Computer-stored encryption keys are not safe from side-channel attacks
http://www.techrepublic.com/article/computer-stored-encryption-keys-are-not-... Computer-stored encryption keys are not safe from side-channel attacks By Michael Kassner March 11, 2015, 1:25 PM PST Using side-channel technology, researchers at Tel Aviv University can extract decryption keys from RSA and ElGamal implementations without altering or having control of a computer. Figure A: Tel Aviv University researchers built this self-contained PITA receiver. Image courtesy of Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, and Tel Aviv University Not that long ago, grabbing information from air-gapped computers required sophisticated equipment. In my TechRepublic column Air-gapped computers are no longer secure, researchers at Georgia Institute of Technology explain how simple it is to capture keystrokes from a computer just using spurious electromagnetic side-channel emissions emanating from the computer under attack. Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer, researchers at Tel Aviv University, agree the process is simple. However, the scientists have upped the ante, figuring out how to ex-filtrate complex encryption data using side-channel technology. The process In the paper Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation (PDF), the researchers explain how they determine decryption keys for mathematically-secure cryptographic schemes by capturing information about secret values inside the computation taking place in the computer. "We present new side-channel attacks on RSA and ElGamal implementations that use the popular sliding-window or fixed-window (m-ary) modular exponentiation algorithms," the team writes. "The attacks can extract decryption keys using a low measurement bandwidth (a frequency band of less than 100 kHz around a carrier under 2 MHz) even when attacking multi-GHz CPUs." If that doesn't mean much, this might help: The researchers can extract keys from GnuPG in just a few seconds by measuring side-channel emissions from computers. "The measurement equipment is cheap, compact, and uses readily-available components," add the researchers. Using that philosophy the university team developed the following attacks. Software Defined Radio (SDR) attack: This comprises of a shielded loop antenna to capture the side-channel signal, which is then recorded by an SDR program installed on a notebook. Portable Instrument for Trace Acquisition (PITA) attack: The researchers, using available electronics and food items (who says academics don't have a sense of humor?), built the self-contained receiver shown in Figure A. The PITA receiver has two modes: online and autonomous. Online: PITA connects to a nearby observation station via Wi-Fi, providing real-time streaming of the digitized signal. Autonomous: Similar to online mode, PITA first measures the digitized signal, then records it on an internal microSD card for later retrieval by physical access or via Wi-Fi. Consumer radio attack: To make an even cheaper version, the team leveraged knowing that side-channel signals modulate at a carrier frequency near 1.7 MHz, which is within the AM radio frequency band. "We used a plain consumer-grade radio receiver to acquire the desired signal, replacing the magnetic probe and SDR receiver," the authors explain. "We then recorded the signal by connecting it to the microphone input of an HTC EVO 4G smartphone." Cryptanalytic approach This is where the magic occurs. I must confess that paraphrasing what the researchers accomplished would be a disservice; I felt it best to include their cryptanalysis description verbatim: "Our attack utilizes the fact that, in the sliding-window or fixed window exponentiation routine, the values inside the table of ciphertext powers can be partially predicted. By crafting a suitable ciphertext, the attacker can cause the value at a specific table entry to have a specific structure. "This structure, coupled with a subtle control flow difference deep inside GnuPG's basic multiplication routine, will cause a noticeable difference in the leakage whenever a multiplication by this structured value has occurred. This allows the attacker to learn all the locations inside the secret exponent where the specific table entry is selected by the bit pattern in the sliding window. Repeating this process across all table indices reveals the key." Figure B is a spectrogram displaying measured power as a function of time and frequency for a recording of GnuPG decrypting the same ciphertext using different randomly generated RSA keys. The research team's explanation: "It is easy to see where each decryption starts and ends (yellow arrow). Notice the change in the middle of each decryption operation, spanning several frequency bands. This is because, internally, each GnuPG RSA decryption first exponentiates modulo the secret prime p and then modulo the secret prime q, and we can see the difference between these stages. "Each of these pairs looks different because each decryption uses a different key. So in this example, by observing electromagnetic emanations during decryption operations, using the setup from this figure, we can distinguish between different secret keys." Figure B: A spectrogram Image courtesy of Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, and Tel Aviv University Any way to prevent the leakage? One solution, albeit unwieldy, is operating the computer in a Faraday cage, which prevents any spurious emissions from escaping. "The cryptographic software can be changed, and algorithmic techniques used to render the emanations less useful to the attacker," mentions the paper. "These techniques ensure the behavior of the algorithm is independent of the inputs it receives." Interestingly, the research paper tackles a question about side-channel attacks that TechRepublic readers commented on in my earlier article, "It's a hardware problem, so why not fix the equipment?" Basically the researchers mention that the emissions are at such a low level, prevention is impractical because: Any leakage remnants can often be amplified by suitable manipulation as we do in our chosen-ciphertext attack; and Leakage is often an inevitable side effect of essential performance-enhancing mechanisms. Something else of interest: the National Institute of Standards and Technology (NIST) considers resistance to side-channel attacks an important evaluation consideration in its SHA-3 competition.
Eugen Leitl <eugen@leitl.org> wrote:
http://www.techrepublic.com/article/computer-stored-encryption-keys-are-not-...
The researchers' web page http://www.tau.ac.il/~tromer/acoustic/ They presented similar attacks using acoustic emanations at CRYPTO14. -=rsw
Approximately December 24, perhaps it was 1996, I published an idea on a USENET area (maybe it was SCI.CRYPT) that proposed an idea that clock oscillators used in computers could be frequency-modulated with a long-period pseudo-random (linear feedback shift register) value to smear the output of the signal (and everything that depends on it) over a range of frequencies.Curiously, in early 2007 (When I was at United States Penitentiary, Florence Colorado) I received a letter from a law firm offering me $5,000 for ownership of this idea. (They had apparently figured out who I was, and had traced me down at my then-current address.) I presumed that around that time, there was probably a lawsuit challenging a patent on this matter, and the law firm was doing 'due diligence' looking for ammunition. I counter-offered that if they pay me 1/3 of the value of this idea, I would settle for that. Never heard back from them. Jim Bell On Friday, March 13, 2015 3:56 AM, Eugen Leitl <eugen@leitl.org> wrote: http://www.techrepublic.com/article/computer-stored-encryption-keys-are-not-... Computer-stored encryption keys are not safe from side-channel attacks By Michael Kassner March 11, 2015, 1:25 PM PST Using side-channel technology, researchers at Tel Aviv University can extract decryption keys from RSA and ElGamal implementations without altering or having control of a computer. Figure A: Tel Aviv University researchers built this self-contained PITA receiver. Image courtesy of Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, and Tel Aviv University Not that long ago, grabbing information from air-gapped computers required sophisticated equipment. In my TechRepublic column Air-gapped computers are no longer secure, researchers at Georgia Institute of Technology explain how simple it is to capture keystrokes from a computer just using spurious electromagnetic side-channel emissions emanating from the computer under attack. Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer, researchers at Tel Aviv University, agree the process is simple. However, the scientists have upped the ante, figuring out how to ex-filtrate complex encryption data using side-channel technology. The process In the paper Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation (PDF), the researchers explain how they determine decryption keys for mathematically-secure cryptographic schemes by capturing information about secret values inside the computation taking place in the computer. "We present new side-channel attacks on RSA and ElGamal implementations that use the popular sliding-window or fixed-window (m-ary) modular exponentiation algorithms," the team writes. "The attacks can extract decryption keys using a low measurement bandwidth (a frequency band of less than 100 kHz around a carrier under 2 MHz) even when attacking multi-GHz CPUs." If that doesn't mean much, this might help: The researchers can extract keys from GnuPG in just a few seconds by measuring side-channel emissions from computers. "The measurement equipment is cheap, compact, and uses readily-available components," add the researchers. Using that philosophy the university team developed the following attacks. Software Defined Radio (SDR) attack: This comprises of a shielded loop antenna to capture the side-channel signal, which is then recorded by an SDR program installed on a notebook. Portable Instrument for Trace Acquisition (PITA) attack: The researchers, using available electronics and food items (who says academics don't have a sense of humor?), built the self-contained receiver shown in Figure A. The PITA receiver has two modes: online and autonomous. Online: PITA connects to a nearby observation station via Wi-Fi, providing real-time streaming of the digitized signal. Autonomous: Similar to online mode, PITA first measures the digitized signal, then records it on an internal microSD card for later retrieval by physical access or via Wi-Fi. Consumer radio attack: To make an even cheaper version, the team leveraged knowing that side-channel signals modulate at a carrier frequency near 1.7 MHz, which is within the AM radio frequency band. "We used a plain consumer-grade radio receiver to acquire the desired signal, replacing the magnetic probe and SDR receiver," the authors explain. "We then recorded the signal by connecting it to the microphone input of an HTC EVO 4G smartphone." Cryptanalytic approach This is where the magic occurs. I must confess that paraphrasing what the researchers accomplished would be a disservice; I felt it best to include their cryptanalysis description verbatim: "Our attack utilizes the fact that, in the sliding-window or fixed window exponentiation routine, the values inside the table of ciphertext powers can be partially predicted. By crafting a suitable ciphertext, the attacker can cause the value at a specific table entry to have a specific structure. "This structure, coupled with a subtle control flow difference deep inside GnuPG's basic multiplication routine, will cause a noticeable difference in the leakage whenever a multiplication by this structured value has occurred. This allows the attacker to learn all the locations inside the secret exponent where the specific table entry is selected by the bit pattern in the sliding window. Repeating this process across all table indices reveals the key." Figure B is a spectrogram displaying measured power as a function of time and frequency for a recording of GnuPG decrypting the same ciphertext using different randomly generated RSA keys. The research team's explanation: "It is easy to see where each decryption starts and ends (yellow arrow). Notice the change in the middle of each decryption operation, spanning several frequency bands. This is because, internally, each GnuPG RSA decryption first exponentiates modulo the secret prime p and then modulo the secret prime q, and we can see the difference between these stages. "Each of these pairs looks different because each decryption uses a different key. So in this example, by observing electromagnetic emanations during decryption operations, using the setup from this figure, we can distinguish between different secret keys." Figure B: A spectrogram Image courtesy of Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, and Tel Aviv University Any way to prevent the leakage? One solution, albeit unwieldy, is operating the computer in a Faraday cage, which prevents any spurious emissions from escaping. "The cryptographic software can be changed, and algorithmic techniques used to render the emanations less useful to the attacker," mentions the paper. "These techniques ensure the behavior of the algorithm is independent of the inputs it receives." Interestingly, the research paper tackles a question about side-channel attacks that TechRepublic readers commented on in my earlier article, "It's a hardware problem, so why not fix the equipment?" Basically the researchers mention that the emissions are at such a low level, prevention is impractical because: Any leakage remnants can often be amplified by suitable manipulation as we do in our chosen-ciphertext attack; and Leakage is often an inevitable side effect of essential performance-enhancing mechanisms. Something else of interest: the National Institute of Standards and Technology (NIST) considers resistance to side-channel attacks an important evaluation consideration in its SHA-3 competition.
If you didn't patent it and you published it publicly, you effectively gave it away for anyone to use. It is also now prior art, so finding a link that proves it was published would be useful. And you have bragging rights to inventing it if you were first. So, the $5000 would have been a good deal since you didn't have any value to sell, since everyone already "owns" a license to use it. sdw On 3/13/15 11:21 AM, jim bell wrote:
Approximately December 24, perhaps it was 1996, I published an idea on a USENET area (maybe it was SCI.CRYPT) that proposed an idea that clock oscillators used in computers could be frequency-modulated with a long-period pseudo-random (linear feedback shift register) value to smear the output of the signal (and everything that depends on it) over a range of frequencies. Curiously, in early 2007 (When I was at United States Penitentiary, Florence Colorado) I received a letter from a law firm offering me $5,000 for ownership of this idea. (They had apparently figured out who I was, and had traced me down at my then-current address.) I presumed that around that time, there was probably a lawsuit challenging a patent on this matter, and the law firm was doing 'due diligence' looking for ammunition. I counter-offered that if they pay me 1/3 of the value of this idea, I would settle for that. Never heard back from them. Jim Bell
On Friday, March 13, 2015 3:56 AM, Eugen Leitl <eugen@leitl.org> wrote:
http://www.techrepublic.com/article/computer-stored-encryption-keys-are-not-...
Computer-stored encryption keys are not safe from side-channel attacks
By Michael Kassner March 11, 2015, 1:25 PM PST
Using side-channel technology, researchers at Tel Aviv University can extract decryption keys from RSA and ElGamal implementations without altering or having control of a computer.
Figure A: Tel Aviv University researchers built this self-contained PITA receiver. Image courtesy of Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, and Tel Aviv University
Not that long ago, grabbing information from air-gapped computers required sophisticated equipment. In my TechRepublic column Air-gapped computers are no longer secure, researchers at Georgia Institute of Technology explain how simple it is to capture keystrokes from a computer just using spurious electromagnetic side-channel emissions emanating from the computer under attack.
Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer, researchers at Tel Aviv University, agree the process is simple. However, the scientists have upped the ante, figuring out how to ex-filtrate complex encryption data using side-channel technology.
The process In the paper Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation (PDF), the researchers explain how they determine decryption keys for mathematically-secure cryptographic schemes by capturing information about secret values inside the computation taking place in the computer.
"We present new side-channel attacks on RSA and ElGamal implementations that use the popular sliding-window or fixed-window (m-ary) modular exponentiation algorithms," the team writes. "The attacks can extract decryption keys using a low measurement bandwidth (a frequency band of less than 100 kHz around a carrier under 2 MHz) even when attacking multi-GHz CPUs."
If that doesn't mean much, this might help: The researchers can extract keys from GnuPG in just a few seconds by measuring side-channel emissions from computers. "The measurement equipment is cheap, compact, and uses readily-available components," add the researchers. Using that philosophy the university team developed the following attacks.
Software Defined Radio (SDR) attack: This comprises of a shielded loop antenna to capture the side-channel signal, which is then recorded by an SDR program installed on a notebook.
Portable Instrument for Trace Acquisition (PITA) attack: The researchers, using available electronics and food items (who says academics don't have a sense of humor?), built the self-contained receiver shown in Figure A. The PITA receiver has two modes: online and autonomous.
Online: PITA connects to a nearby observation station via Wi-Fi, providing real-time streaming of the digitized signal. Autonomous: Similar to online mode, PITA first measures the digitized signal, then records it on an internal microSD card for later retrieval by physical access or via Wi-Fi.
Consumer radio attack: To make an even cheaper version, the team leveraged knowing that side-channel signals modulate at a carrier frequency near 1.7 MHz, which is within the AM radio frequency band. "We used a plain consumer-grade radio receiver to acquire the desired signal, replacing the magnetic probe and SDR receiver," the authors explain. "We then recorded the signal by connecting it to the microphone input of an HTC EVO 4G smartphone."
Cryptanalytic approach
This is where the magic occurs. I must confess that paraphrasing what the researchers accomplished would be a disservice; I felt it best to include their cryptanalysis description verbatim:
"Our attack utilizes the fact that, in the sliding-window or fixed window exponentiation routine, the values inside the table of ciphertext powers can be partially predicted. By crafting a suitable ciphertext, the attacker can cause the value at a specific table entry to have a specific structure.
"This structure, coupled with a subtle control flow difference deep inside GnuPG's basic multiplication routine, will cause a noticeable difference in the leakage whenever a multiplication by this structured value has occurred. This allows the attacker to learn all the locations inside the secret exponent where the specific table entry is selected by the bit pattern in the sliding window. Repeating this process across all table indices reveals the key."
Figure B is a spectrogram displaying measured power as a function of time and frequency for a recording of GnuPG decrypting the same ciphertext using different randomly generated RSA keys. The research team's explanation:
"It is easy to see where each decryption starts and ends (yellow arrow). Notice the change in the middle of each decryption operation, spanning several frequency bands. This is because, internally, each GnuPG RSA decryption first exponentiates modulo the secret prime p and then modulo the secret prime q, and we can see the difference between these stages.
"Each of these pairs looks different because each decryption uses a different key. So in this example, by observing electromagnetic emanations during decryption operations, using the setup from this figure, we can distinguish between different secret keys."
Figure B: A spectrogram Image courtesy of Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, and Tel Aviv University
Any way to prevent the leakage?
One solution, albeit unwieldy, is operating the computer in a Faraday cage, which prevents any spurious emissions from escaping. "The cryptographic software can be changed, and algorithmic techniques used to render the emanations less useful to the attacker," mentions the paper. "These techniques ensure the behavior of the algorithm is independent of the inputs it receives."
Interestingly, the research paper tackles a question about side-channel attacks that TechRepublic readers commented on in my earlier article, "It's a hardware problem, so why not fix the equipment?"
Basically the researchers mention that the emissions are at such a low level, prevention is impractical because:
Any leakage remnants can often be amplified by suitable manipulation as we do in our chosen-ciphertext attack; and Leakage is often an inevitable side effect of essential performance-enhancing mechanisms.
Something else of interest: the National Institute of Standards and Technology (NIST) considers resistance to side-channel attacks an important evaluation consideration in its SHA-3 competition.
Yes, I understand that having written it into a public forum, and not patenting it, I did indeed give it away for anyone else to use. What probably happened was that someone was suing someone else for stealing that idea, and one of those somebodies did a REALLY extensive search and found my invention. Presumably it would have benefited the somebody who did the search to be able to say something like, "We didn't steal the idea from you, Jim Bell thought of it first..." Yes, in hindsight I should have taken the $5000 and run. Jim Bell On Friday, March 13, 2015 1:04 PM, Stephen D. Williams <sdw@lig.net> wrote: If you didn't patent it and you published it publicly, you effectively gave it away for anyone to use. It is also now prior art, so finding a link that proves it was published would be useful. And you have bragging rights to inventing it if you were first. So, the $5000 would have been a good deal since you didn't have any value to sell, since everyone already "owns" a license to use it. sdw On 3/13/15 11:21 AM, jim bell wrote: Approximately December 24, perhaps it was 1996, I published an idea on a USENET area (maybe it was SCI.CRYPT) that proposed an idea that clock oscillators used in computers could be frequency-modulated with a long-period pseudo-random (linear feedback shift register) value to smear the output of the signal (and everything that depends on it) over a range of frequencies. Curiously, in early 2007 (When I was at United States Penitentiary, Florence Colorado) I received a letter from a law firm offering me $5,000 for ownership of this idea. (They had apparently figured out who I was, and had traced me down at my then-current address.) I presumed that around that time, there was probably a lawsuit challenging a patent on this matter, and the law firm was doing 'due diligence' looking for ammunition. I counter-offered that if they pay me 1/3 of the value of this idea, I would settle for that. Never heard back from them. Jim Bell
participants (4)
-
Eugen Leitl
-
jim bell
-
Riad S. Wahby
-
Stephen D. Williams