ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels
| Title | ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Genkin, Daniel, Pachmanov, Lev, Pipman, Itamar, Tromer, Eran, Yarom, Yuval |
| Conference Name | Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4139-4 |
| Keywords | composability, digital signatures, electromagnetic analysis, elliptic curve, Elliptic curve cryptography, Metrics, Physical layer, physical layer security, physical-layer security, power analysis, pubcrawl, Resiliency, side channel attack |
| Abstract | We show that elliptic-curve cryptography implementations on mobile devices are vulnerable to electromagnetic and power side-channel attacks. We demonstrate full extraction of ECDSA secret signing keys from OpenSSL and CoreBitcoin running on iOS devices, and partial key leakage from OpenSSL running on Android and from iOS's CommonCrypto. These non-intrusive attacks use a simple magnetic probe placed in proximity to the device, or a power probe on the phone's USB cable. They use a bandwidth of merely a few hundred kHz, and can be performed cheaply using an audio card and an improvised magnetic probe. |
| URL | http://doi.acm.org/10.1145/2976749.2978353 |
| DOI | 10.1145/2976749.2978353 |
| Citation Key | genkin_ecdsa_2016 |