When Electromagnetic Side Channels Meet Radio Transceivers

Similar documents
Electromagnetic-based Side Channel Attacks

On Practical Selective Jamming of Bluetooth Low Energy Advertising

Is Your Mobile Device Radiating Keys?

אני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים

On the Design of Software and Hardware for a WSN Transmitter

Session 3. CMOS RF IC Design Principles

Information Security Theory vs. Reality

2015 Interference 101. Robin Jackman Application Engineer

Appnote - Realtime Spectrum Analyzer vs Spectrum Analyzer

Wireless systems. includes issues of

Wireless replacement for cables in CAN Network Pros and Cons. by Derek Sum

MOBILE COMPUTING 4/8/18. Basic Call. Public Switched Telephone Network - PSTN. CSE 40814/60814 Spring Transit. switch. Transit. Transit.

Fully integrated UHF RFID mobile reader with power amplifiers using System-in-Package (SiP)

DNT2400. Low Cost 2.4 GHz FHSS Transceiver Module with I/O

Wireless Communication in Embedded System. Prof. Prabhat Ranjan

WT11I DESIGN GUIDE. Monday, 28 November Version 1.1

VC7300-Series Product Brief

mmw to THz ultra high data rate radio access technologies

FEATURES DESCRIPTION BENEFITS APPLICATIONS. Preliminary PT4501 Sub-1 GHz Wideband FSK Transceiver

Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit

Overview and Challenges

Wireless Transmission & Media Access

DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE. Adrien Le Masle, Wayne Luk

9 Best Practices for Optimizing Your Signal Generator Part 2 Making Better Measurements

SNIOT702 Specification. Version number:v 1.0.1

Debugging EMI Using a Digital Oscilloscope. Dave Rishavy Product Manager - Oscilloscopes

CDMA Principle and Measurement

אני יודע מה עשית בפענוח האחרון : התקפות ערוצי צד על מחשבים אישיים

Contactless snooping: Assessing the real threats

MC-1010 Hardware Design Guide

Announcements : Wireless Networks Lecture 3: Physical Layer. Bird s Eye View. Outline. Page 1

DNT900. Low Cost 900 MHz FHSS Transceiver Module with I/O

RN-41-SM. Class 1 Bluetooth Socket Module. Features. Applications. Description. Block Diagram. rn-41sm-ds 9/9/2009

INTRODUCTION TO TRANSCEIVER DESIGN ECE3103 ADVANCED TELECOMMUNICATION SYSTEMS

GNSS Technologies. GNSS Acquisition Dr. Zahidul Bhuiyan Finnish Geospatial Research Institute, National Land Survey

MC-1612 Hardware Design Guide

LSI and Circuit Technologies for the SX-8 Supercomputer

Cognitive Wireless Network : Computer Networking. Overview. Cognitive Wireless Networks

Transform. Jeongchoon Ryoo. Dong-Guk Han. Seoul, Korea Rep.

Application of PC Vias to Configurable RF Circuits

Finding the key in the haystack

DISCONTINUED. Modulation Type Number of RF Channels 15

Satellite Navigation Principle and performance of GPS receivers

Announcement : Wireless Networks Lecture 3: Physical Layer. A Reminder about Prerequisites. Outline. Page 1

Power Analysis Attacks on SASEBO January 6, 2010

Wideband Spectral Measurement Using Time-Gated Acquisition Implemented on a User-Programmable FPGA

Chapter-15. Communication systems -1 mark Questions

Trouble-shooting Radio Links in Unlicensed Frequency Bands TUTORIAL

Radio. ontrolli. ISM - Low Power Radio Devices. Short Form. Wireless Modules and Wireless Network Solutions. ASK/FSK Radio Modules

Multiple Access Techniques

DNT24MCA DNT24MPA. Low Cost 2.4 GHz FHSS Transceiver Modules with I/O. DNT24MCA/MPA Absolute Maximum Ratings. DNT24MCA/MPA Electrical Characteristics

SIMPLE Raspberry Pi VHF TRANSCEIVER & TNC

OEM 100. User Manual. Figure 1: OEM 100 Module with HG Rectangular Antenna Board

Evaluation of the Masked Logic Style MDPL on a Prototype Chip

The quality of the transmission signal The characteristics of the transmission medium. Some type of transmission medium is required for transmission:

Outline / Wireless Networks and Applications Lecture 3: Physical Layer Signals, Modulation, Multiplexing. Cartoon View 1 A Wave of Energy

Outline. Introduction 2/2. Introduction 1/2. Paper presentation Ultra-Portable Devices. Introduction. System Design for Ultra-Low Power.

Security of Global Navigation Satellite Systems (GNSS) GPS Fundamentals GPS Signal Spoofing Attack Spoofing Detection Techniques

A DESIGN EXPERIMENT FOR MEASUREMENT OF THE SPECTRAL CONTENT OF SUBSTRATE NOISE IN MIXED-SIGNAL INTEGRATED CIRCUITS

EMI 相容性測試 預相容性測試及量測法規

Lecture 1, Introduction and Background

Wireless Networked Systems

SDR Platforms for Research on Programmable Wireless Networks

22. VLSI in Communications

GDM1101: CMOS Single-Chip Bluetooth Integrated Radio/Baseband IC

HY448 Sample Problems

Fast and Accurate RF component characterization enabled by FPGA technology

Power Reduction in RF

Bluetooth Low Energy Evolving: New BLE Modules Enable Long- Range Applications

Wireless LAN Applications LAN Extension Cross building interconnection Nomadic access Ad hoc networks Single Cell Wireless LAN

Engineering the Power Delivery Network

Multi-Signal, Multi-Format Analysis With Agilent VSA Software

Access Methods and Spectral Efficiency

Spectrum Sensing Brief Overview of the Research at WINLAB

ISSCC 2003 / SESSION 20 / WIRELESS LOCAL AREA NETWORKING / PAPER 20.5

The EM Side Channel(s)

Project in Wireless Communication Lecture 7: Software Defined Radio

ADVANCED EMBEDDED MONITORING SYSTEM FOR ELECTROMAGNETIC RADIATION

Co-existence. DECT/CAT-iq vs. other wireless technologies from a HW perspective

802.11ax Design Challenges. Mani Krishnan Venkatachari

Low Jitter, Low Emission Timing Solutions For High Speed Digital Systems. A Design Methodology

Device Pairing at the Touch of an Electrode

Description of the AM Superheterodyne Radio Receiver

LOW COST PHASED ARRAY ANTENNA TRANSCEIVER FOR WPAN APPLICATIONS

Datasheet. Licensed Backhaul Radio. Model: AF-4X. Up to 687 Mbps Real Throughput, Up to 200+ km Range

Development of a 20 GS/s Sampling Chip in 130nm CMOS Technology

Eavesdropping Attacks on High-Frequency RFID Tokens

Wireless Networks (PHY): Design for Diversity

Xperience The Future in Level Measurements

SIDE-CHANNEL attacks exploit the leaked physical information

By Ryan Winfield Woodings and Mark Gerrior, Cypress Semiconductor

AN4392 Application note

Chaos Communication Camp Milosch Meriac Henryk Plötz

Project: IEEE P Working Group for Wireless Personal Area Networks N

Chapter XIII Short Range Wireless Devices - Building a global license-free system at frequencies below 1GHz By Austin Harney and Conor O Mahony

Why/When I need a Spectrum Analyzer. Jan 12, 2017

ECEN620: Network Theory Broadband Circuit Design Fall 2014

ETSI Standards and the Measurement of RF Conducted Output Power of Wi-Fi ac Signals

Signal Integrity Design of TSV-Based 3D IC

A 1.9GHz Single-Chip CMOS PHS Cellphone

Transcription:

Screaming Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, Aurélien Francillon

What s this all about? - A novel attack exploiting EM side channels from a distance - A PoC implementation up to 10m distance (with demo!) - Where to go from here?

Let s start from the beginning

AES128(K,P) Leaks in radio signals

Agenda From the state of the art to a novel attack

Agenda Introduction Part I Part II Part III Background Our Story Towards an attack - EM Side-Channels - RF communications 101 - Noise in mixed-signal ICs - Discovery of the leak - Explanation Conclusion - Building the attack - Demo

Agenda Introduction Part I Part II Part III Background Our Story Towards an attack - EM Side-Channels - RF communications 101 - Noise in mixed-signal ICs - Discovery of the leak - Explanation Conclusion - Building the attack - Demo

Side channel basics Even provably secure cryptography may be broken if some intermediate computations are visible Physical implementations may leak intermediate data Attackers observe the leaks and reconstruct cryptographic secrets

Side channel basics ChipWhisperer! https://wiki.newae.com/file:cw1173_microusb.jpg

Electromagnetic Side-Channels Data-dependent EM leaks occur because: Digital logic consumes current when switching Current variations generate EM emissions Similar to power side-channels Known attacks: Kasper et al. [1] Genkin et al. [2] TEMPEST [3] Distance

Correlation attack basics An intuitive attack, there are many more Ingredients: Known Plaintext State non-linear in Plaintext and Key Leak linear in the State K } Leak model P State Leak

Correlation attack basics Recipe: 1. Encrypt many times and measure the Leaks 2. Guess a byte of the Key and compute the States 3. Check if the Measurements correlate with the Computations 4. Repeat for each byte of the key K P Computed Measured

Correlation attack basics for byte in key: 1. for Encrypt guess many in 0times to 255: and measure the Leaks 2. Guess ranks[guess] a byte of the = Key correlation(leak, and the corresponding guess) States 3. guess The guess best [byte] is right = iff argmax(ranks) the Leaks are linear with the States 4. Repeat for each byte of the key Recipe: K P State Leak

Agenda Introduction Part I Part II Part III Background Our Story Towards an attack - EM Side-Channels - RF communications 101 - Noise in mixed-signal ICs - The Hypothesis - Explanation Conclusion - Building the attack - Demo

Amplitude A Simple Wave 1.25 1 λ 0.75 0.5 0.25 a 0-0.25-0.5-0.75-1 -1.25 c Distance

Amplitude Power Spectrum A Simple Wave 1.25 1 λ 0.75 0.5 0.25 a 0-0.25-0.5 Frequency f -0.75-1 -1.25 c Distance

Amplitude Modulation Basics Information Carrier Time AM Signal

Amplitude Power Spectrum Modulation Basics Information Carrier f c -f i f c f c +f i Time AM Signal

Agenda Introduction Part I Part II Part III Background Our Story Towards an attack - EM Side-Channels - RF communications 101 - Noise in mixed-signal ICs - Discovery of the leak - Explanation Conclusion - Building the attack - Demo

Mixed-signal chips Examples Look around BT, WiFi, GPS, etc. Idea Combine digital processor and analog radio on a single chip Integrate the two and provide an easy interface to the outside Benefits Cheap Small Power efficient Nice for developers

A big problem: Noise Digital logic produces noise Close physical proximity facilitates noise propagation Analog radio is sensitive to noise Designers care about functionality

What if digital noise with sensitive information leaks into the radio signal?

Agenda Introduction Part I Part II Part III Background Our Story Towards an attack - EM Side-Channels - RF communications 101 - Noise in mixed-signal ICs - Discovery of the leak - Explanation Conclusion - Building the attack - Demo

So the journey begins...

Discovery of a leak After months of trying: Multiple chips Custom firmware One day: Accidental tuning on "wrong" frequency A leak dependent on our computations So the investigation started

Discovery of a leak Simple Firmware: - TX off/on (CW) - Slow loop/fast loop - Controlled via UART P Mixed-signal chip Software Defined Radio 2.4 GHz f

Discovery of a leak P Mixed-signal chip Software Defined Radio f

Discovery of a leak - Slow loop - TX off - Close distance P Mixed-signal chip Spectrum Analyzer 64 MHz f

Discovery of a leak - Fast loop - TX off - Close distance P Mixed-signal chip Spectrum Analyzer 64 MHz f

Discovery of a leak - Slow loop - TX on P Mixed-signal chip Spectrum Analyzer 64 MHz 2.4 GHz f

Discovery of a leak - Fast loop - TX on P Mixed-signal chip Spectrum Analyzer 64 MHz 2.4 GHz f

Agenda Introduction Part I Part II Part III Background Our Story Towards an attack - EM Side-Channels - RF communications 101 - Noise in mixed-signal ICs - Discovery of the leak - Explanation Conclusion - Building the attack - Demo

Logic Transmission Scheme P f 64 MHz 64 MHz 2.4 GHz Digital noise Radio Clock (64MHz) BT Carrier (2.4GHz)

Conventional P Current consumption Mixing f 64 MHz Digital noise Clock (64MHz)

Conventional V Supply V in I Gnd I V out C Parasitic Current consumption Dependent on transitions of logic values Mixing V out : 0 1 t

Conventional V Supply V in I Gnd I V out C Parasitic Current consumption Dependent on transitions of logic values Mixing V out : 0 1 V out : 1 0 t

Clk Conventional Data line Current consumption Dependent on transitions of logic values Mixing Clock 1: direct Carrier Modulation

Conventional V 1 + V 2 nmos transistor in saturation I sat = α(v 1 + V 2 V th ) 2 = = 2 V 1 V 2 + etc. Current consumption Dependent on transitions of logic values Mixing Clock 1: direct 2: non-linear components

Screaming Channels P Digital to Analog propagation Mixing f 64 MHz 64 MHz 2.4 GHz Digital noise Radio Clock (64MHz) BT Carrier (2.4GHz)

Screaming Channels P Digital to Analog propagation 1: Substrate Coupling Same silicon die 2: Power Supply Coupling f 64 MHz Same power supply Digital Mixingnoise Digital V Supply Analog Clock (64MHz) Substrate

Screaming Channels P Digital to Analog propagation 1. Substrate Coupling Same silicon die 2. Power Supply Coupling f Same power supply 64 MHz Digital Mixingnoise 1. Voltage Controlled Oscillator VCO 2. Power Amplifier 3. etc. Clock DAC (64MHz) I Q Noise from the digital domain 0 90 (Analog) TX PA

Summing Up Generation "Spectrum Spraying" Propagation Radio Transmission

Agenda Introduction Part I Part II Part III Background Our Story Towards an attack - EM Side-Channels - RF communications 101 - Noise in mixed-signal ICs - Discovery of the leak - Explanation Conclusion - Building the attack - Demo

AES in the spectrogram Radio Off Radio On AES On

AES in the spectrogram Radio Off Radio On AES On

AES in the spectrogram Radio Off Radio On AES On

AES in the spectrogram Radio Off Radio On AES On

AES in the spectrogram Radio Off Radio On AES On

AES in the spectrogram Radio Off Radio On AES On

Extraction and alignment Packets Trigger Frequency

Extraction and alignment Self-correlation alignment Average

Attacking Extraction of clean traces Some attacks Correlation attack Template attack Built upon ChipWhisperer's implementations Attacked implementations mbedtls TinyAES

Evolution of the attack Cable 3 m 10 m 15 cm 2 m 5 m

Agenda Introduction Part I Part II Part III Background Our Story Towards an attack - EM Side-Channels - RF communications 101 - Noise in mixed-signal ICs - Discovery of the leak - Explanation - Building the attack - Demo Conclusion

Demo time!

Agenda Introduction Part I Part II Part III Background Our Story Towards an attack - EM Side-Channels - Noise in mixed-signal ICs - Discovery of the leak - Explanation - Building the attack - Demo results Conclusion

Impact

Impact General Problem Potential to affect any radio transmitter close to digital logic Not limited to IC designs

Impact General Problem Potential to affect any radio transmitter close to digital logic

Just a PoC? Attacks on real-world targets will follow Simple attack, we can do much better Collection: get more data in less time Processing: make better use of the information we have Abusing protocol weaknesses Share early, mitigate faster

Responsible Disclosure Contacted major vendors & multiple CERTs Multiple acknowledgments of the problem s generality 2 vendors are replicating our results 1 vendor looks actively into short- and long-term countermeasures

Countermeasures

Countermeasures Classic (SW/HW) Masking, Noise, good protocols, etc. "Easy" but may be expensive to buy license for low-cost chips A classic arms race can start Software-specific Turn off the radio during sensitive computations Not so easy if there are real-time requirements Turns off the channel completely Hardware-specific Consider security impact of noise coupling during design and testing Will it increase the cost too much?

Black Hat Sound Bytes What will you take home?

Screaming Channels: The Sound Bytes

Thank you! Code: https://www.github.com/eurecom-s3/screaming_channels More Info: https://s3.eurecom.fr/tools/screaming_channels <camurati@eurecom.fr> @GioCamurati <muench@eurecom.fr> @nsinusr

Acknowledgements The authors acknowledge the support of SeCiF project within the French-German Academy for the Industry of the future, as well as the support by the DAPCODS/IOTics ANR 2016 project (ANR-16-CE25-0015). We would like to thank the FIT R2lab team from Inria, Sophia Antipolis, for their help in using the R2lab testbed.

References [1] Kasper, Timo, et al. "EM side-channel attacks on commercial contactless smartcards using low-cost equipment." International Workshop on Information Security Applications. Springer, Berlin, Heidelberg, 2009. [2] Genkin, Daniel, et al. "ECDH key-extraction via low-bandwidth electromagnetic attacks on PCs." Cryptographers Track at the RSA Conference. Springer, Cham, 2016. [3] NSA. NACSIM 5000, Tempest fundamentals. Technical Report. 1982. Document declassified in 2000 and available at https://cryptome.org/jya/nacsim-5000/ nacsim-5000.htm

Third-Party Images - "nrf51822 - Bluetooth LE SoC : weekend die-shot" - CC-BY Modified with annotations. Original by zeptobars https://zeptobars.com/en/read/nrf51822-bluetooth-le-soc-cortex-m0 - "Github ribbon" - MIT mojombo https://blog.github.com/2008-12-19-github-ribbons/ - Television Antenna" - CC0 George Hodan https://www.publicdomainpictures.net/en/view-image.php?image=239649

Backup slides

Which devices? We do not want to blame a specific vendor Especially because the problem is general But you can find all names and details in the paper and on our website The problem is general Ack by vendors Attack on several BLE devices of the same vendor Signs of leaks on other (Wi-Fi) devices Also different types of leaks Still need more investigations (time )

What about hopping? Real BT communications use frequency hopping The carrier changes values (in a given set) following a pseudo-random sequence The frequency of the leak changes too We can still attack We can listen to multiple frequencies, or with a large bandwidth Actually, we already plan to exploit more replicas of the leak Tom Hayes, Sebastian Poeplau, and Aurélien Francillon worked on an IEEE 802.15.4 sniffer that concurrently listens to all channels, we could reuse the same ideas

What about Wi-Fi? The problem is in the mixed-signal design, not in the protocol We ended up on a BT chip by chance, and then decided to go deeper (increasing the distance) We have signs of (different) leaks in 2 Wi-Fi chips But for sure now we have to try more chips

What about Hardware AES? Hardware AES implementations are used for link layer encryption Attacking turns out to be more difficult than software AES Faster calculation, higher radio resolution is needed Most of the time blackbox implementations We ran some experiments 4/16 bytes recovered

Threat model? For these devices, side channels were not in the threat model Close physical proximity/access not too realistic Low cost, low impact But now attacks could be mounted from a large distance EM side channels become important Indeed remote timing side channels (cache) are already considered

Some Attack Data Distance Environment Implementation # Attack Traces # Template Traces 1 m Office tinyaes 52589 x 500 70000 x 500 3 m Anechoic Room tinyaes 718 x 500 70000 x 500 5m Anechoic Room tinyaes 428 x 500 70000 x 500 10 m Anechoic Room tinyaes 1428 x 500 130000 x 500

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback