Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels

We show that subtle acoustic noises emanating from within computer screens can be used to detect the content displayed on the screens. This sound can be picked up by ordinary microphones built into webcams or screens, and is inadvertently transmitted to other parties, e.g., during a videoconference call or archived recordings. It can also be recorded by a smartphone or "smart speaker" placed on a desk next to the screen, or from as far as 10 meters away using a parabolic microphone. Empirically demonstrating various attack scenarios, we show how this channel can be used for real-time detection of on-screen text, or users' input into on-screen virtual keyboards. We also demonstrate how an attacker can analyze the audio received during video call (e.g., on Google Hangout) to infer whether the other side is browsing the web in lieu of watching the video call, and which web site is displayed on their screen

A Case Study Exploring Side-Channel Attacks On Pet Wearables

IoT has long since come to the pet industry resulting in a proliferation of data-intensive devices including tracking anything from activity, health, to location. The resulting ‘Internet of Pets’ is generating large volumes of animal data which, due to the close link between the digital profile of companion animals held as pets (e.g., cats and dogs) and their caregivers holds significant security and privacy implications. In this case study we explore the vulnerability of such pet wearables to side-channel attacks, describing our implementation of an electromagnetic attack on a now discontinued dog activity tracker. We show how we were able to successfully exfiltrate data from the device during the Base64 encoding process and discuss what implications this holds for the security of these devices, given the lack of protection that animal data is afforded under extant existing data protection policy and legislation

Minerva: The curse of ECDSA nonces

We present our discovery of a group of side-channel vulnerabilities in implementations of the ECDSA signature algorithm in a widely used Atmel AT90SC FIPS 140-2 certified smartcard chip and five cryptographic libraries (libgcrypt, wolfSSL, MatrixSSL, SunEC/OpenJDK/Oracle JDK, Crypto++). Vulnerable implementations leak the bit-length of the scalar used in scalar multiplication via timing. Using leaked bit-length, we mount a lattice attack on a 256-bit curve, after observing enough signing operations. We propose two new methods to recover the full private key requiring just 500 signatures for simulated leakage data, 1200 for real cryptographic library data, and 2100 for smartcard data. The number of signatures needed for a successful attack depends on the chosen method and its parameters as well as on the noise profile, influenced by the type of leakage and used computation platform. We use the set of vulnerabilities reported in this paper, together with the recently published TPM-FAIL vulnerability as a basis for real-world benchmark datasets to systematically compare our newly proposed methods and all previously published applicable lattice-based key recovery methods. The resulting exhaustive comparison highlights the methods\u27 sensitivity to its proper parametrization and demonstrates that our methods are more efficient in most cases. For the TPM-FAIL dataset, we decreased the number of required signatures from approximately 40 000 to mere 900

Physical Fault Injection and Side-Channel Attacks on Mobile Devices:A Comprehensive Analysis

Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, high-frequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device data, such as trusted execution environments, full-disk and file-based encryption. Both advancements have dramatically complicated the use of conventional physical attacks, requiring the development of specialised attacks. In this survey, we consolidate recent developments in physical fault injections and side-channel attacks on modern mobile devices. In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021. We evaluate the prevailing methods, compare existing attacks using a common set of criteria, identify several challenges and shortcomings, and suggest future directions of research

EM Side Channel Analysis on Complex SoC architectures

The EM side channel analysis is a very effective technique to attack cryptographic systems due to its non invasive nature and capability to launch an attack even with limited resources. The EM leakage from devices can give information about computations on the processor, which can in turn reveal the internal state of the algorithm. For security sensitive algorithms, these EM radiations can be exploited by the adversary to extract secret key dependent operations hence EM side channel must be studied for evaluating the security of these algorithms. Modern embedded devices composed of System-on-Chip architectures are considered hard targets for EM side channel analysis mainly due to their complex architecture. This thesis explores the viability of EM side channel attacks on such targets. There is a comprehensive literature overview of EM side channel analysis followed by a practical side channel attack on a SoC device using well know cryptographic library OpenSSL. The attack successfully extracts the secret key dependent operation which can be used to retrieve the private key in security protocols such as TLS and SSH. The thesis concludes, with practical single trace attacks, that cryptographic implementations can still be broken using EM side channel analysis, and a complex nature of the device have no significant effect when combined with signal processing methods for extracting side channel information, hence the cryptographic software implementations must address these issues

Similar operation template attack on RSA-CRT as a case study

A template attack, the most powerful side-channel attack methods, usually first builds the leakage profiles from a controlled profiling device, and then uses these profiles to recover the secret of the target device. It is based on the fact that the profiling device shares similar leakage characteristics with the target device. In this study, we focus on the similar operations in a single device and propose a new variant of the template attack, called the similar operation template attack (SOTA). SOTA builds the models on public variables (e.g., input/output) and recovers the values of the secret variables that leak similar to the public variables. SOTA’s advantage is that it can avoid the requirement of an additional profiling device. In this study, the proposed SOTA method is applied to a straightforward RSA-CRT implementation. Because the leakage is (almost) the same in similar operations, we reduce the security of RSA-CRT to a hidden multiplier problem (HMP) over GF(q), which can be solved byte-wise using our proposed heuristic algorithm. The effectiveness of our proposed method is verified as an entire prime recovery procedure in a practical leakage scenario

Side-Channel Analysis of Weierstrass and Koblitz Curve ECDSA on Android Smartphones

In this paper, we study the side-channel resistance of the implementation of the ECDSA signature scheme in Android\u27s standard cryptographic library. We show that, for elliptic curves over prime fields, one can recover the secret key very efficiently on smartphones using electromagnetic side-channel and well-known lattice reduction techniques. We experimentally show that elliptic curve operations (doublings and additions) can be distinguished in a multi-core CPU clocking over the giga-hertz. We then extend the standard lattice attack on ECDSA over prime fields to binary Koblitz curves. This is the first time that such an attack is described on Koblitz curves. These curves, which are also available in Bouncy Castle, allow very efficient implementations using the Frobenius operation. This leads to signal processing challenges since the number of available points are reduced. We investigate practical side-channel, showing the concrete vulnerability of such implementations. In comparison to previous works targeting smartphones, the attacks presented in the paper benefits from discernible architectural features, like specific instructions computations or memory accesses

Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices

Contains fulltext : 187230.pdf (preprint version ) (Open Access