fbpx
Wikipedia

Electromagnetic attack

August 31, 2023

In cryptography, electromagnetic attacks are side-channel attacks performed by measuring the electromagnetic radiation emitted from a device and performing signal analysis on it. These attacks are a more specific type of what is sometimes referred to as Van Eck phreaking, with the intention to capture encryption keys. Electromagnetic attacks are typically non-invasive and passive, meaning that these attacks are able to be performed by observing the normal functioning of the target device without causing physical damage.[1] However, an attacker may get a better signal with less noise by depackaging the chip and collecting the signal closer to the source. These attacks are successful against cryptographic implementations that perform different operations based on the data currently being processed, such as the square-and-multiply implementation of RSA. Different operations emit different amounts of radiation and an electromagnetic trace of encryption may show the exact operations being performed, allowing an attacker to retrieve full or partial private keys.

Like many other side-channel attacks, electromagnetic attacks are dependent on the specific implementation of the cryptographic protocol and not on the algorithm itself. Electromagnetic attacks are often done in conjunction with other side-channel attacks, like power analysis attacks.

Background Edit

All electronic devices emit electromagnetic radiation. Because every wire that carries current creates a magnetic field, electronic devices create some small magnetic fields when in use. These magnetic fields can unintentionally reveal information about the operation of a device if not properly designed. Because all electronic devices are affected by this phenomenon, the term ‘device’ can refer to anything from a desktop computer, to mobile phone, to a smart card.

Electromagnetic radiation Edit

Electromagnetic waves are a type of wave that originate from charged particles, are characterized by varying wavelength and are categorized along the electromagnetic spectrum. Any device that uses electricity will emit electromagnetic radiation due to the magnetic field created by charged particles moving along a medium. For example, radio waves are emitted by electricity moving along a radio transmitter, or even from a satellite.

In the case of electromagnetic side-channel attacks, attackers are often looking at electromagnetic radiation emitted by computing devices, which are made up of circuits. Electronic circuits consist of semiconducting materials upon which billions of transistors are placed. When a computer performs computations, such as encryption, electricity running through the transistors create a magnetic field and electromagnetic waves are emitted.[2][3][4]

Electromagnetic waves can be captured using an induction coil and an analog to digital converter can then sample the waves at a given clock rate and convert the trace to a digital signal to be further processed by computer.

 
An induction coil

The electronic device performing the computations is synced with a clock that is running at frequencies on the order of mega-hertz (MHz) to giga-hertz (GHz). However, due to hardware pipelining, and complexity of some instructions, some operations take multiple clock cycles to complete.[5] Therefore, it is not always necessary to sample the signal at such a high clock rate. It is often possible to get information on all or most of the operations while sampling on the order of kilo-hertz (kHz). Different devices leak information at different frequencies. For example, Intel's Atom processor will leak keys during RSA and AES encryption at frequencies between 50 MHz and 85 MHz.[6] Android version 4.4's Bouncy Castle library implementation of ECDSA is vulnerable to key extraction side channel attacks around the 50 kHz range.[7]

Signal processing Edit

 
A spectrogram showing RSA encryption and decryption. The two functions are shown as the thick purple lines in the graph, as they are concentrated at a small frequency range with very high amplitude compared to the surrounding noise.

Every operation performed by a computer emits electromagnetic radiation and different operations emit radiation at different frequencies. In electromagnetic side-channel attacks, an attacker is only interested in a few frequencies at which encryption is occurring. Signal processing is responsible for isolating these frequencies from the vast multitude of extraneous radiation and noise. To isolate certain frequencies, a bandpass filter, which blocks frequencies outside of a given range, must be applied to the electromagnetic trace. Sometimes, the attacker does not know which frequencies encryption is performed at. In this case, the trace can be represented as a spectrogram, which can help determine which frequencies are most prevalent at different points of execution. Depending on the device being attacked and the level of noise, several filters may need to be applied.

Attack methods Edit

Electromagnetic attacks can be broadly separated into simple electromagnetic analysis (SEMA) attacks and differential electromagnetic analysis (DEMA) attacks.

Simple electromagnetic analysis Edit

In simple electromagnetic analysis (SEMA) attacks, the attacker deduces the key directly by observing the trace. It is very effective against asymmetric cryptography implementations.[8] Typically, only a few traces are needed, though the attacker needs to have a strong understanding of the cryptographic device and of the implementation of the cryptographic algorithm. An implementation vulnerable to SEMA attacks will perform a different operation depending on whether the bit of the key is 0 or 1, which will use different amounts of power and/or different chip components. This method is prevalent in many different types of side-channel attacks, in particular, power analysis attacks. Thus, the attacker can observe the entire computation of encryption and can deduce the key.

For example, a common attack on asymmetric RSA relies on the fact that the encryption steps rely on the value of the key bits. Every bit is processed with a square operation and then a multiplication operation if and only if the bit is equal to 1. An attacker with a clear trace can deduce the key simply by observing where the multiplication operations are performed.

Differential electromagnetic analysis Edit

In some cases, simple electromagnetic analysis is not possible or does not provide enough information. Differential electromagnetic analysis (DEMA) attacks are more complex, but are effective against symmetric cryptography implementation, against which SEMA attacks are not.[6] Additionally unlike SEMA, DEMA attacks do not require much knowledge about the device being attacked.

Known attacks Edit

While the fact that circuits that emit high-frequency signals may leak secret information was known since 1982 by the NSA, it was classified until 2000,[9] which was right around the time that the first electromagnetic attack against encryption was shown by researchers.[10] Since then, many more complex attacks have been introduced.[which?][citation needed]

Devices Edit

Smart cards Edit

Main article: Smart card § Security
 
Smart card pinout

Smart cards, often colloquially referred to as “chip cards", were designed to provide a more secure financial transaction than a traditional credit card. They contain simple embedded integrated circuits designed to perform cryptographic functions.[11] They connect directly to a card reader which provides the power necessary to perform an encrypted financial transaction. Many side-channel attacks have been shown to be effective against smart cards because they obtain their power supply and clock directly from the card reader. By tampering with a card reader, it is simple to collect traces and perform side-channel attacks. Other works, however, have also shown that smart cards are vulnerable to electromagnetic attacks.[12][13][14]

FPGAs Edit

Main article: FPGA § Security considerations

A field-programmable gate arrays (FPGA) have been commonly used to implement cryptographic primitives in hardware to increase speed. These hardware implementations are just as vulnerable as other software based primitives. In 2005, an implementation of elliptic curve encryption was shown vulnerable to both SEMA and DEMA attacks.[15] The ARIA block cipher is a common primitive implemented with FPGAs that has been shown to leak keys.[16]

Personal computers Edit

In contrast to smart cards, which are simple devices performing a single function, personal computers are doing many things at once. Thus, it is much more difficult to perform electromagnetic side-channel attacks against them, due to high levels of noise and fast clock rates. Despite these issues, researchers in 2015 and 2016 showed attacks against a laptop using a near-field magnetic probe. The resulting signal, observed for only a few seconds, was filtered, amplified, and digitized for offline key extraction. Most attacks require expensive, lab-grade equipment, and require the attacker to be extremely close to the victim computer.[17][18] However, some researchers were able to show attacks using cheaper hardware and from distances of up to half a meter.[19] These attacks, however, required the collection of more traces than the more expensive attacks.

Smartphones Edit

Main article: smartphone

Smartphones are of particular interest for electromagnetic side-channel attacks. Since the advent of mobile phone payment systems such as Apple Pay, e-commerce systems have become increasingly commonplace. Likewise, the amount of research dedicated to mobile phone security side channel attacks has also increased.[20] Currently most attacks are proofs of concept that use expensive lab-grade signal processing equipment.[21] One of these attacks demonstrated that a commercial radio receiver could detect mobile phone leakage up to three meters away.[22]

However, attacks using low-end consumer grade equipment have also shown successful. By using an external USB sound card and an induction coil salvaged from a wireless charging pad, researchers were able to extract a user's signing key in Android's OpenSSL and Apple's CommonCrypto implementations of ECDSA.[20][21][22]

Examples of vulnerable encryption schemes Edit

Widely used theoretical encryption schemes are mathematically secure, yet this type of security does not consider their physical implementations, and thus, do not necessarily protect against side-channel attacks. Therefore, the vulnerability lies in the code itself, and it is the specific implementation that is shown to be insecure. Luckily, many of the vulnerabilities shown have since been patched. Vulnerable implementations include, but are definitely not limited to, the following:

  • Libgcrypt – cryptographic library of GnuPG, implementation of ECDH public-key encryption algorithm[18] (since patched)
  • GnuPG implementation of 4096-bit RSA[17][19] (since patched)
  • GnuPG implementation of 3072-bit ElGamal[17][19] (since patched)
  • GMP implementation of 1024-bit RSA[6]
  • OpenSSL implementation of 1024-bit RSA[6]

Feasibility Edit

The attacks described thus far have mainly focused on the use of induction to detect unintended radiation. However, the use of far-field communication technologies like that of AM radios can also be used for side-channel attacks, although no key extraction methods for far-field signal analysis have been demonstrated.[23] Therefore, a rough characterization of potential adversaries using this attack range from highly educated individuals to low to medium funded cartels. The following demonstrates a few possible scenarios:

Mobile payment systems Edit

Main article: Point of sale

Point of sale systems that accept payment from mobile phones or smart cards are vulnerable. Induction coils can be hidden on these systems to record financial transactions from smart cards or mobile phone payments. With keys extracted, a malicious attacker could forge his own card or make fraudulent charges with the private key. Belgarric et al. propose a scenario where mobile payments are performed with bitcoin transactions. Since the Android implementation of the bitcoin client uses ECDSA, the signing key can be extracted at the point of sale.[7] These types of attacks are only slightly more complex than magnetic card stripe skimmers currently used on traditional magnetic strip cards.

Wireless charging pads Edit

Many public venues such as Starbucks locations are already offering free public wireless charging pads.[24] It was previously shown that the same coils used in wireless charging can be used for detection of unintended radiation. Therefore, these charging pads pose a potential hazard. Malicious charging pads might attempt to extract keys in addition to charging a user’s phone. When coupled with packet sniffing capabilities of public Wi-Fi networks, the keys extracted could be used to perform man-in-the-middle attacks on users. If far-field attacks are discovered, an attacker only needs to point his antenna at a victim to perform these attacks; the victim need not be actively charging their phone on one of these public pads.[citation needed]

Countermeasures Edit

Several countermeasures against electromagnetic attacks have been proposed, though there is no one perfect solution. Many of the following countermeasures will make electromagnetic attacks harder, not impossible.

Physical countermeasures Edit

One of the most effective ways to prevent electromagnetic attacks is to make it difficult for an attacker to collect an electromagnetic signal at the physical level. Broadly, the hardware designer could design the encryption hardware to reduce signal strength[25] or to protect the chip. Circuit and wire shielding, such as a Faraday cage, are effective in reducing the signal, as well as filtering the signal or introducing extraneous noise to mask the signal. Additionally, most electromagnetic attacks require attacking equipment to be very close to the target, so distance is an effective countermeasure. Circuit designers can also use certain glues or design components in order to make it difficult or impossible to depackage the chip without destroying it.

Recently, white-box modeling was utilized to develop a low-overhead generic circuit-level countermeasure [26] against both electromagnetic as well as power side-channel attacks. To minimize the effects of the higher-level metal layers in an IC acting as more efficient antennas,[27] the idea is to embed the crypto core with a signature suppression circuit,[28][29] routed locally within the lower-level metal layers, leading towards both power and electromagnetic side-channel attack immunity.

Implementation countermeasures Edit

As many electromagnetic attacks, especially SEMA attacks, rely on asymmetric implementations of cryptographic algorithms, an effective countermeasure is to ensure that a given operation performed at a given step of the algorithm gives no information on the value of that bit. Randomization of the order of bit encryption, process interrupts, and clock cycle randomization, are all effective ways to make attacks more difficult.[1]

Usage in the government Edit

The classified National Security Agency program TEMPEST focuses on both the spying on systems by observing electromagnetic radiation and the securing of equipment to protect against such attacks.

The Federal Communications Commission outlines the rules regulating the unintended emissions of electronic devices in Part 15 of the Code of Federal Regulations Title 47. The FCC does not provide a certification that devices do not produce excess emissions, but instead relies on a self-verification procedure.[30]

References Edit

  1. ^ a b Koeune, F., & Standaert, F. X. (2005). A tutorial on physical security and side-channel attacks. In Foundations of Security Analysis and Design III (pp. 78–108). Springer Berlin Heidelberg.
  2. ^ Harada T, Sasaki H, Yoshio KA (1997). "Investigation on radiated emission characteristics of multilayer printed circuit boards". IEICE Transactions on Communications. 80 (11): 1645–1651.
  3. ^ Kuhn MG, Anderson RJ (April 1998). "Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations". Information Hiding. Lecture Notes in Computer Science. Vol. 1525. pp. 124–142. CiteSeerX 10.1.1.64.6982. doi:10.1007/3-540-49380-8_10. ISBN 978-3-540-65386-8.
  4. ^ Messerges TS, Dabbish EA, Sloan RH (1999). "Investigations of Power Analysis Attacks on Smartcards" (PDF). Smartcard: 151–161.
  5. ^ Gandolfi K, Mourtel C, Olivier F (May 2001). "Electromagnetic Analysis: Concrete Results". Cryptographic Hardware and Embedded Systems — CHES 2001. pp. 251–261. doi:10.1007/3-540-44709-1_21. ISBN 978-3-540-42521-2. {{cite book}}: |journal= ignored (help)
  6. ^ a b c d Do A, Ko ST, Htet AT (15 April 2013). "Electromagnetic Side-Channel Analysis on the Intel Atom Processor: A Major Qualifying Project Report" (PDF). Worcester Polytechnic Institute. {{cite journal}}: Cite journal requires |journal= (help)
  7. ^ a b Belgarric P, Fouque PA, Macario-Rat G, Tibouchi M (2016). "Side-Channel Analysis of Weierstrass and Koblitz Curve ECDSA on Android Smartphones". Topics in Cryptology - CT-RSA 2016. pp. 236–252. doi:10.1007/978-3-319-29485-8_14. ISBN 978-3-319-29484-1. {{cite book}}: |journal= ignored (help)
  8. ^ Martinasek Z, Zeman V, Trasy K (2012). "Simple electromagnetic analysis in cryptography". International Journal of Advances in Telecommunications, Electrotechnics, Signals and Systems. 1 (1): 13–19. doi:10.11601/ijates.v1i1.6.
  9. ^ NACSIM 5000 Tempest Fundamentals (Report). National Security Agency. February 1982.
  10. ^ Quisquater JJ (2000). "A new tool for non-intrusive analysis of smart cards based on electro-magnetic emissions: the SEMA and DEMA methods". Eurocrypt Rump Session.
  11. ^ "Smart Card FAQ: How do Smart Cards Work". Smart Card Alliance.
  12. ^ Samyde D, Skorobogatov S, Anderson R, Quisquater JJ (December 2002). "On a new way to read data from memory". First International IEEE Security in Storage Workshop, 2002. Proceedings. pp. 65–69. doi:10.1109/SISW.2002.1183512. ISBN 978-0-7695-1888-6. S2CID 11153044.
  13. ^ Quisquater JJ, Samyde D (2001). "ElectroMagnetic Analysis (EMA): Measures and Counter-measures for Smart Cards". Smart Card Programming and Security. Lecture Notes in Computer Science. Vol. 2140. pp. 200–210. doi:10.1007/3-540-45418-7_17. ISBN 978-3-540-42610-3.
  14. ^ Agrawal D, Archambeault B, Rao JR, Rohatgi P (2002). "The EM Side—Channel(s)". Cryptographic Hardware and Embedded Systems - CHES 2002. pp. 29–45. doi:10.1007/3-540-36400-5_4. ISBN 978-3-540-00409-7. {{cite book}}: |journal= ignored (help)
  15. ^ De Mulder E, Buysschaert P, Örs SB, Delmotte P, Preneel B, Vandenbosch G, Verbauwhede I (November 2005). "Electromagnetic Analysis Attack on an FPGA Implementation of an Elliptic Curve Cryptosystem". EUROCON 2005 - the International Conference on "Computer as a Tool". Vol. 2. pp. 1879–1882. CiteSeerX 10.1.1.104.6201. doi:10.1109/EURCON.2005.1630348. ISBN 978-1-4244-0049-2. S2CID 3800063.
  16. ^ Kim C, Schläffer M, Moon S (2008). "Differential side channel analysis attacks on FPGA implementations of ARIA". ETRI Journal. 30 (2): 315–325. doi:10.4218/etrij.08.0107.0167.
  17. ^ a b c Genkin D, Pipman I, Tromer E (2015). "Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs". Journal of Cryptographic Engineering. 5 (2): 95–112. doi:10.1007/s13389-015-0100-7. S2CID 14931217.
  18. ^ a b Genkin D, Pachmanov L, Pipman I, Tromer E (2016). "ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCS". Topics in Cryptology - CT-RSA 2016. pp. 219–235. doi:10.1007/978-3-319-29485-8_13. ISBN 978-3-319-29484-1. {{cite book}}: |journal= ignored (help)
  19. ^ a b c Genkin D, Pachmanov L, Pipman I, Tromer E (2015). "Stealing Keys from PCS Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation". Cryptographic Hardware and Embedded Systems -- CHES 2015. pp. 207–228. doi:10.1007/978-3-662-48324-4_11. ISBN 978-3-662-48323-7. {{cite book}}: |journal= ignored (help)
  20. ^ a b Kenworthy G, Rohatgi P (2012). (PDF). Archived from the original (PDF) on 2012-10-22. Retrieved 2016-05-06. {{cite journal}}: Cite journal requires |journal= (help)
  21. ^ a b Genkin D, Pachmanov L, Pipman I, Tromer E, Yarom Y (2016). "ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels" (PDF). {{cite journal}}: Cite journal requires |journal= (help)
  22. ^ a b Goller G, Sigl G (2015). "Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment". Constructive Side-Channel Analysis and Secure Design. Lecture Notes in Computer Science. Vol. 9064. pp. 255–270. doi:10.1007/978-3-319-21476-4_17. ISBN 978-3-319-21475-7.
  23. ^ Meynard O, Réal D, Guilley S, Flament F, Danger JL, Valette F (October 2010). "Characterization of the Electromagnetic Side Channel in Frequency Domain". Information Security and Cryptology. Lecture Notes in Computer Science. Vol. 6584. pp. 471–486. doi:10.1007/978-3-642-21518-6_33. ISBN 978-3-642-21517-9.
  24. ^ Boxall, Andy (10 May 2015). "Hands On: Starbucks Wireless Charging". Digital Trends. Retrieved 20 April 2016.
  25. ^ Zhou Y, Feng D (2005). "Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing" (PDF). IACR Cryptology ePrint Archive: 388.
  26. ^ Das, Debayan; Danial, Josef; Golder, Anupam; Modak, Nirmoy; Maity, Shovan; Chatterjee, Baibhab; Seo, Donghyun; Chang, Muya; Varna, Avinash; Krishnamurthy, Harish; Mathew, Sanu; Ghosh, Santosh; Raychowdhury, Arijit; Sen, Shreyas (2020). "27.3 EM and Power SCA-Resilient AES-256 in 65nm CMOS Through >350× Current-Domain Signature Attenuation". 2020 IEEE International Solid- State Circuits Conference - (ISSCC). pp. 424–426. doi:10.1109/ISSCC19947.2020.9062997. ISBN 978-1-7281-3205-1. S2CID 215800163.
  27. ^ Das, Debayan; Nath, Mayukh; Chatterjee, Baibhab; Ghosh, Santosh; Sen, Shreyas (2019). "STELLAR: A Generic EM Side-Channel Attack Protection through Ground-Up Root-cause Analysis". 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). pp. 11–20. doi:10.1109/HST.2019.8740839. ISBN 978-1-5386-8064-3. S2CID 53594941.
  28. ^ Das, Debayan; Maity, Shovan; Nasir, Saad Bin; Ghosh, Santosh; Raychowdhury, Arijit; Sen, Shreyas (2018). "ASNI: Attenuated Signature Noise Injection for Low-Overhead Power Side-Channel Attack Immunity". IEEE Transactions on Circuits and Systems I: Regular Papers. 65 (10): 3300–3311. doi:10.1109/TCSI.2018.2819499. S2CID 52161683.
  29. ^ Das, Debayan; Maity, Shovan; Nasir, Saad Bin; Ghosh, Santosh; Raychowdhury, Arijit; Sen, Shreyas (2017). "High efficiency power side-channel attack immunity using noise injection in attenuated signature domain". 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). pp. 62–67. arXiv:1703.10328. doi:10.1109/HST.2017.7951799. ISBN 978-1-5386-3929-0. S2CID 3321637.
  30. ^ "FCC Rule Part 15b". FCC certification.

August 31, 2023
electromagnetic, attack, cryptography, electromagnetic, attacks, side, channel, attacks, performed, measuring, electromagnetic, radiation, emitted, from, device, performing, signal, analysis, these, attacks, more, specific, type, what, sometimes, referred, phr. In cryptography electromagnetic attacks are side channel attacks performed by measuring the electromagnetic radiation emitted from a device and performing signal analysis on it These attacks are a more specific type of what is sometimes referred to as Van Eck phreaking with the intention to capture encryption keys Electromagnetic attacks are typically non invasive and passive meaning that these attacks are able to be performed by observing the normal functioning of the target device without causing physical damage 1 However an attacker may get a better signal with less noise by depackaging the chip and collecting the signal closer to the source These attacks are successful against cryptographic implementations that perform different operations based on the data currently being processed such as the square and multiply implementation of RSA Different operations emit different amounts of radiation and an electromagnetic trace of encryption may show the exact operations being performed allowing an attacker to retrieve full or partial private keys Like many other side channel attacks electromagnetic attacks are dependent on the specific implementation of the cryptographic protocol and not on the algorithm itself Electromagnetic attacks are often done in conjunction with other side channel attacks like power analysis attacks Contents 1 Background 1 1 Electromagnetic radiation 1 2 Signal processing 2 Attack methods 2 1 Simple electromagnetic analysis 2 2 Differential electromagnetic analysis 3 Known attacks 3 1 Devices 3 1 1 Smart cards 3 1 2 FPGAs 3 1 3 Personal computers 3 1 4 Smartphones 3 2 Examples of vulnerable encryption schemes 4 Feasibility 4 1 Mobile payment systems 4 2 Wireless charging pads 5 Countermeasures 5 1 Physical countermeasures 5 2 Implementation countermeasures 6 Usage in the government 7 ReferencesBackground EditAll electronic devices emit electromagnetic radiation Because every wire that carries current creates a magnetic field electronic devices create some small magnetic fields when in use These magnetic fields can unintentionally reveal information about the operation of a device if not properly designed Because all electronic devices are affected by this phenomenon the term device can refer to anything from a desktop computer to mobile phone to a smart card Electromagnetic radiation Edit Electromagnetic waves are a type of wave that originate from charged particles are characterized by varying wavelength and are categorized along the electromagnetic spectrum Any device that uses electricity will emit electromagnetic radiation due to the magnetic field created by charged particles moving along a medium For example radio waves are emitted by electricity moving along a radio transmitter or even from a satellite In the case of electromagnetic side channel attacks attackers are often looking at electromagnetic radiation emitted by computing devices which are made up of circuits Electronic circuits consist of semiconducting materials upon which billions of transistors are placed When a computer performs computations such as encryption electricity running through the transistors create a magnetic field and electromagnetic waves are emitted 2 3 4 Electromagnetic waves can be captured using an induction coil and an analog to digital converter can then sample the waves at a given clock rate and convert the trace to a digital signal to be further processed by computer An induction coilThe electronic device performing the computations is synced with a clock that is running at frequencies on the order of mega hertz MHz to giga hertz GHz However due to hardware pipelining and complexity of some instructions some operations take multiple clock cycles to complete 5 Therefore it is not always necessary to sample the signal at such a high clock rate It is often possible to get information on all or most of the operations while sampling on the order of kilo hertz kHz Different devices leak information at different frequencies For example Intel s Atom processor will leak keys during RSA and AES encryption at frequencies between 50 MHz and 85 MHz 6 Android version 4 4 s Bouncy Castle library implementation of ECDSA is vulnerable to key extraction side channel attacks around the 50 kHz range 7 Signal processing Edit A spectrogram showing RSA encryption and decryption The two functions are shown as the thick purple lines in the graph as they are concentrated at a small frequency range with very high amplitude compared to the surrounding noise Every operation performed by a computer emits electromagnetic radiation and different operations emit radiation at different frequencies In electromagnetic side channel attacks an attacker is only interested in a few frequencies at which encryption is occurring Signal processing is responsible for isolating these frequencies from the vast multitude of extraneous radiation and noise To isolate certain frequencies a bandpass filter which blocks frequencies outside of a given range must be applied to the electromagnetic trace Sometimes the attacker does not know which frequencies encryption is performed at In this case the trace can be represented as a spectrogram which can help determine which frequencies are most prevalent at different points of execution Depending on the device being attacked and the level of noise several filters may need to be applied Attack methods EditElectromagnetic attacks can be broadly separated into simple electromagnetic analysis SEMA attacks and differential electromagnetic analysis DEMA attacks Simple electromagnetic analysis Edit In simple electromagnetic analysis SEMA attacks the attacker deduces the key directly by observing the trace It is very effective against asymmetric cryptography implementations 8 Typically only a few traces are needed though the attacker needs to have a strong understanding of the cryptographic device and of the implementation of the cryptographic algorithm An implementation vulnerable to SEMA attacks will perform a different operation depending on whether the bit of the key is 0 or 1 which will use different amounts of power and or different chip components This method is prevalent in many different types of side channel attacks in particular power analysis attacks Thus the attacker can observe the entire computation of encryption and can deduce the key For example a common attack on asymmetric RSA relies on the fact that the encryption steps rely on the value of the key bits Every bit is processed with a square operation and then a multiplication operation if and only if the bit is equal to 1 An attacker with a clear trace can deduce the key simply by observing where the multiplication operations are performed Differential electromagnetic analysis Edit In some cases simple electromagnetic analysis is not possible or does not provide enough information Differential electromagnetic analysis DEMA attacks are more complex but are effective against symmetric cryptography implementation against which SEMA attacks are not 6 Additionally unlike SEMA DEMA attacks do not require much knowledge about the device being attacked Known attacks EditWhile the fact that circuits that emit high frequency signals may leak secret information was known since 1982 by the NSA it was classified until 2000 9 which was right around the time that the first electromagnetic attack against encryption was shown by researchers 10 Since then many more complex attacks have been introduced which citation needed Devices Edit Smart cards Edit Main article Smart card Security Smart card pinoutSmart cards often colloquially referred to as chip cards were designed to provide a more secure financial transaction than a traditional credit card They contain simple embedded integrated circuits designed to perform cryptographic functions 11 They connect directly to a card reader which provides the power necessary to perform an encrypted financial transaction Many side channel attacks have been shown to be effective against smart cards because they obtain their power supply and clock directly from the card reader By tampering with a card reader it is simple to collect traces and perform side channel attacks Other works however have also shown that smart cards are vulnerable to electromagnetic attacks 12 13 14 FPGAs Edit Main article FPGA Security considerations A field programmable gate arrays FPGA have been commonly used to implement cryptographic primitives in hardware to increase speed These hardware implementations are just as vulnerable as other software based primitives In 2005 an implementation of elliptic curve encryption was shown vulnerable to both SEMA and DEMA attacks 15 The ARIA block cipher is a common primitive implemented with FPGAs that has been shown to leak keys 16 Personal computers Edit In contrast to smart cards which are simple devices performing a single function personal computers are doing many things at once Thus it is much more difficult to perform electromagnetic side channel attacks against them due to high levels of noise and fast clock rates Despite these issues researchers in 2015 and 2016 showed attacks against a laptop using a near field magnetic probe The resulting signal observed for only a few seconds was filtered amplified and digitized for offline key extraction Most attacks require expensive lab grade equipment and require the attacker to be extremely close to the victim computer 17 18 However some researchers were able to show attacks using cheaper hardware and from distances of up to half a meter 19 These attacks however required the collection of more traces than the more expensive attacks Smartphones Edit Main article smartphone Smartphones are of particular interest for electromagnetic side channel attacks Since the advent of mobile phone payment systems such as Apple Pay e commerce systems have become increasingly commonplace Likewise the amount of research dedicated to mobile phone security side channel attacks has also increased 20 Currently most attacks are proofs of concept that use expensive lab grade signal processing equipment 21 One of these attacks demonstrated that a commercial radio receiver could detect mobile phone leakage up to three meters away 22 However attacks using low end consumer grade equipment have also shown successful By using an external USB sound card and an induction coil salvaged from a wireless charging pad researchers were able to extract a user s signing key in Android s OpenSSL and Apple s CommonCrypto implementations of ECDSA 20 21 22 Examples of vulnerable encryption schemes Edit Widely used theoretical encryption schemes are mathematically secure yet this type of security does not consider their physical implementations and thus do not necessarily protect against side channel attacks Therefore the vulnerability lies in the code itself and it is the specific implementation that is shown to be insecure Luckily many of the vulnerabilities shown have since been patched Vulnerable implementations include but are definitely not limited to the following Libgcrypt cryptographic library of GnuPG implementation of ECDH public key encryption algorithm 18 since patched GnuPG implementation of 4096 bit RSA 17 19 since patched GnuPG implementation of 3072 bit ElGamal 17 19 since patched GMP implementation of 1024 bit RSA 6 OpenSSL implementation of 1024 bit RSA 6 Feasibility EditThe attacks described thus far have mainly focused on the use of induction to detect unintended radiation However the use of far field communication technologies like that of AM radios can also be used for side channel attacks although no key extraction methods for far field signal analysis have been demonstrated 23 Therefore a rough characterization of potential adversaries using this attack range from highly educated individuals to low to medium funded cartels The following demonstrates a few possible scenarios Mobile payment systems Edit Main article Point of sale Point of sale systems that accept payment from mobile phones or smart cards are vulnerable Induction coils can be hidden on these systems to record financial transactions from smart cards or mobile phone payments With keys extracted a malicious attacker could forge his own card or make fraudulent charges with the private key Belgarric et al propose a scenario where mobile payments are performed with bitcoin transactions Since the Android implementation of the bitcoin client uses ECDSA the signing key can be extracted at the point of sale 7 These types of attacks are only slightly more complex than magnetic card stripe skimmers currently used on traditional magnetic strip cards Wireless charging pads Edit Many public venues such as Starbucks locations are already offering free public wireless charging pads 24 It was previously shown that the same coils used in wireless charging can be used for detection of unintended radiation Therefore these charging pads pose a potential hazard Malicious charging pads might attempt to extract keys in addition to charging a user s phone When coupled with packet sniffing capabilities of public Wi Fi networks the keys extracted could be used to perform man in the middle attacks on users If far field attacks are discovered an attacker only needs to point his antenna at a victim to perform these attacks the victim need not be actively charging their phone on one of these public pads citation needed Countermeasures EditSeveral countermeasures against electromagnetic attacks have been proposed though there is no one perfect solution Many of the following countermeasures will make electromagnetic attacks harder not impossible Physical countermeasures Edit One of the most effective ways to prevent electromagnetic attacks is to make it difficult for an attacker to collect an electromagnetic signal at the physical level Broadly the hardware designer could design the encryption hardware to reduce signal strength 25 or to protect the chip Circuit and wire shielding such as a Faraday cage are effective in reducing the signal as well as filtering the signal or introducing extraneous noise to mask the signal Additionally most electromagnetic attacks require attacking equipment to be very close to the target so distance is an effective countermeasure Circuit designers can also use certain glues or design components in order to make it difficult or impossible to depackage the chip without destroying it Recently white box modeling was utilized to develop a low overhead generic circuit level countermeasure 26 against both electromagnetic as well as power side channel attacks To minimize the effects of the higher level metal layers in an IC acting as more efficient antennas 27 the idea is to embed the crypto core with a signature suppression circuit 28 29 routed locally within the lower level metal layers leading towards both power and electromagnetic side channel attack immunity Implementation countermeasures Edit As many electromagnetic attacks especially SEMA attacks rely on asymmetric implementations of cryptographic algorithms an effective countermeasure is to ensure that a given operation performed at a given step of the algorithm gives no information on the value of that bit Randomization of the order of bit encryption process interrupts and clock cycle randomization are all effective ways to make attacks more difficult 1 Usage in the government EditThe classified National Security Agency program TEMPEST focuses on both the spying on systems by observing electromagnetic radiation and the securing of equipment to protect against such attacks The Federal Communications Commission outlines the rules regulating the unintended emissions of electronic devices in Part 15 of the Code of Federal Regulations Title 47 The FCC does not provide a certification that devices do not produce excess emissions but instead relies on a self verification procedure 30 References Edit a b Koeune F amp Standaert F X 2005 A tutorial on physical security and side channel attacks In Foundations of Security Analysis and Design III pp 78 108 Springer Berlin Heidelberg Harada T Sasaki H Yoshio KA 1997 Investigation on radiated emission characteristics of multilayer printed circuit boards IEICE Transactions on Communications 80 11 1645 1651 Kuhn MG Anderson RJ April 1998 Soft Tempest Hidden Data Transmission Using Electromagnetic Emanations Information Hiding Lecture Notes in Computer Science Vol 1525 pp 124 142 CiteSeerX 10 1 1 64 6982 doi 10 1007 3 540 49380 8 10 ISBN 978 3 540 65386 8 Messerges TS Dabbish EA Sloan RH 1999 Investigations of Power Analysis Attacks on Smartcards PDF Smartcard 151 161 Gandolfi K Mourtel C Olivier F May 2001 Electromagnetic Analysis Concrete Results Cryptographic Hardware and Embedded Systems CHES 2001 pp 251 261 doi 10 1007 3 540 44709 1 21 ISBN 978 3 540 42521 2 a href Template Cite book html title Template Cite book cite book a journal ignored help a b c d Do A Ko ST Htet AT 15 April 2013 Electromagnetic Side Channel Analysis on the Intel Atom Processor A Major Qualifying Project Report PDF Worcester Polytechnic Institute a href Template Cite journal html title Template Cite journal cite journal a Cite journal requires journal help a b Belgarric P Fouque PA Macario Rat G Tibouchi M 2016 Side Channel Analysis of Weierstrass and Koblitz Curve ECDSA on Android Smartphones Topics in Cryptology CT RSA 2016 pp 236 252 doi 10 1007 978 3 319 29485 8 14 ISBN 978 3 319 29484 1 a href Template Cite book html title Template Cite book cite book a journal ignored help Martinasek Z Zeman V Trasy K 2012 Simple electromagnetic analysis in cryptography International Journal of Advances in Telecommunications Electrotechnics Signals and Systems 1 1 13 19 doi 10 11601 ijates v1i1 6 NACSIM 5000 Tempest Fundamentals Report National Security Agency February 1982 Quisquater JJ 2000 A new tool for non intrusive analysis of smart cards based on electro magnetic emissions the SEMA and DEMA methods Eurocrypt Rump Session Smart Card FAQ How do Smart Cards Work Smart Card Alliance Samyde D Skorobogatov S Anderson R Quisquater JJ December 2002 On a new way to read data from memory First International IEEE Security in Storage Workshop 2002 Proceedings pp 65 69 doi 10 1109 SISW 2002 1183512 ISBN 978 0 7695 1888 6 S2CID 11153044 Quisquater JJ Samyde D 2001 ElectroMagnetic Analysis EMA Measures and Counter measures for Smart Cards Smart Card Programming and Security Lecture Notes in Computer Science Vol 2140 pp 200 210 doi 10 1007 3 540 45418 7 17 ISBN 978 3 540 42610 3 Agrawal D Archambeault B Rao JR Rohatgi P 2002 The EM Side Channel s Cryptographic Hardware and Embedded Systems CHES 2002 pp 29 45 doi 10 1007 3 540 36400 5 4 ISBN 978 3 540 00409 7 a href Template Cite book html title Template Cite book cite book a journal ignored help De Mulder E Buysschaert P Ors SB Delmotte P Preneel B Vandenbosch G Verbauwhede I November 2005 Electromagnetic Analysis Attack on an FPGA Implementation of an Elliptic Curve Cryptosystem EUROCON 2005 the International Conference on Computer as a Tool Vol 2 pp 1879 1882 CiteSeerX 10 1 1 104 6201 doi 10 1109 EURCON 2005 1630348 ISBN 978 1 4244 0049 2 S2CID 3800063 Kim C Schlaffer M Moon S 2008 Differential side channel analysis attacks on FPGA implementations of ARIA ETRI Journal 30 2 315 325 doi 10 4218 etrij 08 0107 0167 a b c Genkin D Pipman I Tromer E 2015 Get your hands off my laptop Physical side channel key extraction attacks on PCs Journal of Cryptographic Engineering 5 2 95 112 doi 10 1007 s13389 015 0100 7 S2CID 14931217 a b Genkin D Pachmanov L Pipman I Tromer E 2016 ECDH Key Extraction via Low Bandwidth Electromagnetic Attacks on PCS Topics in Cryptology CT RSA 2016 pp 219 235 doi 10 1007 978 3 319 29485 8 13 ISBN 978 3 319 29484 1 a href Template Cite book html title Template Cite book cite book a journal ignored help a b c Genkin D Pachmanov L Pipman I Tromer E 2015 Stealing Keys from PCS Using a Radio Cheap Electromagnetic Attacks on Windowed Exponentiation Cryptographic Hardware and Embedded Systems CHES 2015 pp 207 228 doi 10 1007 978 3 662 48324 4 11 ISBN 978 3 662 48323 7 a href Template Cite book html title Template Cite book cite book a journal ignored help a b Kenworthy G Rohatgi P 2012 Mobile Device Security The case for side channel resistance PDF Archived from the original PDF on 2012 10 22 Retrieved 2016 05 06 a href Template Cite journal html title Template Cite journal cite journal a Cite journal requires journal help a b Genkin D Pachmanov L Pipman I Tromer E Yarom Y 2016 ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels PDF a href Template Cite journal html title Template Cite journal cite journal a Cite journal requires journal help a b Goller G Sigl G 2015 Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment Constructive Side Channel Analysis and Secure Design Lecture Notes in Computer Science Vol 9064 pp 255 270 doi 10 1007 978 3 319 21476 4 17 ISBN 978 3 319 21475 7 Meynard O Real D Guilley S Flament F Danger JL Valette F October 2010 Characterization of the Electromagnetic Side Channel in Frequency Domain Information Security and Cryptology Lecture Notes in Computer Science Vol 6584 pp 471 486 doi 10 1007 978 3 642 21518 6 33 ISBN 978 3 642 21517 9 Boxall Andy 10 May 2015 Hands On Starbucks Wireless Charging Digital Trends Retrieved 20 April 2016 Zhou Y Feng D 2005 Side Channel Attacks Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing PDF IACR Cryptology ePrint Archive 388 Das Debayan Danial Josef Golder Anupam Modak Nirmoy Maity Shovan Chatterjee Baibhab Seo Donghyun Chang Muya Varna Avinash Krishnamurthy Harish Mathew Sanu Ghosh Santosh Raychowdhury Arijit Sen Shreyas 2020 27 3 EM and Power SCA Resilient AES 256 in 65nm CMOS Through gt 350 Current Domain Signature Attenuation 2020 IEEE International Solid State Circuits Conference ISSCC pp 424 426 doi 10 1109 ISSCC19947 2020 9062997 ISBN 978 1 7281 3205 1 S2CID 215800163 Das Debayan Nath Mayukh Chatterjee Baibhab Ghosh Santosh Sen Shreyas 2019 STELLAR A Generic EM Side Channel Attack Protection through Ground Up Root cause Analysis 2019 IEEE International Symposium on Hardware Oriented Security and Trust HOST pp 11 20 doi 10 1109 HST 2019 8740839 ISBN 978 1 5386 8064 3 S2CID 53594941 Das Debayan Maity Shovan Nasir Saad Bin Ghosh Santosh Raychowdhury Arijit Sen Shreyas 2018 ASNI Attenuated Signature Noise Injection for Low Overhead Power Side Channel Attack Immunity IEEE Transactions on Circuits and Systems I Regular Papers 65 10 3300 3311 doi 10 1109 TCSI 2018 2819499 S2CID 52161683 Das Debayan Maity Shovan Nasir Saad Bin Ghosh Santosh Raychowdhury Arijit Sen Shreyas 2017 High efficiency power side channel attack immunity using noise injection in attenuated signature domain 2017 IEEE International Symposium on Hardware Oriented Security and Trust HOST pp 62 67 arXiv 1703 10328 doi 10 1109 HST 2017 7951799 ISBN 978 1 5386 3929 0 S2CID 3321637 FCC Rule Part 15b FCC certification Retrieved from https en wikipedia org w index php title Electromagnetic attack amp oldid 1171914935, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.