Abstract
Simple Side-Channel Analyses (SSCA) are known as techniques to uncover a cryptographic secret from one single spied waveform. Up to now, these very powerful attacks have been illustrated on simple devices which leakage was obvious. On more advanced targets, such as high-end processors of smartphones, a simple visual analysis of the waveforms might not be sufficient to read the secret at once. In this paper, we detail and explain how a composition of time-frequency pre-processings manages to extract the relevant information from one signal capture of an asymmetric cryptographic operation (RSA and ECC) running on an Android system. The lesson is that side-channel countermeasures must be applied even on advanced platforms such as smartphones to prevent secret information theft through the electromagnetic (EM) waveforms.
Chapter PDF
References
Aboulkassimi, D., Agoyan, M., Freund, L., Fournier, J., Robisson, B., Tria, A.: ElectroMagnetic analysis (EMA) of software AES on Java mobile phones. In: WIFS, pp. 1–6. IEEE (2011)
Android Debug Bridge, http://developer.android.com/tools/help/adb.html
Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal and vertical side-channel attacks against secure RSA implementations. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 1–17. Springer, Heidelberg (2013)
Bauer, A., Prouff, E., Jaulmes, É., Wild, J.: Horizontal Collision Correlation Attack on Elliptic Curves. In: Lange, T., Lauter, K., Lisonĕk, P. (eds.) SAC. LNCS, vol. 8282. Springer, Heidelberg (2014)
Boneh, D., Durfee, G., Frankel, Y.: An Attack on RSA Given a Small Fraction of the Private Key Bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25–34. Springer, Heidelberg (1998)
Bouncy Castle project. Bouncy Castle Crypto APIs, http://www.bouncycastle.org/documentation.html
Charvet, X., Pelletier, H.: Improving the DPA Attack using Wavelet Transform. In: Physical Security Testing Workshop, http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-3/physec/papers/physecpaper14.pdf
Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. IACR Cryptology ePrint Archive, Report 2010/394 (2010), http://eprint.iacr.org/2010/394
Crypto++ Library, http://www.cryptopp.com/
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)
Gebotys, C.H., Ho, S., Tiu, C.C.: EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 250–264. Springer, Heidelberg (2005)
Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. Cryptology ePrint Archive, Report 2013/857 (2013)
Google Inc. Profiling with Traceview and dmtracedump, http://developer.android.com/tools/debugging/debugging-tracing.html
Heyszl, J., Ibing, A., Mangard, S., Santis, F.D., Sigl, G.: Clustering Algorithms for Non-Profiled Single-Execution Attacks on Exponentiations. IACR Cryptology ePrint Archive, Report 2013/438 (2013), http://eprint.iacr.org/2013/438
Kenworthy, G., Rohatgi, P.: Mobile Device Security: The case for side channel resistance, http://mostconf.org/2012/papers/21.pdf
Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Le, T.H., Clédiere, J., Serviere, C., Lacoume, J.L.: Noise Reduction in Side Channel Attack Using Fourth-Order Cumulant. IEEE Transactions on Information Forensics and Security (4), 710–720
OpenSSL Project. OpenSSL library documentation, http://www.openssl.org/related/binaries.html
Oracle Corporation. JAVA JCE documentation, http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html
RELIC library (UNICAMP), https://code.google.com/p/relic-toolkit/
Research Center for Information Security (RCIS). Side-channel Attack Standard Evaluation Board (SASEBO), http://www.rcis.aist.go.jp/special/SASEBO/index-en.html
Souissi, Y., Aabid, A.E., Debande, N., Guilley, S., Danger, J.-L.: Novel Applications of Wavelet Transforms based Side-Channel Analysis. Non-Invasive Attack Testing Workshop (2011), http://csrc.nist.gov/news_events/non-invasive-attack-testing-workshop/papers/01_Souissi.pdf
Souissi, Y., Guilley, S., Danger, J.-L., Mekki, S., Duc, G.: Improvement of power analysis attacks using Kalman filter. In: ICASSP, pp. 1778–1781. IEEE (2010)
Vuagnoux, M., Pasini, S.: Compromising electromagnetic emanations of wired and wireless keyboards. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, Berkeley, CA, USA, pp. 1–16. USENIX Association (2009)
Walter, C.D.: Sliding Windows Succumbs to Big Mac Attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 286–299. Springer, Heidelberg (2001)
Zenger, C., Paar, C., Lemke-Rust, K., Kasper, T., Oswald, D.: SEMA of RSA on a Smartphone. B.Sc. (from March 01, 2011 to October 17, 2011) report, http://www.yumpu.com/en/document/view/19636241/sema-of-rsa-on-a-smartphone
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Nakano, Y. et al. (2014). A Pre-processing Composition for Secret Key Recovery on Android Smartphone. In: Naccache, D., Sauveron, D. (eds) Information Security Theory and Practice. Securing the Internet of Things. WISTP 2014. Lecture Notes in Computer Science, vol 8501. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43826-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-662-43826-8_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43825-1
Online ISBN: 978-3-662-43826-8
eBook Packages: Computer ScienceComputer Science (R0)