אני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים
|
|
- Leona Mason
- 5 years ago
- Views:
Transcription
1 אני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים I Know What You Did Last Decryption: Side Channel Attacks on PCs Lev Pachmanov Tel Aviv University Daniel Genkin Technion and Tel Aviv University joint work with Itamar Pipman Adi Shamir Tel Aviv University Weizmann Institute of Science Eran Tromer Tel Aviv University Cryptoday December
2 Side channel attacks 2
3 Side channel attacks 3
4 Side channel attacks 4 electromagnetic
5 Side channel attacks 5 probing electromagnetic
6 Side channel attacks 6 probing power electromagnetic
7 Side channel attacks 7 probing optical power electromagnetic
8 Side channel attacks 8 probing CPU architecture optical power electromagnetic
9 Side channel attacks 9 probing CPU architecture optical power electromagnetic acoustic
10 Side channel attacks probing CPU architecture optical power 10 electromagnetic chassis potential acoustic
11 Side channel attack example 13
12 Side channel attack example MHz
13 Side channel attack example MHz
14 Side channel attack example MHz
15 Side channel attack example MHz 400MHz
16 Side channel attack example 18 Trigger decryption 100MHz 400MHz
17 Side channel attack example 19 Trigger decryption 100MHz 400MHz Obtain traces
18 Side channel attack example 20 Trigger decryption 100MHz 400MHz Obtain traces
19 Traditional side channel attacks methodology Grab/borrow/steal device
20 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction for i= sqr( ) if key[i]=1 mul( ) 22
21 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) for i= sqr( ) if key[i]=1 mul( ) 23
22 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces for i= sqr( ) if key[i]=1 mul( ) 24
23 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis for i= sqr( ) if key[i]=1 mul( ) 25
24 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key for i= sqr( ) if key[i]=1 mul( ) 26
25 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key for i= sqr( ) if key[i]=1 mul( ) Hard for PCs 27
26 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key Hard for PCs 28
27 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key Not handed out vs. Hard for PCs 29
28 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key Not handed out vs. Measuring a 2GHz PC requires expansive and bulky equipment (compared to a 100 MHz smart card) Hard for PCs vs. 1,000$ ,000$
29 Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key 31 Complex electronics running complicated software Hard for (in PCs parallel) vs. Not handed out vs. Measuring a 2GHz PC requires expansive and bulky equipment (compared to a 100 MHz smart card) 100,000$ vs. 1,000$
30 32 New channel: chassis potential
31 33 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, )
32 34 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, )
33 35 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground.
34 36 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. Computation
35 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects Computation currents and EM fields 37
36 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to Computation currents and EM fields device ground 38
37 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 39
38 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 40
39 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 41
40 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 42
41 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 43
42 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 44
43 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 45
44 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 46
45 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 47
46 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 48
47 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 49
48 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 50
49 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis Key =
50 Connecting to the chassis 52
51 Connecting to the chassis 53
52 Connecting to the chassis 54
53 Connecting to the chassis 55
54 Connecting to the chassis 56
55 Connecting to the chassis 57
56 Connecting to the chassis 58
57 Connecting to the chassis 59
58 Connecting to the chassis 60
59 Demo: distinguishing instructions Key =
60 Distinguishing various CPU operations 62 time (10 sec) frequency (2-2.3 MHz)
61 Our results Channels for attacking PCs Ground potential (chassis and others) Power Electromagnetic 63
62 Our results Channels for attacking PCs Ground potential (chassis and others) Power Electromagnetic Exploited via low-bandwidth cryptanalytic attacks Adaptive attack (50 khz bandwidth) [Genkin Shamir Tromer 14] Non-adaptive attack (1.5 MHz bandwidth) 64
63 Our results Channels for attacking PCs Ground potential (chassis and others) Power Electromagnetic Exploited via low-bandwidth cryptanalytic attacks Adaptive attack (50 khz bandwidth) [Genkin Shamir Tromer 14] Non-adaptive attack (1.5 MHz bandwidth) Common cryptographic software GnuPG (CVE , CVE ) RSA, ElGamal Worked with GnuPG developers to mitigate the attack 65
64 Our results Channels for attacking PCs Ground potential (chassis and others) Power Electromagnetic Exploited via low-bandwidth cryptanalytic attacks Adaptive attack (50 khz bandwidth) [Genkin Shamir Tromer 14] Non-adaptive attack (1.5 MHz bandwidth) Common cryptographic software GnuPG (CVE , CVE ) RSA, ElGamal Worked with GnuPG developers to mitigate the attack Applicable to various laptop models 66
65 Our results Channels for attacking PCs Ground potential (chassis and others) Power Electromagnetic Exploited via low-bandwidth cryptanalytic attacks Adaptive attack (50 khz bandwidth) [Genkin Shamir Tromer 14] Non-adaptive attack (1.5 MHz bandwidth) Common cryptographic software GnuPG (CVE , CVE ) RSA, ElGamal Worked with GnuPG developers to mitigate the attack Applicable to various laptop models 67
66 68 Low-bandwidth leakage of RSA
67 69 Definitions (RSA) Key setup sk: random primes p, q, private exponent d pk: n = pq, public exponent e Decryption m = c d mod n Encryption c = m e mod n
68 70 Definitions (RSA) Key setup sk: random primes p, q, private exponent d pk: n = pq, public exponent e Encryption c = m e mod n Decryption m = c d mod n A quicker way used by most implementations m p = c d p mod p m q = c d q mod q Obtain m using Chinese Remainder Theorem
69 GnuPG RSA key distinguishability time (0.8 sec) 71 frequency ( MHz) mod p mod q Can distinguish between: 1. Decryptions and other operations
70 GnuPG RSA key distinguishability time (0.8 sec) 72 frequency ( MHz) mod p mod q Can distinguish between: 1. Decryptions and other operations 2. Two exponentiations (mod p, mod q)
71 GnuPG RSA key distinguishability time (0.8 sec) 73 frequency ( MHz) mod p mod q Can distinguish between: 1. Decryptions and other operations 2. Two exponentiations (mod p, mod q) 3. Different keys
72 GnuPG RSA key distinguishability time (0.8 sec) 74 frequency ( MHz) mod p mod q Can distinguish between: 1. Decryptions and other operations 2. Two exponentiations (mod p, mod q) 3. Different keys 4. Different primes
73 75 Key extraction
74 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m 76 }
75 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p 77 }
76 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p m = c d n d i+1 0 mod p 78 }
77 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p m = c d n d i+1 0 mod p t = c d n d i+1 1 mod p 79 }
78 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p m = c d n d i+1 0 mod p t = c d n d i+1 1 mod p m = c d n d i mod p 80 }
79 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p m = c d n d i+1 0 mod p t = c d n d i+1 1 mod p m = c d n d i mod p Q: Why always compute t m c then conditionally copy? A: This is a side channel countermeasure meant to protect d 81 }
80 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p m = c d n d i+1 0 mod p t = c d n d i+1 1 mod p m = c d n d i mod p Q: Why always compute t m c then conditionally copy? A: This is a side channel countermeasure meant to protect d 82 }
81 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m = c d n d i+1 mod p m = c d n d i+1 0 mod p t = c d n d i+1 1 mod p m = c d n d i mod p Q: Why always compute t m c then conditionally copy? A: This is a side channel countermeasure meant to protect d 83 } no key dependent operation to measure
82 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m depends on both d i and c 84 }
83 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m depends on both d i and c m is used in next iteration of the main loop 85 }
84 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m depends on both d i and c m is used in next iteration of the main loop craft c to affect m in the next loop iteration, based on d i measure changes inside squaring operation and obtain d i 86 }
85 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m m depends on both d i and c m is used in next iteration of the main loop craft c to affect m in the next loop iteration, based on d i measure changes inside squaring operation and obtain d i 87 } can only see drastic changes inside squaring operation
86 Amplifying the key dependency Difficulties when attacking RSA 2GHz CPU speed vs. 1.5MHz measurements Cannot rely on a single key-dependent instruction 88
87 Amplifying the key dependency Difficulties when attacking RSA 2GHz CPU speed vs. 1.5MHz measurements Cannot rely on a single key-dependent instruction Idea: leakage self-amplification [Genkin Shamir Tromer 2014] abuse algorithm s own code to amplify its own leakage! 89
88 Amplifying the key dependency Difficulties when attacking RSA 2GHz CPU speed vs. 1.5MHz measurements Cannot rely on a single key-dependent instruction Idea: leakage self-amplification [Genkin Shamir Tromer 2014] abuse algorithm s own code to amplify its own leakage! Craft suitable cipher-text to affect the inner-most loop 90
89 Amplifying the key dependency Difficulties when attacking RSA 2GHz CPU speed vs. 1.5MHz measurements Cannot rely on a single key-dependent instruction Idea: leakage self-amplification [Genkin Shamir Tromer 2014] abuse algorithm s own code to amplify its own leakage! Craft suitable cipher-text to affect the inner-most loop Small differences in repeated inner-most loops cause a big overall difference in code behavior 91
90 Amplifying the key dependency Difficulties when attacking RSA 2GHz CPU speed vs. 1.5MHz measurements Cannot rely on a single key-dependent instruction Idea: leakage self-amplification [Genkin Shamir Tromer 2014] abuse algorithm s own code to amplify its own leakage! Craft suitable cipher-text to affect the inner-most loop Small differences in repeated inner-most loops cause a big overall difference in code behavior Measure low-bandwidth leakage 92
91 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m 93 }
92 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m karatsuba_sqr( m ){ basic_sqr( x ) 94 } }
93 GnuPG modular exponentiation modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m karatsuba_sqr( m ){ basic_sqr( x ) basic_sqr( x ){ 95 } } }
94 GnuPG modular exponentiation 96 modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then } m=t return m karatsuba_sqr( m ){ basic_sqr( x ) } basic_sqr( x ){ if( x[j]==0) y = 0 else y = x[j]*x }
95 GnuPG modular exponentiation 97 modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then } m=t return m karatsuba_sqr( m ){ basic_sqr( x ) } basic_sqr( x ){ if( x[j]==0) y = 0 else y = x[j]*x } x7
96 GnuPG modular exponentiation 98 modular_exponentiation(c,d,p){ m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then } m=t return m karatsuba_sqr( m ){ basic_sqr( x ) } basic_sqr( x ){ if( x[j]==0) y = 0 else y = x[j]*x } x7 x27
97 GnuPG modular exponentiation 99 modular_exponentiation(c,d,p){ } m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m ~0.2ms of measurement karatsuba_sqr( m ){ per bit of d } basic_sqr( x ) basic_sqr( x ){ if( x[j]==0) y = 0 else y = x[j]*x } repeated 189 times per bit of d x7 x27
98 GnuPG modular exponentiation 100 modular_exponentiation(c,d,p){ } m=1 for i=1 to n do m = m 2 mod p t = m*c mod p //always mult if d[i]=1 then m=t return m ~0.2ms of measurement karatsuba_sqr( m ){ per bit of d } basic_sqr( x ) basic_sqr( x ){ if( x[j]==0) y = 0 else y = x[j]*x } repeated 189 times per bit of d x7 x27 craft c such that d[i] = 1 x[j] = 0 d[i] = 0 x j 0 (for most j s)
99 A chosen ciphertext attack 102 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]):
100 A chosen ciphertext attack 103 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]): RSA: c = N 1
101 A chosen ciphertext attack 104 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]): RSA: c = N 1 ElGamal: c = p 1
102 A chosen ciphertext attack 105 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]): RSA: c = N 1 ElGamal: c = p 1 Total #measurements: Attack type # of traces Time Bandwidth Cipher
103 A chosen ciphertext attack 106 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]): RSA: c = N 1 ElGamal: c = p 1 Total #measurements: Attack type # of traces Time Bandwidth Cipher Non-adaptive chosen ciphertext sec 2 MHz ElGamal, RSA
104 A chosen ciphertext attack 107 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]): RSA: c = N 1 ElGamal: c = p 1 Total #measurements: Attack type # of traces Time Bandwidth Cipher Non-adaptive chosen ciphertext Adaptive chosen ciphertext sec 2 MHz ElGamal, RSA hour 50 khz RSA [GST14]
105 A chosen ciphertext attack 108 Non-adaptive ciphertext choice c 1 mod p (similar to [YLMH05]): RSA: c = N 1 ElGamal: c = p 1 Total #measurements: Attack type # of traces Time Bandwidth Cipher Non-adaptive chosen ciphertext Adaptive chosen ciphertext sec 2 MHz ElGamal, RSA hour 50 khz RSA [GST14] Send chosen ciphertexts using Enigmail
106 109 Empirical results
107 Reading the secret key (non-adaptive attack) Acquire trace Filter around carrier (1.7 MHz) FM demodulation Read out bits ( simple ground analysis ) interrupt 111
108 112 Demo: key extraction
109 Reading the secret key (non-adaptive attack) 113 carrier FM-modulated key due to squaring of a random-looking / mostly zero limb value of m
110 RSA and ElGamal key extraction in a few seconds using direct chassis measurement (non-adaptive attack) 114 Key =
111 RSA and ElGamal key extraction in a few seconds using human touch (non-adaptive attack) 115 Key =
112 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis Key =
113 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis 117
114 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to connected to Computation currents and EM fields device ground conductive chassis shielded cables 118
115 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to connected to Computation currents and EM fields device ground conductive chassis shielded cables 119
116 Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to connected to Key = Computation currents and EM fields device ground conductive chassis shielded cables Even when no data, or port is turned off. 120
117 121 Demo: key extraction
118 RSA and ElGamal key extraction in a few seconds using the far end of 10 meter network cable (non-adaptive attack) 122 Key =
119 RSA and ElGamal key extraction in a few seconds using the far end of 10 meter network cable (non-adaptive attack) 123 Key =
120 RSA and ElGamal key extraction in a few seconds using the far end of 10 meter network cable (non-adaptive attack) 124 works even if a firewall is present, or port is turned off Key =
121 Key extraction on far side of Ethernet cable using a mobile phone 125
122 Key extraction on far side of Ethernet cable using a mobile phone 126
123 Key extraction on far side of Ethernet cable using a mobile phone 127
124 Key extraction on far side of Ethernet cable using a mobile phone 128
125 Key extraction on far side of Ethernet cable using a mobile phone 129
126 Key extraction on far side of Ethernet cable using a mobile phone 130
127 Key extraction on far side of Ethernet cable using a mobile phone 131
128 Key extraction on far side of Ethernet cable using a mobile phone 132
129 Key extraction on far side of Ethernet cable using a mobile phone 133
130 Key extraction on far side of Ethernet cable using a mobile phone 134
131 Key extraction on far side of Ethernet cable using a mobile phone 135
132 Key extraction on far side of Ethernet cable using a mobile phone 136
133 Key extraction on far side of Ethernet cable using a mobile phone 137
134 Key extraction on far side of Ethernet cable using a mobile phone 138
135 Key extraction on far side of Ethernet cable using a mobile phone 139
136 Key extraction on far side of Ethernet cable using a mobile phone 140
137 Key extraction on far side of Ethernet cable using a mobile phone 141
138 Key extraction on far side of Ethernet cable using a mobile phone 142
139 Key extraction on far side of Ethernet cable using a mobile phone 143
140 Key extraction on far side of Ethernet cable using a mobile phone 144
141 Countermeasures Ineffective countermeasures: 1. Add analog noise 2. Parallel software load 145
142 Countermeasures Ineffective countermeasures: 1. Add analog noise 2. Parallel software load 146
143 Countermeasures Ineffective countermeasures: 1. Add analog noise 2. Parallel software load Main problem: decryption of adversarial inputs 147
144 Countermeasures Ineffective countermeasures: 1. Add analog noise 2. Parallel software load Main problem: decryption of adversarial inputs Solution: ciphertext randomization use equivalent but random-looking ciphertexts 148
145 Countermeasures Ineffective countermeasures: 1. Add analog noise 2. Parallel software load Main problem: decryption of adversarial inputs Solution: ciphertext randomization use equivalent but random-looking ciphertexts Negligible slowdown for RSA 149
146 Countermeasures Ineffective countermeasures: 1. Add analog noise 2. Parallel software load Main problem: decryption of adversarial inputs Solution: ciphertext randomization use equivalent but random-looking ciphertexts Negligible slowdown for RSA x2 slowdown for ElGamal 150
147 Thanks! cs.tau.ac.il/~tromer/handsoff 151
148 Thanks! cs.tau.ac.il/~tromer/handsoff 152
149 Thanks! cs.tau.ac.il/~tromer/handsoff 153
150 154
אני יודע מה עשית בפענוח האחרון : התקפות ערוצי צד על מחשבים אישיים
אני יודע מה עשית בפענוח האחרון : התקפות ערוצי צד על מחשבים אישיים I Know What You Did Last Decryption: Side Channel Attacks on PCs Lev Pachmanov Tel Aviv University Daniel Genkin Technion and Tel Aviv
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 6: Physical Side Channel Attacks on PCs Guest lecturer: Lev Pachmanov 1 Side channel attacks probing CPU architecture optical
More informationStealing Keys from PCs by Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation
Stealing Keys from PCs by Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation (extended version) Daniel Genkin Technion and Tel Aviv University danielg3@cs.technion.ac.il Lev Pachmanov Tel
More informationDUBLIN CITY UNIVERSITY
DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013 MODULE: (Title & Code) CA642 Cryptography and Number Theory COURSE: M.Sc. in Security and Forensic Computing YEAR: 1 EXAMINERS: (Including Telephone
More informationElectromagnetic-based Side Channel Attacks
Electromagnetic-based Side Channel Attacks Yasmine Badr 10/28/2015 What is Side Channel Attack Any attack based on information gained from the physical implementation of a cryptosystem, rather than brute
More informationSide Channel Attacks on Smartphones and Embedded Devices using Standard Radio Equipment
Side Channel Attacks on Smartphones and Embedded Devices using Standard Radio Equipment Gabriel Goller & Georg Sigl 144215 Introduction Device Under Test Sensor Radio Receiver Front End Software Defined
More informationChapter-15. Communication systems -1 mark Questions
Chapter-15 Communication systems -1 mark Questions 1) What are the three main units of a Communication System? 2) What is meant by Bandwidth of transmission? 3) What is a transducer? Give an example. 4)
More informationLocal and Direct EM Injection of Power into CMOS Integrated Circuits.
Local and Direct EM Injection of Power into CMOS Integrated Circuits. F. Poucheret 1,4, K.Tobich 2, M.Lisart 2,L.Chusseau 3, B.Robisson 4, P. Maurine 1 LIRMM Montpellier 1 ST Microelectronics Rousset 2
More informationOne&Done: A Single-Decryption EM-Based Attack on OpenSSL s Constant-Time Blinded RSA
One&Done: A Single-Decryption EM-Based Attack on OpenSSL s Constant-Time Blinded RSA Monjur Alam, Haider Adnan Khan, Moumita Dey, Nishith Sinha, Robert Callan, Alenka Zajic, and Milos Prvulovic, Georgia
More informationCurrent Probe. Inspector Data Sheet. Low-noise, high quality measurement signal for side channel acquisition on embedded devices.
Inspector Data Sheet Low-noise, high quality measurement signal for side channel acquisition on embedded devices. Riscure Version 1c.1 1/5 Introduction Measuring the power consumption of embedded technology
More informationData security (Cryptography) exercise book
University of Debrecen Faculty of Informatics Data security (Cryptography) exercise book 1 Contents 1 RSA 4 1.1 RSA in general.................................. 4 1.2 RSA background.................................
More informationElGamal Public-Key Encryption and Signature
ElGamal Public-Key Encryption and Signature Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 10 ElGamal Cryptosystem and Signature Scheme Taher ElGamal, originally from Egypt,
More informationWhen Electromagnetic Side Channels Meet Radio Transceivers
Screaming Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, Aurélien Francillon What s this all about? - A novel attack
More informationThe number theory behind cryptography
The University of Vermont May 16, 2017 What is cryptography? Cryptography is the practice and study of techniques for secure communication in the presence of adverse third parties. What is cryptography?
More informationExercise 2: FM Detection With a PLL
Phase-Locked Loop Analog Communications Exercise 2: FM Detection With a PLL EXERCISE OBJECTIVE When you have completed this exercise, you will be able to explain how the phase detector s input frequencies
More informationCryptography, Number Theory, and RSA
Cryptography, Number Theory, and RSA Joan Boyar, IMADA, University of Southern Denmark November 2015 Outline Symmetric key cryptography Public key cryptography Introduction to number theory RSA Modular
More informationLinear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.
Section 4.4 Linear Congruences Definition: A congruence of the form ax b (mod m), where m is a positive integer, a and b are integers, and x is a variable, is called a linear congruence. The solutions
More informationDiscrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography
Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography Colin Stirling Informatics Some slides based on ones by Myrto Arapinis Colin Stirling (Informatics) Discrete
More informationDiffie-Hellman key-exchange protocol
Diffie-Hellman key-exchange protocol This protocol allows two users to choose a common secret key, for DES or AES, say, while communicating over an insecure channel (with eavesdroppers). The two users
More informationTesting Upstream and Downstream DOCSIS 3.1 Devices
Testing Upstream and Downstream DOCSIS 3.1 Devices April 2015 Steve Hall DOCSIS 3.1 Business Development Manager Agenda 1. Decoding and demodulating a real downstream DOCSIS 3.1 signal and reporting key
More informationPublic Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014
7 Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014 Cryptography studies techniques for secure communication in the presence of third parties. A typical
More informationEvaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit
R1-3 SASIMI 2013 Proceedings Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit Tsunato Nakai Mitsuru Shiozaki Takaya Kubota Takeshi Fujino Graduate School of Science and
More informationDUBLIN CITY UNIVERSITY
DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013/2014 MODULE: CA642/A Cryptography and Number Theory PROGRAMME(S): MSSF MCM ECSA ECSAO MSc in Security & Forensic Computing M.Sc. in Computing Study
More informationGreen ADVANTAGES. Spectrum Analyzer Two models available: 24 GHz and 8 GHz SPECTRUM ANALYZER. Antenna Panel Inputs. Auxiliary Antenna Inputs OSCOR
Whip antenna extension connector Auto Switching (utilizes 5 independent antennas) Green ADVANTAGES OSCOR FULL 24 GHz COVERAGE Headphone Jack SWEEPS FROM 10 khz TO 24 GHz AT 12.2 khz STEPS IN LESS THAN
More informationReconfigurable Hardware Implementation and Analysis of Mesh Routing for the Matrix Step of the Number Field Sieve Factorization
Reconfigurable Hardware Implementation and Analysis of Mesh Routing for the Matrix Step of the Number Field Sieve Factorization Sashisu Bajracharya MS CpE Candidate Master s Thesis Defense Advisor: Dr
More informationIs Your Mobile Device Radiating Keys?
Is Your Mobile Device Radiating Keys? Benjamin Jun Gary Kenworthy Session ID: MBS-401 Session Classification: Intermediate Radiated Leakage You have probably heard of this before App Example of receiving
More informationAlgorithmic Number Theory and Cryptography (CS 303)
Algorithmic Number Theory and Cryptography (CS 303) Modular Arithmetic and the RSA Public Key Cryptosystem Jeremy R. Johnson 1 Introduction Objective: To understand what a public key cryptosystem is and
More informationPublic-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh
Public-Key Cryptosystem Based on Composite Degree Residuosity Classes aka Paillier Cryptosystem Harmeet Singh Harmeet Singh Winter 2018 1 / 26 Background s Background Foundation of public-key encryption
More informationCHAPTER -15. Communication Systems
CHAPTER -15 Communication Systems COMMUNICATION Communication is the act of transmission and reception of information. COMMUNICATION SYSTEM: A system comprises of transmitter, communication channel and
More informationHigh-Speed RSA Crypto-Processor with Radix-4 4 Modular Multiplication and Chinese Remainder Theorem
High-Speed RSA Crypto-Processor with Radix-4 4 Modular Multiplication and Chinese Remainder Theorem Bonseok Koo 1, Dongwook Lee 1, Gwonho Ryu 1, Taejoo Chang 1 and Sangjin Lee 2 1 Nat (NSRI), Korea 2 Center
More informationRelated Ideas: DHM Key Mechanics
Related Ideas: DHM Key Mechanics Example (DHM Key Mechanics) Two parties, Alice and Bob, calculate a key that a third person Carl will never know, even if Carl intercepts all communication between Alice
More informationEE 418: Network Security and Cryptography
EE 418: Network Security and Cryptography Homework 3 Solutions Assigned: Wednesday, November 2, 2016, Due: Thursday, November 10, 2016 Instructor: Tamara Bonaci Department of Electrical Engineering University
More informationInvestigation of a Voltage Probe in Microstrip Technology
Investigation of a Voltage Probe in Microstrip Technology (Specifically in 7-tesla MRI System) By : Mona ParsaMoghadam Supervisor : Prof. Dr. Ing- Klaus Solbach April 2015 Introduction - Thesis work scope
More informationQUICK START GUIDE FOR DEMONSTRATION CIRCUIT 678A 40MHZ TO 900MHZ DIRECT CONVERSION QUADRATURE DEMODULATOR
DESCRIPTION QUICK START GUIDE FOR DEMONSTRATION CIRCUIT 678A LT5517 Demonstration circuit 678A is a 40MHz to 900MHz Direct Conversion Quadrature Demodulator featuring the LT5517. The LT 5517 is a direct
More informationDESIGN AND PERFORMANCE OF A SATELLITE TT&C RECEIVER CARD
DESIGN AND PERFORMANCE OF A SATELLITE TT&C RECEIVER CARD Douglas C. O Cull Microdyne Corporation Aerospace Telemetry Division Ocala, Florida USA ABSTRACT Today s increased satellite usage has placed an
More informationDebugging EMI Using a Digital Oscilloscope. Dave Rishavy Product Manager - Oscilloscopes
Debugging EMI Using a Digital Oscilloscope Dave Rishavy Product Manager - Oscilloscopes 06/2009 Nov 2010 Fundamentals Scope Seminar of DSOs Signal Fidelity 1 1 1 Debugging EMI Using a Digital Oscilloscope
More informationSpectrum Analyzer. Spectrum Analyzer. Antenna Panel Inputs. Auxiliary Antenna Inputs. Two models available: 24 GHz and 8 GHz OSCOR
Whip antenna extension connector Auto Switching (utilizes 5 independent antennas) OSCOR ADVANTAGES FULL 24 GHz COVERAGE Headphone Jack SWEEPS FROM 10 khz TO 24 GHz AT 12.2 khz STEPS IN LESS THAN 1 SECOND
More informationBlock Ciphers Security of block ciphers. Symmetric Ciphers
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2016. Slide: 26 Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable
More informationTMA4155 Cryptography, Intro
Trondheim, December 12, 2006. TMA4155 Cryptography, Intro 2006-12-02 Problem 1 a. We need to find an inverse of 403 modulo (19 1)(31 1) = 540: 540 = 1 403 + 137 = 17 403 50 540 + 50 403 = 67 403 50 540
More informationCOMMUNICATION SYSTEMS -I
COMMUNICATION SYSTEMS -I Communication : It is the act of transmission of information. ELEMENTS OF A COMMUNICATION SYSTEM TRANSMITTER MEDIUM/CHANNEL: The physical medium that connects transmitter to receiver
More informationAN-1011 APPLICATION NOTE
AN-111 APPLICATION NOTE One Technology Way P.O. Box 916 Norwood, MA 262-916, U.S.A. Tel: 781.329.47 Fax: 781.461.3113 www.analog.com EMC Protection of the AD715 by Holger Grothe and Mary McCarthy INTRODUCTION
More informationComparison of Electromagnetic Side-Channel Energy Available to the Attacker from Different Computer Systems
Comparison of Electromagnetic Side-Channel Energy Available to the Attacker from Different Computer Systems Abstract This paper evaluates electromagnetic (EM) sidechannel energy (ESE) available to the
More informationTodd Hubing. Clemson Vehicular Electronics Laboratory Clemson University
Todd Hubing Clemson Vehicular Electronics Laboratory Clemson University FCC Emissions Test Radiation from a shielded commercial product with attached cables May 28 2 Typical Field Strengths FCC Class A
More informationLecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.
Lecture 32 Instructor s Comments: This is a make up lecture. You can choose to cover many extra problems if you wish or head towards cryptography. I will probably include the square and multiply algorithm
More informationMeasurement & Control of energy systems. Teppo Myllys National Instruments
Measurement & Control of energy systems Teppo Myllys National Instruments National Instruments Direct operations in over 50 Countries More than 1,000 products, 7000+ employees, and 700 Alliance Program
More informationThe Chinese Remainder Theorem
The Chinese Remainder Theorem Theorem. Let m and n be two relatively prime positive integers. Let a and b be any two integers. Then the two congruences x a (mod m) x b (mod n) have common solutions. Any
More informationGilbert Cell Multiplier Measurements from GHz II: Sample of Eight Multipliers
Gilbert Cell Multiplier Measurements from 2-18.5 GHz II: Sample of Eight Multipliers A.I. Harris 26 February 2002, 7 June 2002 1 Overview and summary This note summarizes a set of measurements of eight
More informationHow EMxpert Diagnoses Board-Level EMC Design Issues
Application Report EMxpert July 2011 - Cédric Caudron How EMxpert Diagnoses Board-Level EMC Design Issues ABSTRACT EMxpert provides board-level design teams with world-leading fast magnetic very-near-field
More informationNumber Theory and Public Key Cryptography Kathryn Sommers
Page!1 Math 409H Fall 2016 Texas A&M University Professor: David Larson Introduction Number Theory and Public Key Cryptography Kathryn Sommers Number theory is a very broad and encompassing subject. At
More information10 GHz Microwave Link
10 GHz Microwave Link Project Project Objectives System System Functionality Testing Testing Procedures Cautions and Warnings Problems Encountered Recommendations Conclusion PROJECT OBJECTIVES Implement
More informationCryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1
Cryptography CS 555 Topic 20: Other Public Key Encryption Schemes Topic 20 1 Outline and Readings Outline Quadratic Residue Rabin encryption Goldwasser-Micali Commutative encryption Homomorphic encryption
More informationMAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.
MAT 302: ALGEBRAIC CRYPTOGRAPHY Department of Mathematical and Computational Sciences University of Toronto, Mississauga February 27, 2013 Mid-term Exam INSTRUCTIONS: The duration of the exam is 100 minutes.
More informationThe Chinese Remainder Theorem
The Chinese Remainder Theorem Theorem. Let n 1,..., n r be r positive integers relatively prime in pairs. (That is, gcd(n i, n j ) = 1 whenever 1 i < j r.) Let a 1,..., a r be any r integers. Then the
More informationFermat s little theorem. RSA.
.. Computing large numbers modulo n (a) In modulo arithmetic, you can always reduce a large number to its remainder a a rem n (mod n). (b) Addition, subtraction, and multiplication preserve congruence:
More informationTesting Motorola P25 Conventional Radios Using the R8000 Communications System Analyzer
Testing Motorola P25 Conventional Radios Using the R8000 Communications System Analyzer Page 1 of 24 Motorola CPS and Tuner Software Motorola provides a CD containing software programming facilities for
More informationtwo computers. 2- Providing a channel between them for transmitting and receiving the signals through it.
1. Introduction: Communication is the process of transmitting the messages that carrying information, where the two computers can be communicated with each other if the two conditions are available: 1-
More informationPower Analysis Attacks on SASEBO January 6, 2010
Power Analysis Attacks on SASEBO January 6, 2010 Research Center for Information Security, National Institute of Advanced Industrial Science and Technology Table of Contents Page 1. OVERVIEW... 1 2. POWER
More informationThe EM Side Channel(s)
The EM Side Channel(s) Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi IBM T.J. Watson Research Center P.O. Box 74 Yorktown Heights, NY 1598 {agrawal,barch,jrrao,rohatgi}@us.ibm.com
More informationCryptanalysis on short messages encrypted with M-138 cipher machine
Cryptanalysis on short messages encrypted with M-138 cipher machine Tsonka Baicheva Miroslav Dimitrov Institute of Mathematics and Informatics Bulgarian Academy of Sciences 10-14 July, 2017 Sofia Introduction
More informationA Design for Modular Exponentiation Coprocessor in Mobile Telecommunication Terminals
A Design for Modular Exponentiation Coprocessor in Mobile Telecommunication Terminals Takehiko Kato, Satoru Ito, Jun Anzai, and Natsume Matsuzaki Advanced Mobile Telecommunications Security Technology
More informationEMC Seminar Series All about EMC Testing and Measurement Seminar 1
EMC Seminar Series All about EMC Testing and Measurement Seminar 1 Introduction to EMC Conducted Immunity Jeffrey Tsang Organized by : Department of Electronic Engineering 1 Basic Immunity Standards: IEC
More informationni.com Sensor Measurement Fundamentals Series
Sensor Measurement Fundamentals Series Introduction to Data Acquisition Basics and Terminology Litkei Márton District Sales Manager National Instruments What Is Data Acquisition (DAQ)? 3 Why Measure? Engineers
More informationSEMS SHIELDING EFFECTIVENESS MEASUREMENT SYSTEM IN MRI AND SHIELDED ENVIRONMENT. ELECTRIC AND MAGNETIC FIELD FROM 10 khz TO 300 MHz*
SEMS SHIELDING EFFECTIVENESS MEASUREMENT SYSTEM IN MRI AND SHIELDED ENVIRONMENT ELECTRIC AND MAGNETIC FIELD FROM 10 khz TO 300 MHz* SEMS SHIELDING EFFECTIVENESS MEASUREMENT SYSTEM MRI Shielding Environment
More informationNUMERICAL METHODOLOGY FOR THE EMI RISK ASSESSMENT OF VEHICULAR ANTENNAS
NUMERICAL METHODOLOGY FOR THE EMI RISK ASSESSMENT OF VEHICULAR ANTENNAS Alberto Buttiglieri EMEA Product Development Electrical Electronics Unit Audio & Telematics Darmstadt, Germany Content Automotive
More informationAdvanced Test Equipment Rentals ATEC (2832)
Established 1981 Advanced Test Equipment Rentals www.atecorp.com 800-404-ATEC (2832) R3000 EMI TEST RECEIVERS Fully IF digital EMI Receivers family for measurement of electromagnetic interference from
More informationBIODEX MULTI- JOINT SYSTEM
BIODEX MULTI- JOINT SYSTEM CONFORMANCE TO STANDARDS 850-000, 840-000, 852-000 FN: 18-139 5/18 Contact information Manufactured by: Biodex Medical Systems, Inc. 20 Ramsey Road, Shirley, New York, 11967-4704
More informationSpectrum Analyzer Two models available: OGR-24 (24 GHz) and OGR-8 (8 GHz)
TM Spectrum Analyzer Two models available: OGR-24 (24 GHz) and OGR-8 (8 GHz) U.S. PATENTS: 6,397,154; 7,058,530 Additional Patents Pending Whip antenna extension connector Auto Switching Antenna Panel
More informationCryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017
Name: Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017 INSTRUCTIONS Read Carefully Time: 50 minutes There are 5 problems. Write your name legibly at the top of this page. No calculators
More informationLNS ultra low phase noise Synthesizer 8 MHz to 18 GHz
LNS ultra low phase noise Synthesizer 8 MHz to 18 GHz Datasheet The LNS is an easy to use 18 GHz synthesizer that exhibits outstanding phase noise and jitter performance in a 3U rack mountable chassis.
More informationSEMS SHIELDING EFFECTIVENESS MEASUREMENT SYSTEM IN MRI AND SHIELDED ENVIRONMENT. ELECTRIC AND MAGNETIC FIELD FROM 10 khz TO 300 MHz*
SEMS SHIELDING EFFECTIVENESS MEASUREMENT SYSTEM IN MRI AND SHIELDED ENVIRONMENT ELECTRIC AND MAGNETIC FIELD FROM 10 khz TO 300 MHz* MRI Shielding Environment (Magnetic Resonance Imaging) Shielded and anechoic
More informationTransceiver. Quick Start Guide. What is in the box What does it do How to build a setup Verification of the setup...
Transceiver Quick Start Guide What is in the box... 3 What does it do... 5 How to build a setup... 6 Verification of the setup... 10 Help and troubleshooting... 11 Technical specifications... 12 Declaration
More informationImplementation and Performance Testing of the SQUASH RFID Authentication Protocol
Implementation and Performance Testing of the SQUASH RFID Authentication Protocol Philip Koshy, Justin Valentin and Xiaowen Zhang * Department of Computer Science College of n Island n Island, New York,
More informationClassical Cryptography
Classical Cryptography CS 6750 Lecture 1 September 10, 2009 Riccardo Pucella Goals of Classical Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to all communications Alice
More informationDevice Pairing at the Touch of an Electrode
Device Pairing at the Touch of an Electrode Marc Roeschlin, Ivan Martinovic, Kasper B. Rasmussen NDSS, 19 February 2018 NDSS 2018 (slide 1) Device Pairing (I) Bootstrap secure communication Two un-associated
More informationTime-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala
Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers Praveen Vadnala Differential Power Analysis Implementations of cryptographic systems leak Leaks from bit 1 and bit 0 are
More informationLecture 6. Angle Modulation and Demodulation
Lecture 6 and Demodulation Agenda Introduction to and Demodulation Frequency and Phase Modulation Angle Demodulation FM Applications Introduction The other two parameters (frequency and phase) of the carrier
More informationApplication Note: Testing P25 Conventional Radios Using the Freedom Communications System Analyzers
: Testing P25 Conventional Radios Using the Freedom Communications System Analyzers FCT-1007A Motorola CPS and Tuner Software Motorola provides a CD containing software programming facilities for the radio
More informationApplication: Public Key Cryptography. Public Key Cryptography
Application: Public Key Cryptography Suppose I wanted people to send me secret messages by snail mail Method 0. I send a padlock, that only I have the key to, to everyone who might want to send me a message.
More informationGlitch Amplifier. Quick Start Guide. What is in the box What does it do How to build a setup Help and troubleshooting...
Glitch Amplifier Quick Start Guide What is in the box... 2 What does it do... 4 How to build a setup... 5 Help and troubleshooting... 8 Technical specifications... 9 2015 Glitch Amplifier - QSG 0.3 1 /
More informationLock in Amplifier. Introduction. Motivation. Liz Schell and Allan Sadun Project Proposal
Liz Schell and Allan Sadun 6.101 Project Proposal Lock in Amplifier Introduction A lock in amplifier is an analog circuit that picks out and amplifies a particular frequency of oscillation and rejects
More informationAnalysis of RF transceivers used in automotive
Scientific Bulletin of Politehnica University Timisoara TRANSACTIONS on ELECTRONICS and COMMUNICATIONS Volume 60(74), Issue, 0 Analysis of RF transceivers used in automotive Camelia Loredana Ţeicu Abstract
More informationTF TF Analyzer 2000 Measurement System
TF Analyzer 2000 Measurement System The TF Analyzer 2000 is the most sophisticated analyzer of electroceramic material and devices. The test equipment is based on a modular idea, where four different probe
More informationSecurity Enhancement and Speed Monitoring of RSA Algorithm
Security Enhancement and Speed Monitoring of RSA Algorithm Sarthak R Patel 1, Prof. Khushbu Shah 2 1 PG Scholar, 2 Assistant Professor Computer Engineering Department, LJIET, Gujarat Technological University,
More informationTE 302 DISCRETE SIGNALS AND SYSTEMS. Chapter 1: INTRODUCTION
TE 302 DISCRETE SIGNALS AND SYSTEMS Study on the behavior and processing of information bearing functions as they are currently used in human communication and the systems involved. Chapter 1: INTRODUCTION
More informationKeysight Technologies 8 Hints for Making Better Measurements Using RF Signal Generators. Application Note
Keysight Technologies 8 Hints for Making Better Measurements Using RF Signal Generators Application Note 02 Keysight 8 Hints for Making Better Measurements Using RF Signal Generators - Application Note
More informationIREAP. MURI 2001 Review. John Rodgers, T. M. Firestone,V. L. Granatstein, M. Walter
MURI 2001 Review Experimental Study of EMP Upset Mechanisms in Analog and Digital Circuits John Rodgers, T. M. Firestone,V. L. Granatstein, M. Walter Institute for Research in Electronics and Applied Physics
More informationCS 261 Notes: Zerocash
CS 261 Notes: Zerocash Scribe: Lynn Chua September 19, 2018 1 Introduction Zerocash is a cryptocurrency which allows users to pay each other directly, without revealing any information about the parties
More informationWe are IntechOpen, the world s leading publisher of Open Access books Built by scientists, for scientists. International authors and editors
We are IntechOpen, the world s leading publisher of Open Access books Built by scientists, for scientists 3,7 18,5 1.7 M Open access books available International authors and editors Downloads Our authors
More informationOverview. Lecture 3. Terminology. Terminology. Background. Background. Transmission basics. Transmission basics. Two signal types
Lecture 3 Transmission basics Chapter 3, pages 75-96 Dave Novak School of Business University of Vermont Overview Transmission basics Terminology Signal Channel Electromagnetic spectrum Two signal types
More informationSETTING UP A WIRELESS LINK USING ME1000 RF TRAINER KIT
SETTING UP A WIRELESS LINK USING ME1000 RF TRAINER KIT Introduction S Kumar Reddy Naru ME Signal Processing S. R. No - 05812 The aim of the project was to try and set up a point to point wireless link.
More informationCHAPTER 6 EMI EMC MEASUREMENTS AND STANDARDS FOR TRACKED VEHICLES (MIL APPLICATION)
147 CHAPTER 6 EMI EMC MEASUREMENTS AND STANDARDS FOR TRACKED VEHICLES (MIL APPLICATION) 6.1 INTRODUCTION The electrical and electronic devices, circuits and systems are capable of emitting the electromagnetic
More informationEEE 432 Measurement and Instrumentation
EEE 432 Measurement and Instrumentation Lecture 6 Measurement noise and signal processing Prof. Dr. Murat Aşkar İzmir University of Economics Dept. of Electrical and Electronics Engineering Measurement
More informationDesign for Guaranteed EMC Compliance
Clemson Vehicular Electronics Laboratory Reliable Automotive Electronics Automotive EMC Workshop April 29, 2013 Design for Guaranteed EMC Compliance Todd Hubing Clemson University EMC Requirements and
More informationEMC Simulation of Consumer Electronic Devices
of Consumer Electronic Devices By Andreas Barchanski Describing a workflow for the EMC simulation of a wireless router, using techniques that can be applied to a wide range of consumer electronic devices.
More informationD10 Demonstration Board
D10 Demonstration Board D10 demonstration board side 1 Contents Demonstration board description 3 Measurement technology - Disturbance immunity 4 E1 disturbance immunity development system 4 P1 mini burst
More informationAssignment 2. Due: Monday Oct. 15, :59pm
Introduction To Discrete Math Due: Monday Oct. 15, 2012. 11:59pm Assignment 2 Instructor: Mohamed Omar Math 6a For all problems on assignments, you are allowed to use the textbook, class notes, and other
More informationSpectrum Analyzer Two models available: OBL-24 (24 GHz) and OBL-8 (8 GHz)
TM Spectrum Analyzer Two models available: OBL-24 (24 GHz) and OBL-8 (8 GHz) U.S. PATENTS: 6,397,154; 7,058,530 Additional Patents Pending Whip antenna extension connector Auto Switching Antenna Panel
More informationCX380X Advanced Spectrum and Burst QAM Analyzer
Advanced Spectrum and Burst QAM Analyzer Preventative Network Monitoring With VeEX s VeSion system, the advanced Spectrum Analyzer and Bursty Demodulator captures rogue cable modems and provides proactive
More informationThe EM Side Channel(s):Attacks and Assessment Methodologies
The EM Side Channel(s):Attacks and Assessment Methodologies Dakshi Agrawal Bruce Archambeault Josyula R. Rao Pankaj Rohatgi IBM Watson Research Center P.O. Box 74 Yorktown Heights, NY 1598 email: {agrawal,barch,jrrao,rohatgi}@us.ibm.com
More informationSchlöder GmbH - EMC Test and Measurement Systems Model #
Schlöder GmbH - EMC Test and Measurement Systems Model # Product Description IEC / EN 61000-4 - 2 ESD SESD 216 ESD generator 10 kv CON / 16,5 kv AIR acc. to IEC 61000-4-2, 150 pf / 330 ohm SESD 230 ESD
More information