ECDSA key extraction from mobile devices via nonintrusive electromagnetic attacks

Authors

Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer and Yuval Yarom

Technion — Israel Institute of Technology

Tel-Aviv University

University of Adelaide

Data61
CSIRO

Abstract

We show that elliptic-curve cryptography implementations on mobile devices are vulnerable to electromagnetic and power side-channel attacks. We demonstrate full extraction of ECDSA secret signing keys from OpenSSL and CoreBitcoin running on iOS devices, and partial key leakage from OpenSSL running on Android and from iOS's Common- Crypto. These non-intrusive attacks use a simple magnetic probe placed in proximity to the device, or a power probe on the phone's USB cable. They use a bandwidth of merely a few hundred kHz, and can be performed cheaply using an audio card and an improvised magnetic probe.

BibTeX Entry

  @inproceedings{genkin_PPTY_16,
    author           = {Genkin, Daniel and Pachmanov, Lev and Pipman, Itamar and Tromer, Eran and Yarom, Yuval},
    month            = oct,
    year             = {2016},
    keywords         = {side channel attack, elliptic curve, electromagnetic analysis, power analysis},
    address          = {Vienna, Austria},
    title            = {{ECDSA} Key Extraction from Mobile Devices via Nonintrusive Electromagnetic Attacks},
    pages            = {1626--1638},
    booktitle        = {ACM Conference on Computer and Communications Security},
    paperurl         = {https://ts.data61.csiro.au/publications/nicta_full_text/9404.pdf}
  }

TS

ECDSA key extraction from mobile devices via nonintrusive electromagnetic attacks

Authors

Abstract

BibTeX Entry

Download