News

VIDEO-BASED CRYPTANALYSIS — Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.

Dan Goodin – Jun 13, 2023 1:30 pm UTC Enlarge / Left: a smart card reader processing the encryption key of an inserted smart card. Right: a surveillance camera video records the reader’s power LED from 60 feet away.Nassi et al. reader comments 114 with

Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.

The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. By carefully monitoring characteristics such as power consumption, sound, electromagnetic emissions, or the amount of time it takes for an operation to occur, attackers can assemble enough information to recover secret keys that underpin the security and confidentiality of a cryptographic algorithm. Side-channel exploitation made simple

As Wired reported in 2008, one of the oldest known side channels was in a top-secret encrypted teletype terminal that the US Army and Navy used during World War II to transmit communications that couldnt be read by German and Japanese spies. To the surprise of the Bell Labs engineers who designed the terminal, it caused readings from a nearby oscilloscope each time an encrypted letter was entered. While the encryption algorithm in the device was sound, the electromagnetic emissions emanating from the device were enough to provide a side channel that leaked the secret key.

Further ReadingA new vulnerability in Intel and AMD CPUs lets hackers steal encryption keysSide channels have been a fact of life ever since, with new ones being found regularly. The recently discovered side channels tracked as Minerva and Hertzbleed came to light in 2019 and 2022, respectively. Minerva was able to recover the 256-bit secret key of a US-government-approved smart card by measuring timing patterns in a cryptographic process known as scalar multiplication. Hertzbleed allowed an attacker to recover the private key used by the post-quantum SIKE cryptographic algorithm by measuring the power consumption of the Intel or AMD CPU performing certain operations. Given the use of time measurement in one and power measurement in the other, Minerva is known as a timing side channel, and Hertzbleed can be considered a power side channel.

On Tuesday, academic researchers unveiled new research demonstrating attacks that provide a novel way to exploit these types of side channels. The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card readeror of an attached peripheral deviceduring cryptographic operations. This technique allowed the researchers to pull a 256-bit ECDSA key off the same government-approved smart card used in Minerva. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset, in a similar way to how Hertzbleed pulled SIKE keys off Intel and AMD CPUs. Advertisement

Power LEDs are designed to indicate when a device is turned on. They typically cast a blue or violet light that varies in brightness and color depending on the power consumption of the device they are connected to. Video-based cryptanalysis.

There are limitations to both attacks that make them unfeasible in many (but not all) real-world scenarios (more on that later). Despite this, the published research is groundbreaking because it provides an entirely new way to facilitate side-channel attacks. Not only that, but the new method removes the biggest barrier holding back previously existing methods from exploiting side channels: the need to have instruments such as an oscilloscope, electric probes, or other objects touching or being in proximity to the device being attacked.

In Minerva’s case, the device hosting the smart card reader had to be compromised for researchers to collect precise-enough measurements. Hertzbleed, by contrast, didnt rely on a compromised device but instead took 18 days of constant interaction with the vulnerable device to recover the private SIKE key. To attack many other side channels, such as the one in the World War II encrypted teletype terminal, attackers must have specialized and often expensive instruments attached or near the targeted device.

The video-based attacks presented on Tuesday reduce or completely eliminate such requirements. All thats required to steal the private key stored on the smart card is an Internet-connected surveillance camera that can be as far as 62 feet away from the targeted reader. The side-channel attack on the Samsung Galaxy handset can be performed by an iPhone 13 camera thats already present in the same room. Page: 1 2 3 4 Next → reader comments 114 with Dan Goodin Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Advertisement Promoted Comments ktmglen I am not following how you go from carefully observing power consumption to knowing the actual key. Is that explained somewhere that I missed?

[edited for clarity]The LED brightness is a proxy for the power consumption of the smartcard chip. Using a video camera to sample the brightness of the LED and thus the power consumption of the chip, they are able to deduce the timing of the ECDSA operations. With the timing information from several thousand ECDSA operations in hand, they are then able to perform a Minerva cryptanalysis to extract the keys from the chip.

Edit. Or Hertzbleed attack. That’s my take from a very quick read of the paper.

Edit, edit: The novelty in this attack is using a crappy security camera to do the sampling of the LED brightness. June 13, 2023 at 5:02 pm Channel Ars Technica ← Previous story Next story → Related Stories Today on Ars

Articles You May Like

Company behind Trumps favorite drink goes above and beyond for the inauguration
Major crafts retailer files for bankruptcy for second time in less than a year
GroceryDB helps shoppers spot ultra-processed foods
Will Dogecoin Skyrocket Soon? Chart Pattern Suggests Yes
Trump vows to act with historic speed after being sworn in as 47th president later today