ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2016-10-24 DOI:10.1145/2976749.2978353

Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, Y. Yarom

引用次数: 162

Abstract

We show that elliptic-curve cryptography implementations on mobile devices are vulnerable to electromagnetic and power side-channel attacks. We demonstrate full extraction of ECDSA secret signing keys from OpenSSL and CoreBitcoin running on iOS devices, and partial key leakage from OpenSSL running on Android and from iOS's CommonCrypto. These non-intrusive attacks use a simple magnetic probe placed in proximity to the device, or a power probe on the phone's USB cable. They use a bandwidth of merely a few hundred kHz, and can be performed cheaply using an audio card and an improvised magnetic probe.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

通过非侵入性物理侧通道从移动设备中提取ECDSA密钥

我们证明了椭圆曲线加密在移动设备上的实现容易受到电磁和功率侧信道攻击。我们演示了从运行在iOS设备上的OpenSSL和CoreBitcoin中完全提取ECDSA秘密签名密钥，以及在Android上运行的OpenSSL和iOS的CommonCrypto中部分密钥泄漏。这些非侵入式攻击使用放置在设备附近的简单磁探头，或在手机的USB电缆上的电源探头。它们使用的带宽只有几百千赫，并且可以用一张声卡和一个临时制作的磁探头来廉价地完成。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

自引率

0.00%

发文量

期刊最新文献

∑oφoς: Forward Secure Searchable Encryption Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition Message-Recovery Attacks on Feistel-Based Format Preserving Encryption iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR