אני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים

Transcription

1 אני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים I Know What You Did Last Decryption: Side Channel Attacks on PCs Lev Pachmanov Tel Aviv University Daniel Genkin Technion and Tel Aviv University joint work with Itamar Pipman Adi Shamir Tel Aviv University Weizmann Institute of Science Eran Tromer Tel Aviv University Cryptoday December

2 Side channel attacks 2

3 Side channel attacks 3

4 Side channel attacks 4 electromagnetic

5 Side channel attacks 5 probing electromagnetic

6 Side channel attacks 6 probing power electromagnetic

7 Side channel attacks 7 probing optical power electromagnetic

8 Side channel attacks 8 probing CPU architecture optical power electromagnetic

9 Side channel attacks 9 probing CPU architecture optical power electromagnetic acoustic

10 Side channel attacks probing CPU architecture optical power 10 electromagnetic chassis potential acoustic

11 Side channel attack example 13

12 Side channel attack example MHz

13 Side channel attack example MHz

14 Side channel attack example MHz

15 Side channel attack example MHz 400MHz

16 Side channel attack example 18 Trigger decryption 100MHz 400MHz

17 Side channel attack example 19 Trigger decryption 100MHz 400MHz Obtain traces

18 Side channel attack example 20 Trigger decryption 100MHz 400MHz Obtain traces

19 Traditional side channel attacks methodology Grab/borrow/steal device

20 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction for i= sqr( ) if key[i]=1 mul( ) 22

21 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) for i= sqr( ) if key[i]=1 mul( ) 23

22 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces for i= sqr( ) if key[i]=1 mul( ) 24

23 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis for i= sqr( ) if key[i]=1 mul( ) 25

24 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key for i= sqr( ) if key[i]=1 mul( ) 26

25 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key for i= sqr( ) if key[i]=1 mul( ) Hard for PCs 27

26 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key Hard for PCs 28

27 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key Not handed out vs. Hard for PCs 29

28 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key Not handed out vs. Measuring a 2GHz PC requires expansive and bulky equipment (compared to a 100 MHz smart card) Hard for PCs vs. 1,000$ ,000$

29 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key 31 Complex electronics running complicated software Hard for (in PCs parallel) vs. Not handed out vs. Measuring a 2GHz PC requires expansive and bulky equipment (compared to a 100 MHz smart card) 100,000$ vs. 1,000$

30 32 New channel: chassis potential

31 33 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, )

32 34 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, )

33 35 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground.

34 36 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. Computation

35 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects Computation currents and EM fields 37

36 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to Computation currents and EM fields device ground 38

37 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 39

38 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 40

39 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 41

40 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 42

41 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 43

42 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 44

43 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 45

44 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 46

45 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 47

46 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 48

47 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 49

48 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 50

49 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis Key =

50 Connecting to the chassis 52

51 Connecting to the chassis 53

52 Connecting to the chassis 54

53 Connecting to the chassis 55

54 Connecting to the chassis 56

55 Connecting to the chassis 57

56 Connecting to the chassis 58

57 Connecting to the chassis 59

58 Connecting to the chassis 60

59 Demo: distinguishing instructions Key =

60 Distinguishing various CPU operations 62 time (10 sec) frequency (2-2.3 MHz)

61 Our results Channels for attacking PCs Ground potential (chassis and others) Power Electromagnetic 63

62 Our results Channels for attacking PCs Ground potential (chassis and others) Power Electromagnetic Exploited via low-bandwidth cryptanalytic attacks Adaptive attack (50 khz bandwidth) [Genkin Shamir Tromer 14] Non-adaptive attack (1.5 MHz bandwidth) 64

63 Our results Channels for attacking PCs Ground potential (chassis and others) Power Electromagnetic Exploited via low-bandwidth cryptanalytic attacks Adaptive attack (50 khz bandwidth) [Genkin Shamir Tromer 14] Non-adaptive attack (1.5 MHz bandwidth) Common cryptographic software GnuPG (CVE , CVE ) RSA, ElGamal Worked with GnuPG developers to mitigate the attack 65

64 Our results Channels for attacking PCs Ground potential (chassis and others) Power Electromagnetic Exploited via low-bandwidth cryptanalytic attacks Adaptive attack (50 khz bandwidth) [Genkin Shamir Tromer 14] Non-adaptive attack (1.5 MHz bandwidth) Common cryptographic software GnuPG (CVE , CVE ) RSA, ElGamal Worked with GnuPG developers to mitigate the attack Applicable to various laptop models 66

65 Our results Channels for attacking PCs Ground potential (chassis and others) Power Electromagnetic Exploited via low-bandwidth cryptanalytic attacks Adaptive attack (50 khz bandwidth) [Genkin Shamir Tromer 14] Non-adaptive attack (1.5 MHz bandwidth) Common cryptographic software GnuPG (CVE , CVE ) RSA, ElGamal Worked with GnuPG developers to mitigate the attack Applicable to various laptop models 67

66 68 Low-bandwidth leakage of RSA

67 69 Definitions (RSA) Key setup sk: random primes p, q, private exponent d pk: n = pq, public exponent e Decryption m = c d mod n Encryption c = m e mod n

68 70 Definitions (RSA) Key setup sk: random primes p, q, private exponent d pk: n = pq, public exponent e Encryption c = m e mod n Decryption m = c d mod n A quicker way used by most implementations m p = c d p mod p m q = c d q mod q Obtain m using Chinese Remainder Theorem

69 GnuPG RSA key distinguishability time (0.8 sec) 71 frequency ( MHz) mod p mod q Can distinguish between: 1. Decryptions and other operations

70 GnuPG RSA key distinguishability time (0.8 sec) 72 frequency ( MHz) mod p mod q Can distinguish between: 1. Decryptions and other operations 2. Two exponentiations (mod p, mod q)

71 GnuPG RSA key distinguishability time (0.8 sec) 73 frequency ( MHz) mod p mod q Can distinguish between: 1. Decryptions and other operations 2. Two exponentiations (mod p, mod q) 3. Different keys

72 GnuPG RSA key distinguishability time (0.8 sec) 74 frequency ( MHz) mod p mod q Can distinguish between: 1. Decryptions and other operations 2. Two exponentiations (mod p, mod q) 3. Different keys 4. Different primes

73 75 Key extraction

74 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m 76 }

75 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p 77 }

76 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p m = c d n d i+1 0 mod p 78 }

77 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p m = c d n d i+1 0 mod p t = c d n d i+1 1 mod p 79 }

78 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p m = c d n d i+1 0 mod p t = c d n d i+1 1 mod p m = c d n d i mod p 80 }

79 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p m = c d n d i+1 0 mod p t = c d n d i+1 1 mod p m = c d n d i mod p Q: Why always compute t m c then conditionally copy? A: This is a side channel countermeasure meant to protect d 81 }

80 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p m = c d n d i+1 0 mod p t = c d n d i+1 1 mod p m = c d n d i mod p Q: Why always compute t m c then conditionally copy? A: This is a side channel countermeasure meant to protect d 82 }

81 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p m = c d n d i+1 0 mod p t = c d n d i+1 1 mod p m = c d n d i mod p Q: Why always compute t m c then conditionally copy? A: This is a side channel countermeasure meant to protect d 83 } no key dependent operation to measure

82 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m depends on both d i and c 84 }

83 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m depends on both d i and c m is used in next iteration of the main loop 85 }

84 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m depends on both d i and c m is used in next iteration of the main loop craft c to affect m in the next loop iteration, based on d i measure changes inside squaring operation and obtain d i 86 }

85 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m depends on both d i and c m is used in next iteration of the main loop craft c to affect m in the next loop iteration, based on d i measure changes inside squaring operation and obtain d i 87 } can only see drastic changes inside squaring operation

86 Amplifying the key dependency Difficulties when attacking RSA 2GHz CPU speed vs. 1.5MHz measurements Cannot rely on a single key-dependent instruction 88

87 Amplifying the key dependency Difficulties when attacking RSA 2GHz CPU speed vs. 1.5MHz measurements Cannot rely on a single key-dependent instruction Idea: leakage self-amplification [Genkin Shamir Tromer 2014] abuse algorithm s own code to amplify its own leakage! 89

88 Amplifying the key dependency Difficulties when attacking RSA 2GHz CPU speed vs. 1.5MHz measurements Cannot rely on a single key-dependent instruction Idea: leakage self-amplification [Genkin Shamir Tromer 2014] abuse algorithm s own code to amplify its own leakage! Craft suitable cipher-text to affect the inner-most loop 90

89 Amplifying the key dependency Difficulties when attacking RSA 2GHz CPU speed vs. 1.5MHz measurements Cannot rely on a single key-dependent instruction Idea: leakage self-amplification [Genkin Shamir Tromer 2014] abuse algorithm s own code to amplify its own leakage! Craft suitable cipher-text to affect the inner-most loop Small differences in repeated inner-most loops cause a big overall difference in code behavior 91

90 Amplifying the key dependency Difficulties when attacking RSA 2GHz CPU speed vs. 1.5MHz measurements Cannot rely on a single key-dependent instruction Idea: leakage self-amplification [Genkin Shamir Tromer 2014] abuse algorithm s own code to amplify its own leakage! Craft suitable cipher-text to affect the inner-most loop Small differences in repeated inner-most loops cause a big overall difference in code behavior Measure low-bandwidth leakage 92

91 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m 93 }

92 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m karatsuba_sqr( m ){ basic_sqr( x ) 94 } }

93 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m karatsuba_sqr( m ){ basic_sqr( x ) basic_sqr( x ){ 95 } } }

94 GnuPG modular exponentiation 96 modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then } m=t return m karatsuba_sqr( m ){ basic_sqr( x ) } basic_sqr( x ){ if( x[j]==0) y = 0 else y = x[j]*x }

95 GnuPG modular exponentiation 97 modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then } m=t return m karatsuba_sqr( m ){ basic_sqr( x ) } basic_sqr( x ){ if( x[j]==0) y = 0 else y = x[j]*x } x7

96 GnuPG modular exponentiation 98 modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then } m=t return m karatsuba_sqr( m ){ basic_sqr( x ) } basic_sqr( x ){ if( x[j]==0) y = 0 else y = x[j]*x } x7 x27

97 GnuPG modular exponentiation 99 modular_exponentiation(c,d,p){ } m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m ~0.2ms of measurement karatsuba_sqr( m ){ per bit of d } basic_sqr( x ) basic_sqr( x ){ if( x[j]==0) y = 0 else y = x[j]*x } repeated 189 times per bit of d x7 x27

98 GnuPG modular exponentiation 100 modular_exponentiation(c,d,p){ } m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m ~0.2ms of measurement karatsuba_sqr( m ){ per bit of d } basic_sqr( x ) basic_sqr( x ){ if( x[j]==0) y = 0 else y = x[j]*x } repeated 189 times per bit of d x7 x27 craft c such that d[i] = 1 x[j] = 0 d[i] = 0 x j 0 (for most j s)

99 A chosen ciphertext attack 102 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]):

100 A chosen ciphertext attack 103 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]): RSA: c = N 1

101 A chosen ciphertext attack 104 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]): RSA: c = N 1 ElGamal: c = p 1

102 A chosen ciphertext attack 105 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]): RSA: c = N 1 ElGamal: c = p 1 Total #measurements: Attack type # of traces Time Bandwidth Cipher

103 A chosen ciphertext attack 106 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]): RSA: c = N 1 ElGamal: c = p 1 Total #measurements: Attack type # of traces Time Bandwidth Cipher Non-adaptive chosen ciphertext sec 2 MHz ElGamal, RSA

104 A chosen ciphertext attack 107 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]): RSA: c = N 1 ElGamal: c = p 1 Total #measurements: Attack type # of traces Time Bandwidth Cipher Non-adaptive chosen ciphertext Adaptive chosen ciphertext sec 2 MHz ElGamal, RSA hour 50 khz RSA [GST14]

105 A chosen ciphertext attack 108 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]): RSA: c = N 1 ElGamal: c = p 1 Total #measurements: Attack type # of traces Time Bandwidth Cipher Non-adaptive chosen ciphertext Adaptive chosen ciphertext sec 2 MHz ElGamal, RSA hour 50 khz RSA [GST14] Send chosen ciphertexts using Enigmail

106 109 Empirical results

107 Reading the secret key (non-adaptive attack) Acquire trace Filter around carrier (1.7 MHz) FM demodulation Read out bits ( simple ground analysis ) interrupt 111

108 112 Demo: key extraction

109 Reading the secret key (non-adaptive attack) 113 carrier FM-modulated key due to squaring of a random-looking / mostly zero limb value of m

110 RSA and ElGamal key extraction in a few seconds using direct chassis measurement (non-adaptive attack) 114 Key =

111 RSA and ElGamal key extraction in a few seconds using human touch (non-adaptive attack) 115 Key =

112 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis Key =

113 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 117

114 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to connected to Computation currents and EM fields device ground conductive chassis shielded cables 118

115 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to connected to Computation currents and EM fields device ground conductive chassis shielded cables 119

116 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to connected to Key = Computation currents and EM fields device ground conductive chassis shielded cables Even when no data, or port is turned off. 120

117 121 Demo: key extraction

118 RSA and ElGamal key extraction in a few seconds using the far end of 10 meter network cable (non-adaptive attack) 122 Key =

119 RSA and ElGamal key extraction in a few seconds using the far end of 10 meter network cable (non-adaptive attack) 123 Key =

120 RSA and ElGamal key extraction in a few seconds using the far end of 10 meter network cable (non-adaptive attack) 124 works even if a firewall is present, or port is turned off Key =

121 Key extraction on far side of Ethernet cable using a mobile phone 125

122 Key extraction on far side of Ethernet cable using a mobile phone 126

123 Key extraction on far side of Ethernet cable using a mobile phone 127

124 Key extraction on far side of Ethernet cable using a mobile phone 128

125 Key extraction on far side of Ethernet cable using a mobile phone 129

126 Key extraction on far side of Ethernet cable using a mobile phone 130

127 Key extraction on far side of Ethernet cable using a mobile phone 131

128 Key extraction on far side of Ethernet cable using a mobile phone 132

129 Key extraction on far side of Ethernet cable using a mobile phone 133

130 Key extraction on far side of Ethernet cable using a mobile phone 134

131 Key extraction on far side of Ethernet cable using a mobile phone 135

132 Key extraction on far side of Ethernet cable using a mobile phone 136

133 Key extraction on far side of Ethernet cable using a mobile phone 137

134 Key extraction on far side of Ethernet cable using a mobile phone 138

135 Key extraction on far side of Ethernet cable using a mobile phone 139

136 Key extraction on far side of Ethernet cable using a mobile phone 140

137 Key extraction on far side of Ethernet cable using a mobile phone 141

138 Key extraction on far side of Ethernet cable using a mobile phone 142

139 Key extraction on far side of Ethernet cable using a mobile phone 143

140 Key extraction on far side of Ethernet cable using a mobile phone 144

141 Countermeasures Ineffective countermeasures: 1. Add analog noise 2. Parallel software load 145

142 Countermeasures Ineffective countermeasures: 1. Add analog noise 2. Parallel software load 146

143 Countermeasures Ineffective countermeasures: 1. Add analog noise 2. Parallel software load Main problem: decryption of adversarial inputs 147

144 Countermeasures Ineffective countermeasures: 1. Add analog noise 2. Parallel software load Main problem: decryption of adversarial inputs Solution: ciphertext randomization use equivalent but random-looking ciphertexts 148

145 Countermeasures Ineffective countermeasures: 1. Add analog noise 2. Parallel software load Main problem: decryption of adversarial inputs Solution: ciphertext randomization use equivalent but random-looking ciphertexts Negligible slowdown for RSA 149

146 Countermeasures Ineffective countermeasures: 1. Add analog noise 2. Parallel software load Main problem: decryption of adversarial inputs Solution: ciphertext randomization use equivalent but random-looking ciphertexts Negligible slowdown for RSA x2 slowdown for ElGamal 150

147 Thanks! cs.tau.ac.il/~tromer/handsoff 151

148 Thanks! cs.tau.ac.il/~tromer/handsoff 152

149 Thanks! cs.tau.ac.il/~tromer/handsoff 153

150 154