Abstract
Computers broadcast their secrets via inadvertent physical emanations that are easily measured and exploited.
- Agrawal, D., Archambeault, B., Rao, J.R., and Rohatgi, P. The EM side-channel(s). In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002). Springer, 2002, 29--45. Google ScholarDigital Library
- Anderson, R.J. Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition. Wiley, 2008. Google ScholarDigital Library
- Asonov, D. and Agrawal, R. Keyboard acoustic emanations. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 2004, 3--11.Google ScholarCross Ref
- Backes, M., Dürmuth, M., Gerling, S., Pinkal, M., and Sporleder, C. Acoustic side-channel attacks on printers. In Proceedings of the USENIX Security Symposium 2010. USENIX Association, 2010, 307--322. Google ScholarDigital Library
- Belgarric, P., Fouque, P.-A., Macario-Rat, G., and Tibouchi, M. Side-channel analysis of Weierstrass and Koblitz curve ECDSA on Android smartphones. In Proceedings of the Cryptographers' Track of the RSA Conference (CT-RSA 2016). Springer, 2016, 236--252.Google ScholarDigital Library
- Bernstein, D.J. Cache-timing attacks on AES. 2005; http://cr.yp.to/papers.html#cachetimingGoogle Scholar
- Brouchier, J., Dabbous, N., Kean, T., Marsh, C., and Naccache, D. Thermocommunication. Cryptology ePrint Archive, Report 2009/002, 2009; https://eprint.iacr.org/2009/002Google Scholar
- Brumley, D. and Boneh, D. Remote timing attacks are practical. Computer Networks 48, 5 (Aug. 2005), 701--716. Google ScholarDigital Library
- Clark, S.S., Mustafa, H.A., Ransford, B., Sorber, J., Fu, K., and Xu, W. Current events: Identifying webpages by tapping the electrical outlet. In Proceedings of the 18th European Symposium on Research in Computer Security (ESORICS 2013). Springer, Berlin, Heidelberg, 2013, 700--717.Google ScholarCross Ref
- Clark, S.S., Ransford, B., Rahmati, A., Guineau, S., Sorber, J., Xu, W., and Fu, K. WattsUpDoc: Power side channels to nonintrusively discover untargeted malware on embedded medical devices. In Proceedings of the USENIX Workshop on Health Information Technologies (HealthTech 2013). USENIX Association, 2013. Google ScholarDigital Library
- Gandolfi, K., Mourtel, C., and Olivier, F. Electromagnetic analysis: Concrete results. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES 2001). Springer, Berlin, Heidelberg, 2001, 251--261. Google ScholarDigital Library
- Genkin, D., Pachmanov, L., Pipman, I., and Tromer, E. Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES 2015). Springer, 2015, 207--228.Google ScholarCross Ref
- Genkin, D., Pachmanov, L., Pipman, I., and Tromer, E. ECDH key-extraction via low-bandwidth electromagnetic attacks on PCs. In Proceedings of the Cryptographers' Track of the RSA Conference (CT-RSA 2016). Springer, 2016, 219--235.Google ScholarDigital Library
- Genkin, D., Pachmanov, L., Pipman, I., Tromer, E., and Yarom, Y. ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels. Cryptology ePrint Archive, Report 2016/230, 2016; http://eprint.iacr.org/2016/230Google Scholar
- Genkin, E., Pipman, I., and Tromer, E. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES 2014). Springer, 2014, 242--260. Google ScholarDigital Library
- Genkin, D., Shamir, A., and Tromer, E. RSA key extraction via low-bandwidth acoustic cryptanalysis. In Proceedings of the Annual Cryptology Conference (CRYPTO 2014). Springer, 2014, 444--461.Google ScholarCross Ref
- Kenworthy, G. and Rohatgi, P. Mobile device security: The case for side-channel resistance. In Proceedings of the Mobile Security Technologies Conference (MoST), 2012; http://mostconf.org/2012/papers/21.pdfGoogle Scholar
- Kocher, P., Jaffe, J., and Jun, B. Differential power analysis. In Proceedings of the Annual Cryptology Conference (CRYPTO 1999). Springer, 1999, 388--397. Google ScholarDigital Library
- Kocher, P., Jaffe, J., Jun, B., and Rohatgi, P. Introduction to differential power analysis. Journal of Cryptographic Engineering 1, 1 (2011), 5--27.Google ScholarCross Ref
- Kocher, P.C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Proceedings of the Annual Cryptology Conference (CRYPTO 1996). Springer, 1996, 104--113. Google ScholarDigital Library
- Kuhn, M.G. Compromising Emanations: Eavesdropping Risks of Computer Displays. Ph.D. Thesis and Technical Report UCAM-CL-TR-577. University of Cambridge Computer Laboratory, Cambridge, U.K., Dec. 2003; https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdfGoogle Scholar
- Loughry, J. and Umphress, D.A. Information leakage from optical emanations. ACM Transactions on Information Systems Security 5, 3 (Aug. 2002), 262--289. Google ScholarDigital Library
- Mangard, S., Oswald, E., and Popp, T. Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Berlin, Heidelberg, 2007. Google Scholar
- Nakano, Y., Souissi, Y., Nguyen, R., Sauvage, L., Danger, J., Guilley, S., Kiyomoto, S., and Miyake, Y. A pre-processing composition for secret key recovery on Android smartphones. In Proceedings of the International Workshop on Information Security Theory and Practice (WISTP 2014). Springer, Berlin, Heidelberg, 2014. Google ScholarDigital Library
- Oren, Y. and Shamir, A. How not to protect PCs from power analysis. Presented at the Annual Cryptology Conference (CRYPTO 2006) rump session. 2006; http://iss.oy.ne.ro/HowNotToProtectPCsFromPowerAnalysisGoogle Scholar
- Osvik, D.A., Shamir, A., and Tromer, E. Cache attacks and countermeasures: The case of AES. In Proceedings of the Cryptographers' Track of the RSA Conference (CT-RSA 2006). Springer, 2006,1--20. Google ScholarDigital Library
- Percival, C. Cache missing for fun and profit. In Proceedings of the BSDCan Conference, 2005; http://www.daemonology.net/hyperthreading-consideredharmfulGoogle Scholar
- Quisquater, J.-J. and Samyde, D. Electromagnetic analysis (EMA): Measures and countermeasures for smartcards. In Proceedings of the Smart Card Programming and Security: International Conference on Research in Smart Cards (E-smart 2001). Springer, 2001, 200--210. Google ScholarDigital Library
- Skorobogatov, S. Optical Surveillance on Silicon Chips. University of Cambridge, Cambridge, U.K., 2009; http://www.cl.cam.ac.uk/~sps32/SG_talk_OSSC_a.pdfGoogle Scholar
- van Eck, W. Electromagnetic radiation from video display units: An eavesdropping risk? Computers and Security 4, 4 (Dec. 1985), 269--286. Google ScholarDigital Library
- Wright, P. Spycatcher. Viking Penguin, New York, 1987.Google Scholar
- Yarom, Y. and Falkner, K. FLUSH+RELOAD: A high-resolution, low-noise, L3 cache side-channel attack. In Proceedings of the USENIX Security Symposium 2014. USENIX Association, 2014, 719--732. Google ScholarDigital Library
- Yarom, Y., Liu, F., Ge, Q., Heiser, G., and Lee, R.B. Last-level cache side-channel attacks are practical. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 2015, 606--622. Google ScholarDigital Library
- Yen, S.-M., Lien, W.-C., Moon, S.-J., and Ha, J. Power analysis by exploiting chosen message and internal collisions: Vulnerability of checking mechanism for RSA decryption. In Proceedings of the International Conference on Cryptology in Malaysia (Mycrypt 2005). Springer, 2005, 183--195. Google ScholarDigital Library
- Zajic, A. and Prvulovic, M. Experimental demonstration of electromagnetic information leakage from modern processor-memory systems. IEEE Transactions on Electromagnetic Compatibility 56, 4 (Aug. 2014), 885--893.Google ScholarCross Ref
Index Terms
Physical key extraction attacks on PCs
Recommendations
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityWe introduce the key reinstallation attack. This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This resets the key's associated parameters such as transmit nonces and receive replay counters. ...
Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
AbstractCyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
Comments