Skip to main content
SpringerLink
Log in

ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs

  • Conference paper
  • First Online:
Topics in Cryptology - CT-RSA 2016 (CT-RSA 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9610))

Included in the following conference series:

Abstract

We present the first physical side-channel attack on elliptic curve cryptography running on a PC. The attack targets the ECDH public-key encryption algorithm, as implemented in the latest version of GnuPG. By measuring the target’s electromagnetic emanations, the attack extracts the secret decryption key within seconds, from a target located in an adjacent room across a wall. The attack utilizes a single carefully chosen ciphertext, and tailored time-frequency signal analysis techniques, to achieve full key extraction.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. GNU multiple precision arithmetic library. http://gmplib.org/

  2. GNU Privacy Guard. https://www.gnupg.org

  3. GnuPG Frontends. https://www.gnupg.org/related_software/frontends.html

  4. Minimalist GNU for Windows. http://www.mingw.org

  5. Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Akishita, T., Takagi, T.: Zero-value point attacks on elliptic curve cryptosystem. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 218–233. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  7. Anderson, R.J.: Security Engineering – A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley, Hoboken (2008)

    Google Scholar 

  8. Barker, E., Johnson, D., Smid, M.: NIST SP 800–56a: recommendation for pair-wise key establishment schemes using discrete logarithm cryptography (revised) (2007)

    Google Scholar 

  9. Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh Aah.. Just a Little Bit” : a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75–92. Springer, Heidelberg (2014)

    Google Scholar 

  10. Bernstein, D.J.: Cache-timing attacks on AES (2005). http://cr.yp.to/papers.html#cachetiming

  11. Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  12. Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Netw. 48(5), 701–716 (2005)

    Article  Google Scholar 

  13. Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP message format. RFC 4880, November 2007

    Google Scholar 

  14. Ciet, M., Joye, M.: (Virtually) Free randomization techniques for elliptic curve cryptography. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 348–359. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Clark, S.S., Mustafa, H.A., Ransford, B., Sorber, J., Fu, K., Xu, W.: Current events: identifying webpages by tapping the electrical outlet. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 700–717. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  16. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  17. Elkins, M., Del Torto, D., Levien, R., Roessler, T.: MIME security with OpenPGP. RFC 3156 (2001). http://www.ietf.org/rfc/rfc3156.txt

  18. The Enigmail Project: Enigmail: a simple interface for OpenPGP email security. https://www.enigmail.net

  19. Fan, J., Guo, X., De Mulder, E., Schaumont, S., Preneel, B., Verbauwhede, I.: State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures. In: Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust (HOST 2010), pp. 76–87 (2010)

    Google Scholar 

  20. Fan, J., Verbauwhede, I.: An updated survey on secure ECC implementations: attacks, countermeasures and cost. In: Naccache, D. (ed.) Cryptography and Security: From Theory to Applications. LNCS, vol. 6805, pp. 265–282. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  21. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  22. Genkin, D., Pachmanov, L., Pipman, I., Tromer, E.: Stealing keys from PCs using a radio: cheap electromagnetic attacks on windowed exponentiation. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 207–228. Springer, Heidelberg (2015). Extended version: Cryptology ePrint Archive, Report 2015/170

    Chapter  Google Scholar 

  23. Genkin, D., Pipman, I., Tromer, E.: Get your hands off my laptop: physical side-channel key-extraction attacks on PCs. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 242–260. Springer, Heidelberg (2014)

    Google Scholar 

  24. Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 444–461. Springer, Heidelberg (2014). Extended version: Cryptology ePrint Archive, Report 2013/857

    Google Scholar 

  25. Goller, G., Sigl, G.: Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment. In: Mangard, S., Poschmann, A.Y. (eds.) COSADE 2015. LNCS, vol. 9064, pp. 255–270. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  26. Goubin, L.: A refined power-analysis attack on elliptic curve cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  27. Jivsov, A.: Elliptic curve cryptography (ECC) in OpenPGP. RFC 4880 (2012)

    Google Scholar 

  28. Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptographic Eng. 1(1), 5–27 (2011)

    Article  Google Scholar 

  29. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks – Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  30. Okeya, K., Sakurai, K.: On insecurity of the side channel attack countermeasure using addition-subtraction chains under distinguishability between addition and doubling. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 420–435. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  31. Oren, Y., Shamir, A.: How not to protect PCs from power analysis, presented at CRYPTO 2006 rump session (2006). http://iss.oy.ne.ro/HowNotToProtectPCsFromPowerAnalysis

  32. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  33. Oswald, E., Aigner, M.: Randomized addition-subtraction chains as a countermeasure against power attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 39–50. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  34. Percival, C.: Cache missing for fun and profit. Presented at BSDCan (2005). http://www.daemonology.net/hyperthreading-considered-harmful

  35. Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (EMA): measures and counter-measures for smart cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  36. Reitwiesner, G.W.: Binary arithmetic. Adv. Comput. 1, 231–308 (1960)

    Article  MathSciNet  Google Scholar 

  37. van de Pol, J., Smart, N.P., Yarom, Y.: Just a little bit more. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 3–21. Springer, Heidelberg (2015)

    Google Scholar 

  38. Walter, C.D.: Issues of security with the oswald-aigner exponentiation algorithm. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 208–221. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  39. Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, lownoise, L3 cache side-channel attac. In: USENIX Security Symposium, pp. 719–732. USENIXAssociation (2014)

    Google Scholar 

  40. Yarom, Y., Liu, F., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: IEEE Symposium on Security and Privacy. IEEE (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technion, Haifa, Israel

    Daniel Genkin

  2. Tel Aviv University, Tel Aviv, Israel

    Daniel Genkin, Lev Pachmanov, Itamar Pipman & Eran Tromer

Authors
  1. Daniel Genkin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lev Pachmanov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Itamar Pipman
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eran Tromer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Genkin .

Editor information

Editors and Affiliations

  1. NEC Cloud Systems Research Laboratories, Kawasaki, Japan

    Kazue Sako

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Genkin, D., Pachmanov, L., Pipman, I., Tromer, E. (2016). ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs. In: Sako, K. (eds) Topics in Cryptology - CT-RSA 2016. CT-RSA 2016. Lecture Notes in Computer Science(), vol 9610. Springer, Cham. https://doi.org/10.1007/978-3-319-29485-8_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29485-8_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29484-1

  • Online ISBN: 978-3-319-29485-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation