Physical key extraction attacks on PCs

Daniel Genkin, Lev Pachmanov, Itamar Pipman, Adi Shamir, Eran Tromer
2016 Communications of the ACM  
CRYPTOGRAPHY IS UBIQUITOUS. Secure websites and financial, personal communication, corporate, and national secrets all depend on cryptographic algorithms operating correctly. Builders of cryptographic systems have learned (often the hard way) to devise algorithms and protocols with sound theoretical analysis, write software that implements them correctly, and robustly integrate them with the surrounding applications. Consequentially, direct attacks against state-of-the-art cryptographic
more » ... are getting increasingly difficult. For attackers, ramming the gates of cryptography is not the only option. They can instead undermine the fortification by violating basic assumptions made by the cryptographic software. One such assumption is software can control its outputs. Our programming courses explain that programs produce their outputs through designated interfaces (whether print, write, send, or mmap); so, to keep a secret, the software just Physical Key Extraction Attacks on PCs key insights ˽ Small differences in a program's data can cause large differences in acoustic, electric, and electromagnetic emanations as the program runs. ˽ These emanations can be measured through inexpensive equipment and used to extract secret data, even from fast and complex devices like laptop computers and mobile phones. ˽ Common hardware and software are vulnerable, and practical mitigation of these risks requires careful applicationspecific engineering and evaluation. contributed articles JUNE
doi:10.1145/2851486 fatcat:5z2tc6e2lve2hgncsbcwlefmlq