ABSTRACT
Although power LEDs have been integrated in various devices that perform cryptographic operations for decades, the cryptanalysis risk they pose has not yet been investigated. In this paper, we present optical cryptanalysis, a new form of cryptanalytic side-channel attack, in which secret keys are extracted by using a photodiode to measure the light emitted by a device's power LED and analyzing subtle fluctuations in the light intensity during cryptographic operations. We analyze the optical leakage of power LEDs of various consumer devices and the factors that affect the optical SNR. We then demonstrate end-to-end optical cryptanalytic attacks against a range of consumer devices (smartphone, smartcard, and Raspberry Pi, along with their USB peripherals) and recover secret keys (RSA, ECDSA, SIKE) from prior and recent versions of popular cryptographic libraries (GnuPG, Libgcrypt, PQCrypto-SIDH) from a maximum distance of 25 meters.
- [n. d.]. curve25519-donna.c. https://github.com/agl/curve25519-donna/blob/ master/curve25519-donna.c.Google Scholar
- [n. d.]. HertzBleed Github. https://github.com/FPSG-UIUC/hertzbleed.Google Scholar
- [n. d.]. Minerva Github. https://github.com/crocs-muni/minerva/tree/master/ poc/attack.Google Scholar
- [n. d.]. PDA100A2. https://www.thorlabs.com/thorproduct.cfm?partnumber= PDA100A2.Google Scholar
- 2019. PQCrypto-SIDH. https://github.com/microsoft/PQCrypto-SIDHGoogle Scholar
- Onur Aciicc mez, cC etin Kaya Kocc, and Jean-Pierre Seifert. 2007. On the power of simple branch prediction analysis. In Proceedings of the 2nd ACM symposium on Information, computer and communications security. 312--320.Google Scholar
- Dakshi Agrawal, Bruce Archambeault, Josyula R Rao, and Pankaj Rohatgi. 2002. The EM side-channel (s). In International workshop on cryptographic hardware and embedded systems. Springer, 29--45.Google Scholar
- Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, and Aurélien Francillon. 2018. Screaming channels: When electromagnetic side channels meet radio transceivers. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 163--177.Google ScholarDigital Library
- Elad Carmon, Jean-Pierre Seifert, and Avishai Wool. 2017. Photonic side channel attacks against RSA. In 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). IEEE, 74--78.Google ScholarCross Ref
- Nan Chi, Meng Shi, Yiheng Zhao, Fumin Wang, Jianyang Shi, Yingjun Zhou, Xingyu Lu, and Liang Qiao. 2018. LED-based high-speed visible light communications. In Broadband Access Communication Technologies XII, Vol. 10559. SPIE, 90--97.Google Scholar
- Don Coppersmith. 1997. Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities. J. Cryptol., Vol. 10, 4 (sep 1997), 233--260. https://doi.org/10.1007/s001459900030Google ScholarDigital Library
- Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer. 2016. ECDH key-extraction via low-bandwidth electromagnetic attacks on PCs. In Cryptographers' Track at the RSA Conference. Springer, 219--235.Google Scholar
- Daniel Genkin, Adi Shamir, and Eran Tromer. 2014. RSA key extraction via low-bandwidth acoustic cryptanalysis. In Annual Cryptology Conference. Springer, 444--461.Google ScholarCross Ref
- Daniel Genkin, Adi Shamir, and Eran Tromer. 2017. Acoustic cryptanalysis. Journal of Cryptology, Vol. 30, 2 (2017), 392--443.Google ScholarDigital Library
- Dennis RE Gnad, Jonas Krautter, and Mehdi B Tahoori. 2019. Leaky noise: New side-channel attack vectors in mixed-signal IoT devices. IACR Transactions on Cryptographic Hardware and Embedded Systems (2019), 305--339.Google Scholar
- David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache games--bringing access-based cache attacks on AES to practice. In 2011 IEEE Symposium on Security and Privacy. IEEE, 490--505.Google ScholarDigital Library
- Mordechai Guri, Boris Zadov, Dima Bykhovsky, and Yuval Elovici. 2019. Ctrl-alt-led: Leaking data from air-gapped computers via keyboard leds. In 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Vol. 1. IEEE, 801--810.Google ScholarCross Ref
- Mordechai Guri, Boris Zadov, Andrey Daidakulov, and Yuval Elovici. 2018. xled: Covert data exfiltration from air-gapped networks via switch and router leds. In 2018 16th Annual Conference on Privacy, Security and Trust (PST). IEEE, 1--12.Google ScholarCross Ref
- Mordechai Guri, Boris Zadov, and Yuval Elovici. 2017. LED-it-GO: Leaking (a lot of) Data from Air-Gapped Computers via the (small) Hard Drive LED. In International conference on detection of intrusions and malware, and vulnerability assessment. Springer, 161--184.Google ScholarCross Ref
- Jan Jancar, Vladimir Sedlacek, Petr Svenda, and Marek Sys. 2020. Minerva: The curse of ECDSA nonces (Systematic analysis of lattice attacks on noisy leakage of bit-length of ECDSA nonces). IACR Transactions on Cryptographic Hardware and Embedded Systems, Vol. 2020, 4 (2020), 281--308. https://doi.org/10.13154/tches.v2020.i4.281-308Google ScholarCross Ref
- Sean King. 2008. Luminous Intensity of an LED as a Function of Input Power. ISB J. Phys, Vol. 2, 2 (2008).Google Scholar
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Annual international cryptology conference. Springer, 388--397.Google Scholar
- Paul Kocher, Joshua Jaffe, Benjamin Jun, and Pankaj Rohatgi. 2011. Introduction to differential power analysis. Journal of Cryptographic Engineering, Vol. 1, 1 (2011), 5--27.Google ScholarCross Ref
- Joe Loughry and David A Umphress. 2002. Information leakage from optical emanations. ACM Transactions on Information and System Security (TISSEC), Vol. 5, 3 (2002), 262--289.Google ScholarDigital Library
- Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. 2020. TPM-FAIL: TPM meets timing and lattice attacks. In Proceedings of the 29th USENIX Security Symposium.Google Scholar
- Ben Nassi, Yaron Pirutin, Tomer Cohen Galor, Yuval Elovici, and Boris Zadov. 2021. Glowworm Attack: Optical TEMPEST Sound Recovery via a Device's Power Indicator LED. Cryptology ePrint Archive, Report 2021/1064. https://ia.cr/2021/1064.Google Scholar
- Ben Nassi, Yaron Pirutin, Jacob Shams, Raz Swissa, Yuval Elovici, and Boris Zadov. 2022. Optical Speech Recovery From Desktop Speakers. Computer, Vol. 55, 11 (2022), 40--51.Google ScholarDigital Library
- Ronald L Rivest and Adi Shamir. 1985. Efficient factoring based on partial information. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, 31--34.Google Scholar
- Alexander Schlösser, Dmitry Nedospasov, Juliane Krämer, Susanna Orlic, and Jean-Pierre Seifert. 2012. Simple photonic emission analysis of AES. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 41--57.Google ScholarDigital Library
- Alexander Schlösser, Dmitry Nedospasov, Juliane Krämer, Susanna Orlic, and Jean-Pierre Seifert. 2013. Simple photonic emission analysis of AES. Journal of cryptographic engineering, Vol. 3, 1 (2013), 3--15.Google ScholarCross Ref
- Yukiyasu Tsunoo. 2002. Crypt-analysis of block ciphers implemented on computers with cache. Proc. ISITA2002, Oct. (2002).Google Scholar
- Yingchen Wang, Riccardo Paccagnella, Elizabeth Tang He, Hovav Shacham, Christopher W Fletcher, and David Kohlbrenner. 2022. Hertzbleed: Turning Power {Side-Channel} Attacks Into Remote Timing Attacks on x86. In 31st USENIX Security Symposium (USENIX Security 22). 679--697.Google Scholar
Index Terms
- Optical Cryptanalysis: Recovering Cryptographic Keys from Power LED Light Fluctuations
Recommendations
Cryptanalysis and Improvement of a Certificateless Multi-proxy Signature Scheme
Certificateless cryptography is a new type of public key cryptography, which removes the certificate management problem in traditional public key cryptography and the key escrow problem in identity-based public key cryptography. Multi-proxy signature is ...
Cryptanalysis of some signature schemes with message recovery
The notion of a self-certified public key was introduced by Girault in 1991. Recently, Tseng, Jan and Chien proposed a digital signature scheme with message recovery and some variants extended from the self-certified public key system proposed by ...
Cryptanalysis of the certificateless encryption schemes strongly secure in the standard model
ICMECG '11: Proceedings of the 2011Fifth International Conference on Management of e-Commerce and e-GovernmentCertificateless cryptography solves the key escrow problem that is inherent in the ID-based in the identity-based cryptography. In PKC 2008, Dent et al. proposed a certificateless encryption schemes strongly secure in the standard model. They claimed ...
Comments