IoT
8/17/2018
05:35 PM
100%
0%

Researchers Find New Fast-Acting Side-Channel Vulnerability

A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.

Researchers at Georgia Tech have found a side-channel attack that delivers the encryption key for a mobile device's RSA implementation. Oh, and it gets the key without physical access to the device. And in a single transaction. The good news is that there are limits.

The team presented their paper, One&Done: A Single-Decryption EM-Based Attack on OpenSSL's Constant-Time Blinded RSA, at the USENIX Security Symposium on Aug. 16. In the paper, they describe a method of "listening" to the electromagnetic signals generated by a processor whenever it is working data. As they listen to signals, they can convert those back into their native bits and capture the encryption key (and, frankly, any other data they wish) the first time it's processed.

"This successfully gets the key in only one encryption or decryption so you don't have to wait a long time," says paper co-author Milos Prvulovic, professor of computer science at Georgia Tech. He explains that the attack, which uses a small antenna placed a few inches from the device, is different from most of the side-channel attacks seeking encryption keys.

"Most require the device to decrypt a specific, specially crafted message. Others look at very small differences in the signal and require a huge amount of data. Ours extracts the key directly from how the algorithm works," he says. To prove the concept, the team performed research on, "… two Android-based mobile phones and an embedded system board, all with ARM processors operating at high (800 MHz to 1.1 GHz) frequencies…" according to the paper.

In the past, the team notes, capturing the very low-power signals generated by the processors would have required advanced, expensive radio receivers. Now, the paper states, receiving the signal is, "…well within the signal capture capabilities of compact commercially available sub-$1,000 software-defined radio (SDR) receivers such as the Ettus B200-mini."

A remedy for the attack was proposed in the paper, and provided to RSA ahead of publication. The researchers were able to capture the encryption key, Prvulovic says, because, "The secret bits are examined by the program one at a time. So we were able to just read out the bits one at a time." In their remediation, the researchers changed the implementation to read bits in parallel, rather than serial, fashion, making successful decryption a far more difficult and compute-intensive process.

Prvulovic says that their modification to the program makes the algorithm resistant to this particular attack, but other side-channel attacks may still be effective. A more potent defense, he says, comes from adhering to basic mobile-device hygiene. "All of these require close proximity, so you don't put your phone down on a table at a coffee shop or airport and do banking," Prvulovic says. "If you're holding the phone in your hand, it's highly likely you're secure. If someone's sufficiently close with a briefcase, then think about what you're doing."

Related content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
A96.uk
100%
0%
A96.uk,
User Rank: Apprentice
8/28/2018 | 3:36:01 AM
Re: the security issues
You should tell people this is RSA in software on phones not hardware protected.

 

Your telling me RSA in hardware has been hacked!

 

Don't think so.....

 

Please do the same hack on SAML11 or 508a/608a protected hardware.

 

Everyone is living in the last millenia, in my books.

 

We don't use software security unless we are IDIOT's
A96.uk
100%
0%
A96.uk,
User Rank: Apprentice
8/28/2018 | 3:33:17 AM
Re: the security issues
I think the story should say the security is implimented in software!

 

Try this attack with U2F or 508a/608a hardware tamper resistant!

 

Lol so funny people still thinking RSA in software is safe.
evana112
0%
100%
evana112,
User Rank: Apprentice
8/20/2018 | 7:36:53 PM
the security issues
here I get some important ideas about the side channel vulnerabilities. this vulnerability can hamper the work. I have visited mcafee support. keep sharing this type of useful ideas. I get some important ideas about the security surveillance also.
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18955
PUBLISHED: 2018-11-16
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resour...
CVE-2018-19311
PUBLISHED: 2018-11-16
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVE-2018-19312
PUBLISHED: 2018-11-16
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19318
PUBLISHED: 2018-11-16
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.
CVE-2018-19319
PUBLISHED: 2018-11-16
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges.