Hackers Can Steal Cryptographic Keys By Video-Recording Power LEDs 60 Feet Away (arstechnica.com) 26
An anonymous reader quotes a report from Ars Technica: Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on. The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. By carefully monitoring characteristics such as power consumption, sound, electromagnetic emissions, or the amount of time it takes for an operation to occur, attackers can assemble enough information to recover secret keys that underpin the security and confidentiality of a cryptographic algorithm. [...]
On Tuesday, academic researchers unveiled new research demonstrating attacks that provide a novel way to exploit these types of side channels. The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader -- or of an attached peripheral device -- during cryptographic operations. This technique allowed the researchers to pull a 256-bit ECDSA key off the same government-approved smart card used in Minerva. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset, in a similar way to how Hertzbleed pulled SIKE keys off Intel and AMD CPUs. Power LEDs are designed to indicate when a device is turned on. They typically cast a blue or violet light that varies in brightness and color depending on the power consumption of the device they are connected to.
There are limitations to both attacks that make them unfeasible in many (but not all) real-world scenarios (more on that later). Despite this, the published research is groundbreaking because it provides an entirely new way to facilitate side-channel attacks. Not only that, but the new method removes the biggest barrier holding back previously existing methods from exploiting side channels: the need to have instruments such as an oscilloscope, electric probes, or other objects touching or being in proximity to the device being attacked. In Minerva's case, the device hosting the smart card reader had to be compromised for researchers to collect precise-enough measurements. Hertzbleed, by contrast, didn't rely on a compromised device but instead took 18 days of constant interaction with the vulnerable device to recover the private SIKE key. To attack many other side channels, such as the one in the World War II encrypted teletype terminal, attackers must have specialized and often expensive instruments attached or near the targeted device. The video-based attacks presented on Tuesday reduce or completely eliminate such requirements. All that's required to steal the private key stored on the smart card is an Internet-connected surveillance camera that can be as far as 62 feet away from the targeted reader. The side-channel attack on the Samsung Galaxy handset can be performed by an iPhone 13 camera that's already present in the same room. Videos here and here show the video-capture process of a smart card reader and a Samsung Galaxy phone, respectively, as they perform cryptographic operations. "To the naked eye, the captured video looks unremarkable," adds Ars.
"But by analyzing the video frames for different RGB values in the green channel, an attacker can identify the start and finish of a cryptographic operation."
On Tuesday, academic researchers unveiled new research demonstrating attacks that provide a novel way to exploit these types of side channels. The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader -- or of an attached peripheral device -- during cryptographic operations. This technique allowed the researchers to pull a 256-bit ECDSA key off the same government-approved smart card used in Minerva. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset, in a similar way to how Hertzbleed pulled SIKE keys off Intel and AMD CPUs. Power LEDs are designed to indicate when a device is turned on. They typically cast a blue or violet light that varies in brightness and color depending on the power consumption of the device they are connected to.
There are limitations to both attacks that make them unfeasible in many (but not all) real-world scenarios (more on that later). Despite this, the published research is groundbreaking because it provides an entirely new way to facilitate side-channel attacks. Not only that, but the new method removes the biggest barrier holding back previously existing methods from exploiting side channels: the need to have instruments such as an oscilloscope, electric probes, or other objects touching or being in proximity to the device being attacked. In Minerva's case, the device hosting the smart card reader had to be compromised for researchers to collect precise-enough measurements. Hertzbleed, by contrast, didn't rely on a compromised device but instead took 18 days of constant interaction with the vulnerable device to recover the private SIKE key. To attack many other side channels, such as the one in the World War II encrypted teletype terminal, attackers must have specialized and often expensive instruments attached or near the targeted device. The video-based attacks presented on Tuesday reduce or completely eliminate such requirements. All that's required to steal the private key stored on the smart card is an Internet-connected surveillance camera that can be as far as 62 feet away from the targeted reader. The side-channel attack on the Samsung Galaxy handset can be performed by an iPhone 13 camera that's already present in the same room. Videos here and here show the video-capture process of a smart card reader and a Samsung Galaxy phone, respectively, as they perform cryptographic operations. "To the naked eye, the captured video looks unremarkable," adds Ars.
"But by analyzing the video frames for different RGB values in the green channel, an attacker can identify the start and finish of a cryptographic operation."
Sigh (Score:4, Insightful)
We have known about these kinds of attacks for years. We have known how to prevent them: random timing, random dummy processing.
...an inverted copy of the signal... (Score:1)
Re: (Score:2)
Are you suggesting to "reverse the polarity"?
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
Interestingly enough ethernet was where I originally heard about "power/signal LED activity" being used to sniff traffic stuff.
If I remember right, a capacitor can be used to make that a lot more difficult. Or, of course, don't use your processing to directly run the LED, use something that's a dummy.
Re: (Score:2)
Typically the vulnerable logic for these algorithms looks something like "if (bit N set) accumulator = accumulator * value", for some operation. The usual way to reduce information leakage through power and timing side channels is to rewrite it as roughly "temp = accumulator * value; if (bit N set) next = tmp; else next = accumulator", so that the multiplication and assignment operations are always executed.
The GP probably was already addressing a power-consumption side channel for processing behaviors....
Re:...an inverted copy of the signal... (Score:4, Interesting)
One could additionally send an inverted copy of the output signal through a dummy load, so that the power consumption remains constant.
That makes the signal to noise ratio in the side channel lower, but it doesn't eliminate it and the adversary just has to take more traces to compensate.
Keeping the power constant means keeping the power set at max. That will probably yield a system that doesn't work. The power budget on wireless activates cards is tiny.
There are known good things to do for side channel defenses. Mostly this is a hardware and protocol problem while software defenses can be employed but are secondary.
For the case of a power LED or other power side channel, accept the side channel is going to be there and make it hard to use for Baysean inference or machine learning attacks.
1) [protocol] use any key a minimum number of times. 1 is optimal. Design your protocol this way with ephemeral keys, forward and backward prediction resistance and other crypto protocol goodness. Then the maximum number of side channel traces of your key will be minimized.
2) [hardware] Make your crypto processing that uses the key fast. If it takes longer than a frame of high speed video, you're doing it wrong.
3) [hardware] Randomize both the logic clock and the timing of the start of the crypto processing. Start up the engine a random amount of time before you start the processing. E.G. AES HW will happily pump the round engine with its existing state. The real work starts when you inject the key and data to be processed. Baysean inference side channel attacks need time aligned samples. If they don't know when the processing starts, they can't align the traces to do the analysis.
4) [hardware] regulate or filter the LED supply. This would need a transistor, a cap and a couple of resistors. Hooking a LED across the rails of a crypto engine is very dumb and should have been considered in the design. Similarly for a backlight on a display.
5) [hardware] Hardware is moving or off. Do not leave data resting in registers in the logic. When it's powered on an clocked, keep the data moving and permuting. Attacks at the chip surface emissions are powerful but need time averaging and are defeated if the data is moving.
6) [hardware] Dummy cycles. If you perform dummy operations to befuddle the side channel adversary, mix those with the real processing and randomize the placement and length within the real processing. Don't make it deterministic or the side channel attacks will see right through it.
There is lots of other special sauce I'm not going to share. Maybe I'll put it in a book someday. Side channel isn't everything, you need to think about fault injection and trojan detection and all sorts of other attack scenarios.
Friends don't let friends to crypto in software.
Re: (Score:2)
And longer keys, less complex operations, etc. ECC is looking pretty bad these days.
Re: (Score:2)
Similarly, military encrypted channels send dummy data over the link so the link doesn't seem busier when something is really happening just in case somebody managed to tap into the link somewhere along the path.
Re: (Score:2)
Re: (Score:2)
We have known how to prevent them: random timing, random dummy processing.
No we haven't. You're talking about LEDs that designed to indicate the movement of data. This is not the same thing, this is peripherals connected electrically with seemingly static lights leaking data. Even if you want to claim this is just a continuation of past side channel attacks, even then they are quite recent developments and not things we "have known about for years", nor things which we have methods to easily prevent without serious negative consequences.
Re: (Score:2)
We have known about these kinds of attacks for years. We have known how to prevent them: random timing, random dummy processing.
Exactly. A variant on this was used to decode modem signals from the RX/TX lights, and earlier from electric signals from electric typewriters.
Re: (Score:1)
Re: (Score:1)
60ft away requires a HQ zoom cam in a dark room (Score:4, Interesting)
60ft away requires a HQ zoom cam in a dark room.
You have to get the led to take up most of the camera image and the camera has to have a rotating shutter.
If the room is not dark you have to be closer than 6ft,
And yo still have to have the camera being used zoomed into the led close to full screen so that the rotating shutter can record led level changes at rates of many 10's of kilohertz to be able to record the power usage at rates way beyond the 120/60hz of the camera.
So while it is theoritically possible to do it has lot of requirements.
Also a problem with short keys (Score:2)
Those short ECC keys are looking worse and worse every year.
Re: (Score:2)
Re: Sigh... (Score:2)
What about the OLED display⦠i bet this technique would also work on the OLED display. Would not be surprised if LEO or military tech exists to recover phone keys this way.
Cover le led (Score:2)
A good solution is just to cover the led with black tape.
A better one .... for the device providers that acquire the data, DON'T USE THE LEDs on the device to show data activity. In fact, don't use them at all, and save some bucks.
Who would be that motivated? (Score:2)
Seems like an awful lot of work. I'm guessing that nobody would bother unless it was something REALLY worth stealing. Like a certain politician's emails... oh wait, they were deleted.