Showing posts with label side channel attack. Show all posts
Showing posts with label side channel attack. Show all posts

Thursday, 3 March 2016

Recovering Crypto Keys From Smartphones Externally

A couple of weeks ago I was writing about how researchers were able to recover crypto keys (through walls no less) using the electromagnetic emanations from laptops.  These forms of side channel attacks are proving to be particularly effective.  Then yesterday saw two papers appear both of which showed how similar techniques could be applied to smartphones.

The first paper was from the same team about whose research I wrote previously.  This time instead of placing the antenna on the other side of a wall, they taped it to the underside of a table to show that by simply placing your phone on the table your encryption key could be recovered.  The technique used to recover the key was very similar to that used previously.

Experimental setup used in paper by Tromer et al
Read more »
Posted by at
Labels: , , ,

Thursday, 4 February 2016

Securing RFID Chips

If you ask most security advisers about how to secure your electronic devices, somewhere in the advice you'll hear: use an up to date virus checker, keep your operating system up to date, and so on. Sadly many attacks do not rely upon hitting the security head on but rather they look for information leaking in other ways: so called side channel attacks.

If you can physically access a device you can sometime use the likes of power usage to look at patterns that reveal much of what apparently hidden but the security features of the device.  We have known for many years how computer memory can be gleaned even when using the strongest encryption such as the Advanced Encryption Standard (AES).

This was recently exemplified when it was discovered that some virtual machines could extract data via leakage from other virtual machines that share the same physical platform.

With the increasing use of Radio Frequency Identification (RFID) one concern has been that such chips could be subjected to these side channel attacks.  as they are used to store increasing amounts of sensitive (particular personal) data such leakage is an obvious place for hackers to target.  And of course, the rise of contactless payment systems has brought a whole new impetus to this form of attack.

Read more »
Posted by at
Labels: , , ,
Subscribe to: Posts (Atom)