Tuesday, September 30, 2014

Key extraction from laptops using side-channels

The 2014 edition of CHES (Cryptographic Hardware and Embedded Systems) was held in Busan, Republic of Korea, and proved to be an enjoyable few days of talks and discussions.

One presentation I particularly enjoyed was "Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks On PCs" by Daniel Genkin, Itamar Pipman and Eran Tromer from Tel Aviv University, describing a new side-channel attack method for finding and acquiring physical measurement data that exhibits some sort of data-dependency with RSA and El-Gamal secret keys. They demonstrate how their method can be used to extract 4096-bit RSA keys and 3072-bit El-Gamal keys, and particularly noteworthy is that they can extract these keys from laptops.

Most "non-invasive" (in that the attacker can, for some definition of passive, passively record side-channel information during the operation of a device) types of side-channel attack involve measurements of power consumption or electromagnetic radiation produced by a device. All side-channel attacks exploit some form of data dependency between the value of the secret key and the side-channel acquisitions (power traces, timing information etc.). In this work, the authors find a new type of side-channel measurement containing information leakage, based on the observation that the "ground" electric potential in many devices can vary in an operation-dependent way.

The potential can then be measured relative to another ground, for instance by contacting exposed chassis metal (or any other conductive part of a laptop, e.g. heatsink fins, or port shielding) with a wire. Alternatively, an attacker can measure the potential at the end of a cable (e.g. Ethernet, any display cable) connected to the device, allowing for a potentially much more "remote" attack if the ends of the cable are out of sight for the laptop user. Perhaps most insidiously, the authors suggest that an attacker may be able to simply touch a conductive part of a laptop by hand, and measure his or her own potential relative to the ground of the surrounding room. One interesting thing about this method of gathering data is that it appears to be simpler---getting the "traditional" kind of side-channel information can be quite an intricate, time-consuming process---here, the attack data (appears to be) significantly easier to acquire.

In the publication, the authors show how a 4096-bit RSA public key and a 3072-bit El-Gamal key can be extracted from a laptop running the GnuPG public-key encryption software, and discuss some of the challenges involved with recording low-frequency (1.5 MHz down to 40 KHz) measurements from a high-frequency (e.g 2 GHz+) CPU. A nice touch was that in the talk Evan Tromer demonstrated (on stage) an execution of their attack, illustrating how a tapped VGA cable plugged into a laptop leaks information through this "ground potential" side-channel. If you're interested in finding out more, a much more thorough explanation and links to publication materials can be found here.