Boffins: Mixed-signal silicon can SCREAM your secrets to all Side-channel radio attacks just got a whole lot worse: a group of researchers from Eurecom's Software and Systems Security Group has extracted crypto keys from the noise generated by ordinary communications chips. Unlike more esoteric side-channels, which often need physical access to a target machine or some kind of malware …
Oh, dear. But this shouldn't come as a surprise. Crypto gear used by governments, after all, has shielding between the parts that handle unenciphered data and the enciphered data that is to be sent out over the air. It's not possible to put different parts of the same chip in separate metal boxes.
Someone with a reciever and fancy gear within a few metres of you, though, isn't in most people's threat models, fortunately.
"Someone with a reciever and fancy gear within a few metres of you, though, isn't in most people's threat models, fortunately."
Is the anechoic chamber (mentioned in the article, presumably also serving as a Faraday cage?) also an essential part of the attack+disclosure process? Not exactly representative of the typical operating environment of most electronics these days...
Are these Nice people in Sophia Antipolis looking for free marketing coverage? Working so far, and why not.
Using anechoic chambers for RF testing is standard practice. It's pointless the researchers saying 'we could do this at ten metres in a standard office environment' because there is no such thing. Other researchers have an idea from previous research of how results in an anechoic chamber might translate to to an open plan office with stud walls of material X, containing 3 routers, 15 laptops, 10 desktops of which 5 are using g Bluetooth keyboards, a microwave oven and 20 mobile phones etc etc etc
It's about minimising your variables.
"It's about minimising your variables."
Absolutely, in general.
But if your sidechannel signal is undetectable because it's hidden in the noise of the real EMC world outside the cleanroom despite the CE and FCC compliance marks, does the "security research" fall apart too, or do they only need an electrically clean environment once, to read the key, and the rest follows automagically?
does the "security research" fall apart too
No, it would not. (And did not, because in fact the attack can be performed successfully in a noisy environment, but that's a secondary point.)
Attacks get better. An attack which is infeasible when first described may well be made feasible by another team next month. Or a more vulnerable system may be released next year. Or an attack which is not useful today might be chained with another tomorrow.
At the very least, demonstrating that a vulnerability exists but cannot feasibly be attacked today provides a useful data point and a suggestion for further research.
Everything doesn't have to be a zero-day.
It's pointless the researchers saying 'we could do this at ten metres in a standard office environment' because there is no such thing
No, but it's useful if they do some testing in what might be considered a typical office environment.
And indeed they did.
Is the anechoic chamber (mentioned in the article, presumably also serving as a Faraday cage?) also an essential part of the attack+disclosure process?
Why do people not check the paper before asking this sort of question?
The authors discuss operation in noisy environments. Skimming the section headers would have provided the answer. ("6.1 Key Recovery in different environments")
"Someone with a reciever and fancy gear within a few metres of you, though, isn't in most people's threat models, fortunately."
"not that fancy" of gear I expect, and in theory, anyone sitting near you in a wifi hotspot. As for BTLE, I'm not sure how that's relevant for AES keys, since its speed is way slower than wifi (making it suck for any kind of networking) so why would anyone be using AES keys like that over BTLE? [ok maybe someone knows, but I don't see it]. Unless it's some kind of "log me in" authentication BTLE dongle that sends passwords or something...
Someone with a reciever and fancy gear within a few metres of you, though, isn't in most people's threat models, fortunately.
Yeah, because no one ever uses a smartphone in a hotel lobby, or conference room, or coffeeshop...
The "receiver and fancy gear" aren't particularly difficult to disguise. There was an excellent paper on this in CACM, with photos, a few years ago.
These attacks typically require recording a large number of traces when operating in a noisy environment, but those are often easy to trigger. Attacks in that CACM piece used encrypted email and Javascript triggers, for example.
There's a small chance that this is an issue with the circuit board. Chips usually have completely separate analog and digital signal grounds. This separation is supposed to continue onto the PCB except for a single point bridging the two. Most PCBs immediately connect it all together instead. This means that one part of an analog circuit might have a signal reference that fluctuates with digital power consumption more than another signal reference. The difference between the two references is a ground loop and it ends up contaminating the analog signals.
You'd think that a few millimeters of a copper trace carrying current would all be the same voltage but it's not. Audio circuit designers need to take great care with this even for low-end equipment.
"Chips usually have completely separate analog and digital signal grounds"
And also, power supply lines. As an example, ATMega CPUs have an 'AVCC' and a 'VCC'. Same grounds all around, but separate power for analog circuitry and 'the rest of the chip'. Generally, however, proper use of bypass capacitors (etc.) are needed to pass FCC "unintentional radiator" limits on the CPU itself.
There's also proper board layout, use of ground planes [as needed], bypass capacitors located near the devices that generate RF spikes, occasional current limiting resistors on switched signals, and so on.
So I also have to wonder, why wouldn't normal FCC bandwidth and modulation tests NOT pick this up? Or are the 'artefact' signals being generated all within the tolerances allowed by the BT/Wifi/whatever spec?
"why wouldn't normal FCC bandwidth and modulation tests NOT pick this up?"
Because they are about interference to other equipment and susceptibility to interference.
You can make tranceivers that work for 100s of km that meet FCC limits.
~
Separate Issue
Power line ethernet isn't powerline based at all. It's actually mostly RF. It shouldn't be legal anywhere, it's not properly tested.
!
FCC, CSA, TUV, CE etc testing doesn't check for stuff like this. Quite a lot of emission is legal and the content isn't checked. Mostly there are only military standards for security. It's entirely optional in consumer gear, though GDPR might change that.
I can use this to find out why my R11 keeps dropping its Bluetooth connections?
The problem is that it connects initially fine then for no discernible reason it just dies.
Attempts to find the same device again usually don't work but a *different* device works almost immediately.
The card is replaceable but unfortunately I have less than a week to fix it and there is no guarantee that a like for like replacement will actually make any difference.
Also noticed that a lot of smart TVs and digiboxes have WiFi that can't be turned off even if disabled in the settings it still shows up transiently.
They'd have to either add shielding, which adds cost/weight, or add some extraneous computation (the "execute both sides of a branch and throw away what you don't need" type of strategy) which has its own set of problems.
Unfortunately a lot of key computation is in dedicated circuits, so unless you design your own you are reliant on what others sell. Good luck getting cutthroat vendors to spend extra money to defend against something like this. At least not until there is a high profile case of it being exploited in the wild.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
