Thursday, 3 March 2016

Recovering Crypto Keys From Smartphones Externally

A couple of weeks ago I was writing about how researchers were able to recover crypto keys (through walls no less) using the electromagnetic emanations from laptops.  These forms of side channel attacks are proving to be particularly effective.  Then yesterday saw two papers appear both of which showed how similar techniques could be applied to smartphones.

The first paper was from the same team about whose research I wrote previously.  This time instead of placing the antenna on the other side of a wall, they taped it to the underside of a table to show that by simply placing your phone on the table your encryption key could be recovered.  The technique used to recover the key was very similar to that used previously.

Experimental setup used in paper by Tromer et al

Whilst the emanations are clear to see, the cryptanalysis is non-trivial and uses the differences between two types of operation involved in the Elliptic Curve Digital Signature Algorithm (ECDSA). and focuses on the scalar-by-point multiplication.

The second paper used information leakage via one of the data pins on the SD card slot.  Unlike the first paper which was applied to a range of smartphones, this second paper was specifically about Android 4.4. 

Leakage patterns during various mathematical operations on Android smartphone

However, the cryptanalysis that was used again looked at signals gathered during scalar multiplications.  They used what is known as a Lattice Attack against the ECDSA, something that has been presented previously in papers such as this, amongst others.

This second paper did also present a new attack on the Koblitz ECDSA which features significantly in RFC 6979 on the usage of such ECDSA and is being considered by the likes of Ripple. The researchers also present a very specific attack on a Bitcoin Wallet, which I would suggest should particularly concern Bitcoin users on Android.

There has been such a lot of work published recently on side channels attacks that I hope manufacturers are taking note.  The papers do suggest some countermeasures, and, sadly for the FBI, the methods used in the first paper appear to work only up to iOS8.  Nevertheless, the research clearly shows that "breaking" encryption doesn't necessarily have to be with a head on attack, and these side channel techniques can be applied to a range of devices.