RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.
Information Security – Theory vs. Reality , Winter 2011 Guest Lecturer: Yossi Oren 1.
LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
SBSeg 2007, NCE/UFRJ, Rio de Janeiro Linear Analysis of reduced- round CAST-128 and CAST-256 Jorge Nakahara Jr 1 Mads Rasmussen 2 1 UNISANTOS, Brazil 2.
White-Box Cryptography
Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.
Public Key Encryption Algorithm
1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.
CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.
Full AES key extraction in 65 milliseconds using cache attacks
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
Transforming out Timing Leaks (Agat’s approach) Terkel K. Tolstrup Informatics and Mathematical Modelling Technical University of.
An Expandable Montgomery Modular Multiplication Processor Adnan Abdul-Aziz GutubAlaaeldin A. M. Amin Computer Engineering Department King Fahd University.
Secure Systems Design Ramesh Karri Office Hours: Tues/Wed/Thurs: 12:00- 1:30 in LC 001
Lecture 23 Symmetric Encryption
Public Key Algorithms 4/17/2017 M. Chatterjee.
Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.
Announcements: Assignment 1 due tomorrow in class. Assignment 1 due tomorrow in class.Questions? Roll Call Today: Vigenere ciphers Pronunciation? DTTF/NB479:
Side-Channel Attack: timing attack Hiroki Morimoto.
An Introduction to Cryptology and Coding Theory Sarah Spence Adams Olin College Gordon Prichett Babson College
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Dan Boneh Public Key Encryption from trapdoor permutations RSA in practice Online Cryptography Course Dan Boneh.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptanalysis. The Speaker  Chuck Easttom  
5.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 5 Introduction to Modern Symmetric-key Ciphers.
Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.
RSA and its Mathematics Behind
Side Channel Attacks through Acoustic Emanations
Differential Cryptanalysis - quite similar to linear cryptanalysis - exploits the relationship between the difference of two inputs and the difference.
Issues of Security with the Oswald-Aigner Exponentiation Algorithm Colin D Walter Comodo Research Lab, Bradford, UK Colin D Walter.
9th IMA Conference on Cryptography & Coding Dec 2003 More Detail for a Combined Timing and Power Attack against Implementations of RSA Werner Schindler.
1 Lect. 10 : Cryptanalysis. 2 Block Cipher – Attack Scenarios  Attacks on encryption schemes  Ciphertext only attack: only ciphertexts are given  Known.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Improving Encryption Algorithms Betty Huang Computer Systems Lab
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
The EM Side-Channel(s) Dakshi Agrawal Bruce Archambeault Josyula R Rao Pankaj Rohatgi IBM.
1 Number Theory and Advanced Cryptography 5. Cryptanalysis of RSA Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
The RSA Algorithm. Content Review of Encryption RSA An RSA example.
Utilizing Performance Monitors for Compromising keys of RSA on Intel Platforms Sarani Bhattacharya and Debdeep Mukhopadhyay Dept. of Computer Science and.
1 Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation Daniel Genkin Technion and Tel Aviv University Eran Tromer.
Le Trong Ngoc Security Fundamentals (2) Encryption mechanisms 4/2011.
RSA and its Mathematics Behind July Topics  Modular Arithmetic  Greatest Common Divisor  Euler’s Identity  RSA algorithm  Security in RSA.
Rennes, 02/10/2014 Cristina Onete Attacks on RSA. Safe modes.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
"The generation of random numbers is too important to be left to chance.” 1 -- Robert R. Coveyou Oak Ridge National Laboratory.
Exploiting Cache-Timing in AES: Attacks and Countermeasures Ivo Pooters March 17, 2008 Seminar Information Security Technology.
Lecture 23 Symmetric Encryption
PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description.
CRYPTOGRAPHY PRESENTED BY : NILAY JAYSWAL BRANCH : COMPUTER SCIENCE & ENGINEERING ENTRY NO. : 14BCS033 1.
David Evans CS551: Security and Privacy University of Virginia Computer Science Lecture 4: Dissin’ DES The design took.
Remote Timing Attacks are Practical David Brumley Dan Boneh [Modified by Somesh.
1 Information Security – Theory vs. Reality , Winter Lecture 3: Power analysis, correlation power analysis Lecturer: Eran Tromer.
WISA 2007 Jeju Island, Korea, 27th – 29th Aug 2007 Longer Randomly Blinded RSA Keys may be Weaker than Shorter Ones Colin D. Walter
Computer Security Lecture 5 Ch.9 Public-Key Cryptography And RSA Prepared by Dr. Lamiaa Elshenawy.
Lecture 3 (Chapter 9) Public-Key Cryptography and RSA Prepared by Dr. Lamiaa M. Elshenawy 1.
Block Ciphers and the Data Encryption Standard. Modern Block Ciphers  One of the most widely used types of cryptographic algorithms  Used in symmetric.
RSA Pubic Key Encryption CSCI 5857: Encoding and Encryption.
@Yuan Xue Announcement Project Release Team forming Homework 1 will be released next Tuesday.
Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.
Public Key Cryptography
Quantum Cryptography Arjun Vinod S3 EC Roll No:17.
Unknown Input Attacks in the Parallel Setting Improving the Security of the CHES 2012 Leakage Resilient PRF Marcel Medwed François-Xavier Standaert Ventzislav.
Introduction to Modern Symmetric-key Ciphers
Cryptographic Timing Attacks
Introduction to Cryptography
Presentation transcript:

RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer

Mathematical Attacks InputOutput Crypto Algorithm Key Goal: recover the key given access to the inputs and outputs

Side Channel Attacks Power Vibration Timing Sound Heat EM InputOutput Radiation Crypto Algorithm Key Bad InputsErrors Goal: recover the key given access to the inputs, outputs and measurements Goal: recover the key given access to the inputs and outputs Crypto Algorithm Key Crypto Device Key

ENGULF [Peter Wright, pycatcher, p. 84] In 1956, a couple of Post Office engineers fixed a phone at the Egyptian embassy in London.

ENGULF (cont.) “The combined MI5/GCHQ operation enabled us to read the Egyptian ciphers in the London Embassy throughout the Suez Crisis.”

Acoustic cryptanalysis on modern CPUs

Distinguishing various CPU operations

Distinguishing various code lengths loops in different lengths of ADD instructions

RSA decryption

RSA key distinguishability and here is the sound of the keys (after signal processing)keys

Modular exponentiation

Single multiplication is way to fast for us to measure Multiplication is repeated 2048 times (0.5 sec of data)

Acoustic leakage of key bits

Results Key extraction is possible up to 4 meters away using a parabolic microphone

Results Key extraction is possible up to 1 meter away without a parabolic microphone

Results Key extraction is possible up to 30cm away using a smartphone

Karatsuba multiplication

The recursion tree

Basic multiplication Repeated for a total of 8 times in this call and for a total of up to ~172,000 times!, allowing for the leakage to be detectable using low bandwidth means (such as sound).

1.Play loud music while decrypting (or other kind of noise) 2.Parallel software load Countermeasures --- bad ideas!

Countermeasures (ciphertext randomization)

Thank you! (questions?)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.