Electromagnetic emissions coming off your mobile device may be leaking cryptographic information, according to research by Cryptography Research, Inc (CRI).The issue, which was presented at the RSA Conference last week in San Francisco, is caused by fluctuations in power consumption while the silicon chip performs computations. These fluctuations are tied to parameters used in the computation, explained Benjamin Jun, vice president and chief technology officer at CRI.
“When the processing involves secret elements -- such as a secret key that must stay within the device -- the secret information can be reliably exposed by one of two methods,” he said. “SPA, or Simple Power Analysis, involves collecting a single measurement - we call it a trace - of the device's emissions or power consumption. The captured trace looks like an EKG. In particularly leaky devices, large fluctuations can be visually interpreted to reveal individual "0" and "1" bits of the key. DPA, or Differential Power Analysis, involves collecting a series of measurements. Statistical analysis is used to extract key data to an extremely high degree of sensitivity. SPA and DPA vulnerabilities have been documented in thousands of published papers and widely demonstrated.”
“In our tests, the SPA and DPA methods required getting near a device - within 10 feet,” he continued. “The methods are completely passive, and differ from traditional attacks in that no hostile messages or apps need to be sent to the device itself. The device must simply perform a normal crypto operation. To reduce waiting time during data capture, the device may need to be encouraged to perform crypto. This can be accomplished by just waiting, placing equipment near locations where crypto operations are expected, or by sending the user an email that the device encrypted for local storage.”
The researchers successfully used two different types of antennas: one for magnetic fields, and another for E-fields. They also used a radio receiver to locate the frequency of the strongest key leakage, and a digitizer/demodulator to sample the information to be captured by a PC. With the exception of the PC, the total cost for the equipment was about $1,400.
The researchers wrote their own applications for the experiment so as not to exploit any production keys, Jun told SecurityWeek. Leaks were identified with multiple common cryptographic implementations of AES, RSA and Elliptic-Curve cryptography, he said.
“Common open source crypto toolkits were used,” he said. “The leakage is not expected to differ substantially than leaks from other apps. We have repeated this work with similar results in a variety of mobile device programming environments. From our work, we believe that any live app that does not actively use countermeasures may be at risk of key leakage.”
There are a number of ways to mitigate the issue by implementing countermeasures at the silicon, OS an application levels, such as having developers re-write crypto routines to be more resistant and employing device protocols that use keys in ways that can survive leakage. For example, block ciphers can be implemented in ways that use random information to split the key and the message into two or more randomized parts. When the block cipher is computed using two randomized, unpredictable parts, the correct answer is obtained but no internal variable is correlated to the input and key.“One major handset and tablet manufacturer has implemented countermeasures to this vulnerability,” Jun said. “Given the data we have collected at this point, it is reasonable to assume that a device without countermeasures will leak information.”