Researchers Find New Fast-Acting Side-Channel Vulnerability

  /     /     /  
Publicated : 23/11/2024   Category : security


Researchers Find New Fast-Acting Side-Channel Vulnerability


A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.



Researchers at Georgia Tech have found a side-channel attack that delivers the encryption key for a mobile devices RSA implementation. Oh, and it gets the key without physical access to the device. And in a single transaction. The good news is that there are limits.
The team presented their paper,
One&Done: A Single-Decryption EM-Based Attack on OpenSSLs Constant-Time Blinded RSA
, at the
USENIX Security Symposium
on Aug. 16. In the paper, they describe a method of listening to the electromagnetic signals generated by a processor whenever it is working data. As they listen to signals, they can convert those back into their native bits and capture the encryption key (and, frankly, any other data they wish) the first time its processed.
This successfully gets the key in only one encryption or decryption so you dont have to wait a long time, says paper co-author Milos Prvulovic, professor of computer science at Georgia Tech. He explains that the attack, which uses a small antenna placed a few inches from the device, is different from most of the side-channel attacks seeking encryption keys.
Most require the device to decrypt a specific, specially crafted message. Others look at very small differences in the signal and require a huge amount of data. Ours extracts the key directly from how the algorithm works, he says. To prove the concept, the team performed research on, … two Android-based mobile phones and an embedded system board, all with ARM processors operating at high (800 MHz to 1.1 GHz) frequencies… according to the paper.
In the past, the team notes, capturing the very low-power signals generated by the processors would have required advanced, expensive radio receivers. Now, the paper states, receiving the signal is, …well within the signal capture capabilities of compact commercially available sub-$1,000 software-defined radio (SDR) receivers such as the
Ettus B200-mini
.
A remedy for the attack was proposed in the paper, and provided to RSA ahead of publication. The researchers were able to capture the encryption key, Prvulovic says, because, The secret bits are examined by the program one at a time. So we were able to just read out the bits one at a time. In their remediation, the researchers changed the implementation to read bits in parallel, rather than serial, fashion, making successful decryption a far more difficult and compute-intensive process.
Prvulovic says that their modification to the program makes the algorithm resistant to this particular attack, but other side-channel attacks may still be effective. A more potent defense, he says, comes from adhering to basic mobile-device hygiene. All of these require close proximity, so you dont put your phone down on a table at a coffee shop or airport and do banking, Prvulovic says. If youre holding the phone in your hand, its highly likely youre secure. If someones sufficiently close with a briefcase, then think about what youre doing.
Related content:
Side-Channel Attacks & the Importance of Hardware-Based Security
New Spectre Variants Add to Vulnerability Worries
Spectre Returns with 8 New Variants
What Meltdown and Spectre Mean for Mobile Device Security
 
Learn from the industrys most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for
more info


Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Researchers Find New Fast-Acting Side-Channel Vulnerability