Side-Channel Analysis of Weierstrass and Koblitz Curve ECDSA on Android Smartphones

Belgarric, Pierre; Fouque, Pierre-Alain; Macario-Rat, Gilles; Tibouchi, Mehdi

doi:10.1007/978-3-319-29485-8_14

Cited by 31 publications

(33 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We will show how this monitoring app can utilize some OS-level sidechannel attack vectors on iOS (to be discussed shortly) to breach user privacy. Out of the scope are CPU cache side channels [66], electronic magnetic side channels [24], [39], [40], and mobile sensor based side channels [50], [52], [53], [57]. As they explore leakage through micro-architectures, electronic magnetic emission, or device orientation, which are not specific to iOS.…”

Section: A Threat Modelmentioning

confidence: 99%

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

Zhang¹,

Wang²,

Bai³

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-It has been demonstrated in numerous previous studies that Android and its underlying Linux operating systems do not properly isolate mobile apps to prevent cross-app sidechannel attacks. Cross-app information leakage enables malicious Android apps to infer sensitive user data (e.g., passwords), or private user information (e.g., identity or location) without requiring specific permissions. Nevertheless, no prior work has ever studied these side-channel attacks on iOS-based mobile devices. One reason is that iOS does not implement procfsthe most popular side-channel attack vector; hence the previously known attacks are not feasible.In this paper, we present the first study of OS-level sidechannel attacks on iOS. Specifically, we identified several new side-channel attack vectors (i.e., iOS APIs that enable cross-app information leakage); developed machine learning frameworks (i.e., classification and pattern matching) that combine multiple attack vectors to improve the accuracy of the inference attacks; demonstrated three categories of attacks that exploit these vectors and frameworks to exfiltrate sensitive user information. We have reported our findings to Apple and proposed mitigations to the attacks. Apple has incorporated some of our suggested countermeasures into iOS 11 and MacOS High Sierra 10.13 and later versions.

show abstract

Section: A Threat Modelmentioning

confidence: 99%

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

Zhang¹,

Wang²,

Bai³

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Hitherto the research community has focused on SCA attacks based on smartcards, RFID tags, FPGAs and microcontrollers, particularly by analysing electromagnetic (EM) emissions [11,24,25]. In more recent years the research community began to target the vulnerabilities of high powered devices such as laptops and smartphones to SCA attacks [26][27][28]. The focus of this research is on the Raspberry Pi 2B+, which is a higher frequency device as mentioned in Section 1., that has been selected as it is readily available, widely used and on occasions used in the role of a PLCs [12].…”

Section: Electromagnetic Attacksmentioning

confidence: 99%

“…Belgarric et al [27] and Genkin et al [28] concurrently demonstrated successful attacks on the Elliptic Curve Digital Signature Algorithm (ECDSA) implementation of Android's BouncyCastle library. A minor difference found in the two studies was that the work of Belgarric et al was intrusive as they placed the magnetic probe inside the smartphone where as Genkin et al was non-intrusive and placed the magnetic probe in close proximity of the device.…”

Section: Electromagnetic Attacksmentioning

confidence: 99%

“…In addition, the research in [34] recently demonstrated the ability to recover partial (12 out of the 16 subkeys) AES-128 cryptographic keys from a Raspberry Pi. As it is a new field the research [27][28][29][30][31][32][33][34] has followed attacks introduced by targeting smartcards, RFID tags, FPGAs and microcontrollers. However, each attack against these higher frequency devices had different approaches with regards to recovery EM information and applying digital filtering techniques to recover sensitive information.…”

Section: Electromagnetic Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Developing an Electromagnetic Noise Generator to Protect a Raspberry PI from Side Channel Analysis

Frieslaar

Irwin

2018

SAIEE Afr. Res. J.

View full text Add to dashboard Cite

This research investigates the Electromagnetic (EM) side channel leakage of a Raspberry Pi 2 B+. An evaluation is performed on the EM leakage as the device executes the AES-128 cryptographic algorithm contained in the libcrypto++ library in a threaded environment. Four multi-threaded implementations are evaluated. These implementations are Portable Operating System Interface Threads, C++11 threads, Threading Building Blocks, and OpenMP threads. It is demonstrated that the various thread techniques have distinct variations in frequency and shape as EM emanations are leaked from the Raspberry Pi. It is demonstrated that the AES-128 cryptographic implementation within the libcrypto++ library on a Raspberry Pi is vulnerable to Side Channel Analysis (SCA) attacks. The cryptographic process was seen visibly within the EM spectrum and the data for this process was extracted where digital filtering techniques was applied to the signal. The resultant data was utilised in the Differential Electromagnetic Analysis (DEMA) attack and the results revealed 16 sub-keys that are required to recover the full AES-128 secret key. Based on this discovery, this research introduced a multi-threading approach with the utilisation of Secure Hash Algorithm (SHA) to serve as a software based countermeasure to mitigate SCA attacks. The proposed countermeasure known as the FRIES noise generator executed as a Daemon and generated EM noise that was able to hide the cryptographic implementations and prevent the DEMA attack and other statistical analysis.

show abstract

“…The RFC is intended to prevent use of curves which have inherent side-channel leakage weaknesses. Classical side-channel attacks against such poor ECC implementations are published regularly, e.g., [1] and [6].…”

Section: Introductionmentioning

confidence: 99%

When Constant-Time Source Yields Variable-Time Binary: Exploiting Curve25519-donna Built with MSVC 2015

Kaufmann

Pelletier

Vaudenay

et al. 2016

Cryptology and Network Security

View full text Add to dashboard Cite

Abstract. The elliptic curve Curve25519 has been presented as protected against state-of-the-art timing-attacks [2]. This paper shows that a timing attack is still achievable against a particular X25519 implementation which follows the RFC 4 7748 requirements [10]. The attack allows the retrieval of the complete private key used in the ECDH protocol. This is achieved due to timing leakage during Montgomery ladder execution and relies on a conditional branch in the Windows runtime library 2015. The attack can be applied remotely.

show abstract

Side-Channel Analysis of Weierstrass and Koblitz Curve ECDSA on Android Smartphones

Cited by 31 publications

References 19 publications

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

Developing an Electromagnetic Noise Generator to Protect a Raspberry PI from Side Channel Analysis

When Constant-Time Source Yields Variable-Time Binary: Exploiting Curve25519-donna Built with MSVC 2015

Contact Info

Product

Resources

About