Re: Is this a side-channel attack?
- From: Marcus <marcus@xxxxxxxxxxxxxxx>
- Date: Wed, 08 Feb 2012 09:28:30 +0000
On 08/02/2012 03:11, Scott Contini wrote:
On Feb 8, 8:41 am, Noob <root@localhost> wrote:
This looks like the description of a side-channel attack.
"Stealing smartphone crypto keys using plain old radio"http://www.networkworld.com/news/2012/012612-rsa-crypto-keys-255379.html
Yes, but electromagnetic side channel attacks have been
known for at least 10 years: Do a Google search. Not
my area of expertise, so whether he is doing something
differently than previous researchers, I cannot judge.
Paul Kocher, who is doing this demonstration, is one of the foremost
expert on Power and EM analysis.
When you say the attacks have been know for 10 years - it is mainly down
to Paul banging on about them over that time.
The fact that people are still designing new devices that are
susceptible to EMA using basic equipment is still worth while
demonstrating. In fact "household equipment" is probably getting better
at performing the analysis due to Moores law.
The battle has not been won.
To some extent this is because you can get a Crypto module certified as
good for government use without considering side channels.
I was at the CMVP workshop on Hawaii in 2005 where Paul was arguing that
FIPS 140-2 was deficient in that it had no requirements for side
channels and FIPS 140-3 needed to have a section covering non-invasive
attacks. However FIPS 140-3 still has not been issued and the last draft
only required the evaluator to test at level 4.