randomization for RSA (but not for ElGamal; see Sect. 4).…”

Section: Vulnerable Software and Hardwarementioning

confidence: 99%

See 3 more Smart Citations

Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation

Genkin

Pachmanov

Pipman

et al. 2015

Lecture Notes in Computer Science

Self Cite

118

View full text Add to dashboard Cite

We present new side-channel attacks on RSA and ElGamal implementations that use sliding-window or fixed-window (m-ary) modular exponentiation. The attacks extract decryption keys using a very low measurement bandwidth (a frequency band of less than 100 kHz around a carrier under 2 MHz) even when attacking multi-GHz CPUs.We demonstrate the attacks' feasibility by extracting keys from GnuPG (unmodified ElGamal and non-blinded RSA), within seconds, using a nonintrusive measurement of electromagnetic emanations from laptop computers. The measurement equipment is cheap and compact, uses readily-available components (a Software Defined Radio USB dongle or a consumer-grade radio receiver), and can operate untethered while concealed, e.g., inside pita bread.The attacks use a few non-adaptive chosen ciphertexts, crafted so that whenever the decryption routine encounters particular bit patterns in the secret key, intermediate values occur with a special structure that causes observable fluctuations in the electromagnetic field. Through suitable signal processing and cryptanalysis, the bit patterns and eventually the whole secret key are recovered.

show abstract

Section: Overviewmentioning

confidence: 99%

Section: Overviewmentioning

confidence: 99%

“…Similarly to [20,21], this work targets commodity laptop computers. We have tested numerous laptops of various models and makes.…”

Section: Vulnerable Software and Hardwarementioning

confidence: 99%

Section: Vulnerable Software and Hardwarementioning

confidence: 99%

See 2 more Smart Citations

Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation

Genkin

Pachmanov

Pipman

et al. 2015

Lecture Notes in Computer Science

Self Cite

118

View full text Add to dashboard Cite

show abstract

“…Side-channels infer secrets (e.g. cryptographic keys) by observing power consumption [8,20,25,27], sound [5,12,33], electromagnetic (EM) emanations [2,17,24], behavior under faults [9,19], and performance of shared caches [6,36,38], instruction caches, branch predictors [1], etc. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage, and that copies bear this notice and the full citation on the first page.…”

Section: Introductionmentioning

confidence: 99%

Fase

Callan

Zajić

Prvulovic

2015

Proceedings of the 42nd Annual International Symposium on Computer Architecture

View full text Add to dashboard Cite

While all computation generates electromagnetic (EM) side-channel signals, some of the strongest and farthestpropagating signals are created when an existing strong periodic signal (e.g. a clock signal) becomes stronger or weaker (amplitude-modulated) depending on processor or memory activity. However, modern systems create emanations at thousands of different frequencies, so it is a difficult, error-prone, and time-consuming task to find those few emanations that are AM-modulated by processor/memory activity. This paper presents a methodology for rapidly finding such activity-modulated signals. This method creates recognizable spectral patterns generated by specially designed microbenchmarks and then processes the recorded spectra to identify signals that exhibit amplitude-modulation behavior. We apply this method to several computer systems and find several such modulated signals. To illustrate how our methodology can benefit side-channel security research and practice, we also identify the physical mechanisms behind those signals, and find that the strongest signals are created by voltage regulators, memory refreshes, and DRAM clocks. Our results indicate that each signal may carry unique information about system activity, potentially enhancing an attacker's capability to extract sensitive information. We also confirm that our methodology correctly separates emanated signals that are affected by specific processor or memory activities from those that are not.

show abstract

On the Suitability of Using SGX for Secure Key Storage in the Cloud

Brorsson

Bideh

Nilsson

et al. 2020

Trust, Privacy and Security in Digital Business

View full text Add to dashboard Cite

This paper addresses the need for secure storage in virtualized services running in the cloud. To this purpose, we evaluate the security properties of Intel's Software Guard Extensions (SGX) technology, which provides hardware protection for general applications, for securing virtual Hardware Security Modules (vHSM). In order for the analysis to be comparable with analyses of physical HSMs, the evaluation proceeds from the FIPS 140-3 standard, the successor to FIPS 140-2, which is commonly used to assess security properties of HSMs. We first make an evaluation using the FIPS 140-3 standard as is. After noting that the standard is designed for a stand-alone system rather than a virtual system, we propose a supplementary threat model, which can consider threats from different actors separately. This model allows for different levels of trust in actors with different capabilities and can thus be used to assess which parts of FIPS 140-3 that should be considered for a specific attacker. Using FIPS 140-3 in combination with the threat model, we find that SGX enclaves provides sufficient protection against a large part of the potential actors in the cloud. Thus, depending on the threat model, SGX can be a helpful tool for providing secure storage for virtualized services.

show abstract

Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs

Cited by 75 publications

References 16 publications

Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation

Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation

Fase

On the Suitability of Using SGX for Secure Key Storage in the Cloud

Contact Info

Product

Resources

About