Electromagnetic attack
In cryptography, electromagnetic attacks are side-channel attacks performed by measuring the electromagnetic radiation emitted from a device and performing signal analysis on it. These attacks are a more specific type of what is sometimes referred to as Van Eck phreaking, with the intention to capture encryption keys. Electromagnetic attacks are typically non-invasive and passive, meaning that these attacks are able to be performed by observing the normal functioning of the target device without causing physical damage.[1] However, an attacker may get a better signal with less noise by depackaging the chip and collecting the signal closer to the source. These attacks are successful against cryptographic implementations that perform different operations based on the data currently being processed, such as the square-and-multiply implementation of RSA. Different operations emit different amounts of radiation and an electromagnetic trace of encryption may show the exact operations being performed, allowing an attacker to retrieve full or partial private keys.
Like many other side-channel attacks, electromagnetic attacks are dependent on the specific implementation of the cryptographic protocol and not on the algorithm itself. Electromagnetic attacks are often done in conjunction with other side-channel attacks, like power analysis attacks.
Background
All electronic devices emit electromagnetic radiation. Because every wire that carries current creates a magnetic field, electronic devices create some small magnetic fields when in use. These magnetic fields can unintentionally reveal information about the operation of a device if not properly designed. Because all electronic devices are affected by this phenomenon, the term ‘device’ can refer to anything from a desktop computer, to mobile phone, to a smart card.
Electromagnetic radiation
Electromagnetic waves are a type of wave that originate from charged particles, are characterized by varying wavelength and are categorized along the electromagnetic spectrum. Any device that uses electricity will emit electromagnetic radiation due to the magnetic field created by charged particles moving along a medium. For example, radio waves are emitted by electricity moving along a radio transmitter, or even from a satellite.
In the case of electromagnetic side-channel attacks, attackers are often looking at electromagnetic radiation emitted by computing devices, which are made up of circuits. Electronic circuits consist of semiconducting materials upon which billions of transistors are placed. When a computer performs computations, such as encryption, electricity running through the transistors create a magnetic field and electromagnetic waves are emitted.[2][3][4]
Electromagnetic waves can be captured using an induction coil and an analog to digital converter can then sample the waves at a given clock rate and convert the trace to a digital signal to be further processed by computer.
The electronic device performing the computations is synced with a clock that is running at frequencies on the order of mega-hertz (MHz) to giga-hertz (GHz). However, due to hardware pipelining, and complexity of some instructions, some operations take multiple clock cycles to complete.[5] Therefore, it is not always necessary to sample the signal at such a high clock rate. It is often possible to get information on all or most of the operations while sampling on the order of kilo-hertz (kHz). Different devices leak information at different frequencies. For example, Intel's Atom processor will leak keys during RSA and AES encryption at frequencies between 50 MHz and 85 MHz.[6] Android version 4.4's Bouncy Castle library implementation of ECDSA is vulnerable to key extraction side channel attacks around the 50 kHz range.[7]
Signal processing
Every operation performed by a computer emits electromagnetic radiation and different operations emit radiation at different frequencies. In electromagnetic side-channel attacks, an attacker is only interested in a few frequencies at which encryption is occurring. Signal processing is responsible for isolating these frequencies from the vast multitude of extraneous radiation and noise. To isolate certain frequencies, a bandpass filter, which blocks frequencies outside of a given range, must be applied to the electromagnetic trace. Sometimes, the attacker does not know which frequencies encryption is performed at. In this case, the trace can be represented as a spectrogram, which can help determine which frequencies are most prevalent at different points of execution. Depending on the device being attacked and the level of noise, several filters may need to be applied.
Attack methods
Electromagnetic attacks can be broadly separated into simple electromagnetic analysis (SEMA) attacks and differential electromagnetic analysis (DEMA) attacks.
Simple electromagnetic analysis
In simple electromagnetic analysis (SEMA) attacks, the attacker deduces the key directly by observing the trace. It is very effective against asymmetric cryptography implementations.[8] Typically, only a few traces are needed, though the attacker needs to have a strong understanding of the cryptographic device and of the implementation of the cryptographic algorithm. An implementation vulnerable to SEMA attacks will perform a different operation depending on whether the bit of the key is 0 or 1, which will use different amounts of power and/or different chip components. This method is prevalent in many different types of side-channel attacks, in particular, power analysis attacks. Thus, the attacker can observe the entire computation of encryption and can deduce the key.
For example, a common attack on asymmetric RSA relies on the fact that the encryption steps rely on the value of the key bits. Every bit is processed with a square operation and then a multiplication operation if and only if the bit is equal to 1. An attacker with a clear trace can deduce the key simply by observing where the multiplication operations are performed.
Differential electromagnetic analysis
In some cases, simple electromagnetic analysis is not possible or does not provide enough information. Differential electromagnetic analysis (DEMA) attacks are more complex, but are effective against symmetric cryptography implementation, against which SEMA attacks are not.[6] Additionally unlike SEMA, DEMA attacks do not require much knowledge about the device being attacked.
Known attacks
While the fact that circuits that emit high-frequency signals may leak secret information was known since 1982 by the NSA, it was classified until 2000,[9] which was right around the time that the first electromagnetic attack against encryption was shown by researchers.[10] Since then, many more complex attacks have been introduced.
Smart cards
Smart cards, often colloquially referred to as “chip cards", were designed to provide a more secure financial transaction than a traditional credit card. They contain simple embedded integrated circuits designed to perform cryptographic functions.[11] They connect directly to a card reader which provides the power necessary to perform an encrypted financial transaction. Many side-channel attacks have been shown to be effective against smart cards because they obtain their power supply and clock directly from the card reader. By tampering with a card reader, it is simple to collect traces and perform side-channel attacks. Other works, however, have also shown that smart cards are vulnerable to electromagnetic attacks.[12][13][14]
FPGAs
A field-programmable gate arrays (FPGA) have been commonly used to implement cryptographic primitives in hardware to increase speed. These hardware implementations are just as vulnerable as other software based primitives. In 2005, an implementation of elliptic curve encryption was shown vulnerable to both SEMA and DEMA attacks.[15] The ARIA block cipher is a common primitive implemented with FPGAs that has been shown to leak keys.[16]
Personal computers
In contrast to smart cards, which are simple devices performing a single function, personal computers are doing many things at once. Thus, it is much more difficult to perform electromagnetic side-channel attacks against them, due to high levels of noise and fast clock rates. Despite these issues, researchers in 2015 and 2016 showed attacks against a laptop using a near-field magnetic probe. The resulting signal, observed for only a few seconds, was filtered, amplified, and digitized for offline key extraction. Most attacks require expensive, lab-grade equipment, and require the attacker to be extremely close to the victim computer.[17][18] However, some researchers were able to show attacks using cheaper hardware and from distances of up to half a meter.[19] These attacks, however, required the collection of more traces than the more expensive attacks.
Smartphones
Smartphones are of particular interest for electromagnetic side-channel attacks. Since the advent of mobile phone payment systems such as Apple Pay, e-commerce systems have become increasingly commonplace. Likewise, the amount of research dedicated to mobile phone security side channel attacks has also increased.[20] Currently most attacks are proofs of concept that use expensive lab-grade signal processing equipment.[21] One of these attacks demonstrated that a commercial radio receiver could detect mobile phone leakage up to three meters away.[22]
However, attacks using low-end consumer grade equipment have also shown successful. By using an external USB sound card and an induction coil salvaged from a wireless charging pad, researchers were able to extract a user's signing key in Android's OpenSSL and Apple's CommonCrypto implementations of ECDSA.[20][21][22]
Examples of vulnerable encryption schemes
Widely used theoretical encryption schemes are mathematically secure, yet this type of security does not consider their physical implementations, and thus, do not necessarily protect against side-channel attacks. Therefore, the vulnerability lies in the code itself, and it is the specific implementation that is shown to be insecure. Luckily, many of the vulnerabilities shown have since been patched. Vulnerable implementations include, but are definitely not limited to, the following:
- Libgcrypt – cryptographic library of GnuPG, implementation of ECDH public-key encryption algorithm[18] (since patched)
- GnuPG implementation of 4096-bit RSA[17][19] (since patched)
- GnuPG implementation of 3072-bit ElGamal[17][19] (since patched)
- GMP implementation of 1024-bit RSA[6]
- OpenSSL implementation of 1024-bit RSA[6]
Feasibility
The attacks described thus far have mainly focused on the use of induction to detect unintended radiation. However, the use of far-field communication technologies like that of AM radios can also be used for side-channel attacks, although no key extraction methods for far-field signal analysis have been demonstrated.[23] Therefore, a rough characterization of potential adversaries using this attack range from highly educated individuals to low to medium funded cartels. The following demonstrates a few possible scenarios:
Mobile payment systems
Point of sale systems that accept payment from mobile phones or smart cards are vulnerable. Induction coils can be hidden on these systems to record financial transactions from smart cards or mobile phone payments. With keys extracted, a malicious attacker could forge his own card or make fraudulent charges with the private key. Belgarric et al. propose a scenario where mobile payments are performed with bitcoin transactions. Since the Android implementation of the bitcoin client uses ECDSA, the signing key can be extracted at the point of sale.[7] These types of attacks are only slightly more complex than magnetic card stripe skimmers currently used on traditional magnetic strip cards.
Wireless charging pads
Many public venues such as Starbucks locations are already offering free public wireless charging pads.[24] It was previously shown that the same coils used in wireless charging can be used for detection of unintended radiation. Therefore, these charging pads pose a potential hazard. Malicious charging pads might attempt to extract keys in addition to charging a user’s phone. When coupled with packet sniffing capabilities of public Wi-Fi networks, the keys extracted could be used to perform man-in-the-middle attacks on users. If far-field attacks are discovered, an attacker only needs to point his antenna at a victim to perform these attacks; the victim need not be actively charging their phone on one of these public pads.
Countermeasures
Several countermeasures against electromagnetic attacks have been proposed, though there is no one perfect solution. Many of the following countermeasures will make electromagnetic attacks harder, not impossible.
Physical countermeasures
One of the most effective ways to prevent electromagnetic attacks is to make it difficult for an attacker to collect an electromagnetic signal at the physical level. Broadly, the hardware designer could design the encryption hardware to reduce signal strength[25] or to protect the chip. Circuit and wire shielding, such as a Faraday cage, are effective in reducing the signal, as well as filtering the signal or introducing extraneous noise to mask the signal. Additionally, most electromagnetic attacks require attacking equipment to be very close to the target, so distance is an effective countermeasure. Circuit designers can also use certain glues or design components in order to make it difficult or impossible to depackage the chip without destroying it.
Recently, white-box modeling was utilized to develop a low-overhead generic circuit-level countermeasure [26] against both electromagnetic as well as power side-channel attacks. To minimize the effects of the higher-level metal layers in an IC acting as more efficient antennas,[27] the idea is to embed the crypto core with a signature suppression circuit,[28][29] routed locally within the lower-level metal layers, leading towards both power and electromagnetic side-channel attack immunity.
Implementation countermeasures
As many electromagnetic attacks, especially SEMA attacks, rely on asymmetric implementations of cryptographic algorithms, an effective countermeasure is to ensure that a given operation performed at a given step of the algorithm gives no information on the value of that bit. Randomization of the order of bit encryption, process interrupts, and clock cycle randomization, are all effective ways to make attacks more difficult.[1]
Usage in the government
The classified National Security Agency program TEMPEST focuses on both the spying on systems by observing electromagnetic radiation and the securing of equipment to protect against such attacks.
The Federal Communications Commission outlines the rules regulating the unintended emissions of electronic devices in Part 15 of the Code of Federal Regulations Title 47. The FCC does not provide a certification that devices do not produce excess emissions, but instead relies on a self-verification procedure.[30]
References
- Koeune, F., & Standaert, F. X. (2005). A tutorial on physical security and side-channel attacks. In Foundations of Security Analysis and Design III (pp. 78–108). Springer Berlin Heidelberg.
- Harada T, Sasaki H, Yoshio KA (1997). "Investigation on radiated emission characteristics of multilayer printed circuit boards". IEICE Transactions on Communications. 80 (11): 1645–1651.
- Kuhn MG, Anderson RJ (April 1998). Soft tempest: Hidden data transmission using electromagnetic emanations. Information Hiding. Lecture Notes in Computer Science. 1525. pp. 124–142. CiteSeerX 10.1.1.64.6982. doi:10.1007/3-540-49380-8_10. ISBN 978-3-540-65386-8.
- Messerges TS, Dabbish EA, Sloan RH (1999). "Investigations of Power Analysis Attacks on Smartcards" (PDF). Smartcard: 151–161.
- Gandolfi K, Mourtel C, Olivier F (May 2001). Electromagnetic analysis: Concrete results. Cryptographic Hardware and Embedded Systems. Lecture Notes in Computer Science. 2162. pp. 251–261. doi:10.1007/3-540-44709-1_21. ISBN 978-3-540-42521-2.
- Do A, Ko ST, Htet AT (15 April 2013). "Electromagnetic Side-Channel Analysis on the Intel Atom Processor: A Major Qualifying Project Report" (PDF). Worcester Polytechnic Institute. Cite journal requires
|journal=
(help) - Belgarric P, Fouque PA, Macario-Rat G, Tibouchi M (2016). Side-channel analysis of Weierstrass and Koblitz curve ECDSA on Android smartphones. Topics in Cryptology-CT-RSA. Lecture Notes in Computer Science. 9610. pp. 236–252. doi:10.1007/978-3-319-29485-8_14. ISBN 978-3-319-29484-1.
- Martinasek Z, Zeman V, Trasy K (2012). "Simple electromagnetic analysis in cryptography". International Journal of Advances in Telecommunications, Electrotechnics, Signals and Systems. 1 (1): 13–19.
- NACSIM 5000 Tempest Fundamentals (Report). National Security Agency. February 1982.
- Quisquater JJ (2000). "A new tool for non-intrusive analysis of smart cards based on electro-magnetic emissions: the SEMA and DEMA methods". Eurocrypt Rump Session.
- "Smart Card FAQ: How do Smart Cards Work". Smart Card Alliance.
- Samyde D, Skorobogatov S, Anderson R, Quisquater JJ (December 2002). On a new way to read data from memory. Security in Storage Workshop. pp. 65–69. doi:10.1109/SISW.2002.1183512. ISBN 978-0-7695-1888-6.
- Quisquater JJ, Samyde D (2001). Electromagnetic analysis (ema): Measures and counter-measures for smart cards. Smart Card Programming and Security. Lecture Notes in Computer Science. 2140. pp. 200–210. doi:10.1007/3-540-45418-7_17. ISBN 978-3-540-42610-3.
- Agrawal D, Archambeault B, Rao JR, Rohatgi P (2002). The EM side-channel(s). CHES. Lecture Notes in Computer Science. 2523. pp. 29–45. doi:10.1007/3-540-36400-5_4. ISBN 978-3-540-00409-7.
- De Mulder E, Buysschaert P, Örs SB, Delmotte P, Preneel B, Vandenbosch G, Verbauwhede I (November 2005). Electromagnetic analysis attack on an FPGA implementation of an elliptic curve cryptosystem. The International Conference on Computer as a Tool, 2005. EUROCON 2005. 2. pp. 1879–1882. CiteSeerX 10.1.1.104.6201. doi:10.1109/EURCON.2005.1630348. ISBN 978-1-4244-0049-2.
- Kim C, Schläffer M, Moon S (2008). "Differential side channel analysis attacks on FPGA implementations of ARIA". ETRI Journal. 30 (2): 315–325. doi:10.4218/etrij.08.0107.0167.
- Genkin D, Pipman I, Tromer E (2015). "Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs". Journal of Cryptographic Engineering. 5 (2): 95–112. doi:10.1007/s13389-015-0100-7.
- Genkin D, Pachmanov L, Pipman I, Tromer E (2016). ECDH key-extraction via low-bandwidth electromagnetic attacks on PCs. Topics in Cryptology-CT-RSA. Lecture Notes in Computer Science. 9610. pp. 219–235. doi:10.1007/978-3-319-29485-8_13. ISBN 978-3-319-29484-1.
- Genkin D, Pachmanov L, Pipman I, Tromer E (2015). Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation. Cryptographic Hardware and Embedded Systems—CHES 2015. Lecture Notes in Computer Science. 9293. pp. 207–228. doi:10.1007/978-3-662-48324-4_11. ISBN 978-3-662-48323-7.
- Kenworthy G, Rohatgi P (2012). "Mobile Device Security: The case for side channel resistance" (PDF). Archived from the original (PDF) on 2012-10-22. Retrieved 2016-05-06. Cite journal requires
|journal=
(help) - Genkin D, Pachmanov L, Pipman I, Tromer E, Yarom Y (2016). "ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels" (PDF). Cite journal requires
|journal=
(help) - Goller G, Sigl G (2015). Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment. Constructive Side-Channel Analysis and Secure Design. Lecture Notes in Computer Science. 9064. pp. 255–270. doi:10.1007/978-3-319-21476-4_17. ISBN 978-3-319-21475-7.
- Meynard O, Réal D, Guilley S, Flament F, Danger JL, Valette F (October 2010). Characterization of the electromagnetic side channel in frequency domain. Information Security and Cryptology. Lecture Notes in Computer Science. 6584. pp. 471–486. doi:10.1007/978-3-642-21518-6_33. ISBN 978-3-642-21517-9.
- Boxall, Andy (10 May 2015). "Hands On: Starbucks Wireless Charging". Digital Trends. Retrieved 20 April 2016.
- Zhou Y, Feng D (2005). "Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing" (PDF). IACR Cryptology ePrint Archive: 388.
- "EM and Power SCA-Resilient AES-256 in 65nm CMOS Through >350× Current-Domain Signature Attenuation" by D. Das et al., in IEEE International Solid-State Circuits Conference (ISSCC), 2020,
- "STELLAR: A Generic EM Side-Channel Attack Protection through Ground-Up Root-cause Analysis" by D. Das, M. Nath, B. Chatterjee, S. Ghosh, and S. Sen, in IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Washington, DC, 2019.
- "ASNI: Attenuated Signature Noise Injection for Low-Overhead Power Side-Channel Attack Immunity" by D. Das, S. Maity, S.B. Nasir, S. Ghosh, A. Raychowdhury and S. Sen, in IEEE Transactions on Circuits and Systems I: Regular Papers, 2017, Vol. 65, Issue 10.
- "High efficiency power side-channel attack immunity using noise injection in attenuated signature domain" by D. Das, S. Maity, S.B. Nasir, S. Ghosh, A. Raychowdhury and S. Sen, in IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Washington, DC, 2017.
- "FCC Rule Part 15b". FCC certification.