ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels

被引：106

作者：

Genkin, Daniel ^{[1
,2
]}

Pachmanov, Lev ^{[2
]}

Pipman, Itamar ^{[2
]}

Tromer, Eran ^{[2
]}

Yarom, Yuval ^{[3
,4
]}

机构：

[1] Technion, Haifa, Israel

[2] Tel Aviv Univ, IL-69978 Tel Aviv, Israel

[3] Univ Adelaide, Adelaide, SA 5005, Australia

[4] CSIRO, Data61, Canberra, ACT, Australia

来源：

CCS'16: PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY | 2016年

关键词：

ATTACKS; BIT;

D O I：

10.1145/2976749.2978353

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

We show that elliptic-curve cryptography implementations on mobile devices are vulnerable to electromagnetic and power side-channel attacks. We demonstrate full extraction of ECDSA secret signing keys from OpenSSL and CoreBitcoin running on iOS devices, and partial key leakage from OpenSSL running on Android and from iOS's Common-Crypto. These non-intrusive attacks use a simple magnetic probe placed in proximity to the device, or a power probe on the phone's USB cable. They use a bandwidth of merely a few hundred kHz, and can be performed cheaply using an audio card and an improvised magnetic probe.

引用

页码：1626 / 1638

页数：13

共 54 条

[1]

Abouelmagd D., 2011, Public Housing and Public Housing Policies in Greater Cairo. Housing and urban issues in developing countries, P1

[2]

Agrawal D, 2002, LECT NOTES COMPUT SC, V2523, P29

[3] On the Malleability of Bitcoin Transactions [J].

Andrychowicz, Marcin ;

Dziembowski, Stefan ;

Malinowski, Daniel ;

Mazurek, Lukasz .

FINANCIAL CRYPTOGRAPHY AND DATA SECURITY (FC 2015), 2015, 8976 :1-18

[4]

[Anonymous], CHES 2001

[5]

[Anonymous], CT RSA 2016 IN PRESS

[6]

[Anonymous], CHES 2012 RUMP SESS

[7]

[Anonymous], 2008, Security Engineering-A Guide to Building Dependable Distributed Systems

[8]

[Anonymous], FPLLL 4 0 FLOATING P

[9]

[Anonymous], 2011, FINANCIAL CRYPTOGRAP, DOI DOI 10.1007/978-3-642-29889-9_4

[10]

[Anonymous], CHES 2002

← 1 2 3 4 5 6 →