Is your mobile device’s EM emissions leaking your keys? A mobile app can inadvertently radiate secret data as cryptographic processing is done by the CPU. We’ll use a simple antenna and radio to perform live key extraction from several modern handheld devices. Developers can use several techniques to mitigate risk whenever applications use high-valued cryptographic keys.
This paper proposes an approach to validate that implementations of public‐key cryptography have moderate resistance to side‐channel analysis, using RSA‐CRT as an example. The design goal of the proposed approach is to develop tests that are technically sound and repeatable, while at the same time being efficient and cost‐effective for testing labs. The approach was validated on two devices, one without countermeasures and another with some DPA countermeasures.
Good cryptography requires good random numbers. This paper evaluates Intel’s hardware-based digital random number generator (RNG) for use in cryptographic applications.
Almost all cryptographic protocols require the generation and use of secret values that must be unknown to attackers. For example, random number generators are required to generate public/private keypairs for asymmetric (public key) algorithms including RSA, DSA, and Diffie-Hellman. Keys for symmetric and hybrid cryptosystems are also generated randomly. RNGs are used to create challenges, nonces (salts), padding bytes, and blinding values.
Because security protocols rely on the unpredictability of the keys they use, random number generators for cryptographic applications must meet stringent requirements. The most important property is that attackers, including those who know the RNG design, must not be able to make any useful predictions about the RNG outputs. In particular, the apparent entropy of the RNG output should be as close as possible to the bit length.
As the functionality of mobile devices has increased, so have the threats. These devices make attractive targets, given the sensitivity of user and corporate data they process and store, their emerging use for viewing protected content and conducting sensitive banking and payment transactions. Until recently, hardware and software based defenses for mobile platforms lagged behind those found in more mature systems.
The goal of a side‐channel resistance validation program is to assess whether a cryptographic module utilizing side‐channel analysis countermeasures can provide resistance to these attacks commensurate with the desired security level. While, no standardized testing program can guarantee resistance against all attacks, an effective program should be able to validate that sufficient care was taken in the design and implementation of countermeasures.
Data encryption and decryption operations are basic building blocks for most security applications. For this purpose, most systems use block ciphers, such as the public AES standard. It is well known, however, that implementations of block ciphers such as AES, as well as other cryptographic algorithms, are subject to side-channel attacks . These attacks allow adversaries to extract secret keys from devices by passively monitoring power consumption, EM emissions, or other “side channels”. Differential power analysis (DPA) is a common side channel attack that leverages power measurements.