EE Seminar: Physical Side Channel Attacks on PC-Class Devices
Speaker: Itamar Pipman
M.Sc. student under the supervision of Prof. Eran Tromer and Prof Avishai Wool
Wednesday, November 1st, 2017 at 15:00
Room 011, Kitot Bldg., Faculty of Engineering
Physical Side Channel Attacks on PC-Class Devices
Abstract
Cryptography is essential in modern times, providing the basis for security and privacy in an increasingly technological world. With cryptographic algorithms becoming ever more prevalent, malicious attackers often attempt to circumvent their mathematical security by instead targeting imperfections in their physical implementation. These methods, often referred to as side channel attacks, have been used extensively to break seemingly secure cryptographic implementations. Such attacks often exploit unintentional physical effects such as power consumption or electromagnetic radiation generated during the cryptographic process, however they have been proven most effective only in certain circumstances.
Most attacks described in the literature target simple embedded devices with ad-hoc functionality such as micro-controllers, smartcards or RFID tags. These devices are often handed out to an adversary where they can be subjected to lengthy and invasive probing using dedicated equipment, possibly for hours or days. More generic computing platforms such as PCs are much more difficult to target, since they are comprised of a complex, multi-chip hardware architecture running a sophisticated software stack. Additionally, realistic attack scenarios are much more restrictive. Standard invasive practices can't be used since leaky hardware elements are encased inside the PCs protective chassis, and even simple proximal access to the device can only last a few moments before it is detected.
In this talk we show that these restrictions do not prevent practical attacks on PC-class devices. We present several successful key extraction attacks on laptop computers and mobile phones, running real-world cryptographic software. We utilize a frequency-domain based leakage detection methodology, successfully targeting exploitable emanations via multiple physical channels. Using suitable signal processing and denoising techniques we manage to mount attacks that are non-intrusive, last a few short seconds, and can be mounted covertly from a distance.
