Crypto Can Be Cracked ... Through Walls
Watch out for those side channels …
The cracking of encryption keys has often involved brute force methods or targeting flaws in its implementation. There is, though, increasing interest in physical side-channel attacks where there is an unintentional information leakage of cryptography information, such as from electromagnetic radiation, power consumption, electric voltage fluctuations, and even sound and thermal variations. Few companies currently protect their devices against side-channel attacks, especially as it would prove costly, and require extensive testing with complex equipment.
Devices too are becoming faster, and, as they do, they are likely to emit an increasing amount of radio and electromagnetic (EM) emissions. A 2GHz processor, for example, is running at the same frequency as our wi-fi signals (2.4 GHz), and often the chips are not protected from emitting radio waves, and that is it a natural by-product of the fast operation of the device. As these high frequencies it is often difficult to stop EM emissions and from these being coupled into nearby wires and into other circuits.
There has been work on cracking the RSA algorithm with acoustic methods, along with electromagnetic and voltage variations. Recently researchers have taken a significant step forward in a paper entitled [here]:
ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs
Within this paper, the authors outline the cracking of ECDH (Elliptic Curve Diffie-Hellman) which is one of the most popular key exchange methods and is often used when connecting to sites such as Microsoft Live, Google and Facebook.
In the work, they attack the ECDH public-key encryption algorithm and measure electromagnetic changes. It uses carefully chosen ciphertext, and a time-frequency signal analysis technique, in order to crack the key. This releases the decryption key within seconds, including from an antenna in another room.
ECDH is now a popular method and is basically the Diffie-Hellman key exchange method with the usage of elliptic curve methods.
The work of modulating the power rails on chips is well documented for discovering encryption keys, where the security and protection of the key are reduced. There has also been work on a “cold boot” where the memory chips are frozen, and which keep their bit states:
Differential Power analysis on SIM cards
So up to now, we all thought that SIM cards were secure from most types of attack. But Prof Yu-Yu from Shanghai Jiao Tong University has now shown that 3G/4G SIM cards, using 128-bit AES, can be hacked — so the nightmare of SIM card cloning could come true [paper].
The access to SIM encryption keys is a key focus for law enforcement, and it was highlighted earlier in the year when law enforcement agents were suspected of stealing the billions of encryption keys from Dutch SIM card manufacturer Gemalto. These keys would allow access to both the data and voice messages on the phones.
In his Black Hat USA 2015 presentation this week Prof Yu-Yu outlined how a differential power analysis method that recovers encryption keys from SIM cards and which allows them to be cloned. Overall it takes 10–40 minutes to recover the key, and his method has succeeded on eight of the most popular SIM card manufacturers.
He uses basically an oscilloscope to capture the power changes and a MP300-SC2 protocol analyser, along with a PC to analyse the cryptography (Figure 1). The work uses Differential Power Analysis (DPA). With Simple Power Analysis (SPA) we monitoring the power consumed by the processor, and this can give hints on the contents of its registers and data buses.
Figure 1: Prof Yu-Yu’s experimental setup
With DPA, the chips are given some tests for encryption, and then the power levels are observed for the chips, after which they are analysed to show a correlation of the bit patterns used (Figure 2). The differences in the encryption process are then used to crack the key. For example, we take some test data, and apply a range of keys to the device, and watch the power levels. Each of the power consumption levels will change depending on the activity within the chip.
Figure 2: Power analysis of the AES method
It is likely that the increase in lower-powered devices will lead the way in devices which are likely to be poorly protected, so, for areas of critical importance, such as in critical infrastructure protection, companies will have to verify that their devices are protected against side-channel attacks.
The crypto methods that we have often have not been designed to take into account electrical current drain, and also for electromagnetic radiation. Perhaps a rethink is required for general-purpose processors, as they seem to be responsible for giving clues to those who might monitor the systems?
A designer thus needs to think about:
- Will my encryption keys appear on the system bus?
- Does the processing of the crypto algorithm generate electrical changes which can be observed?
- How does the processing affect electromagnetic radiation around the system?
I can see a time where chips are surrounded by metal shielding and with an increasing number of filtering capacitors fitted to the electrical supplies. As the speed of chips increase, the changes of radiation through electrical supplies and from electromagnetic radiation also increases, so the problem is likely to get worse.
Apart from putting lots of shielding around a chip, there’s not much that can be done to stop the emission, so designers need to think about smart ways to obfuscate the processing operations. If we work in the microwave region, we’re going to be emitting lots of radio waves, and it’s these waves which often give away the keys to the castle.
Why is this so interesting to us? Well, our research team … including Dr Owen Lo … have been investigating side-channel attacks on devices … and can crack 128-bit AES keys in less than 30 minutes, just by listening to the power supply …