Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment

Goller, Gabriel; Sigl, Georg

doi:10.1007/978-3-319-21476-4_17

Gabriel Goller¹⁵ &
Georg Sigl¹⁶

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9064))

Included in the following conference series:

International Workshop on Constructive Side-Channel Analysis and Secure Design

1612 Accesses
20 Citations
3 Altmetric

Abstract

Side Channel Attacks are a powerful instrument to break cryptographic algorithms by measuring physical quantities during the execution of these algorithms on electronic devices. In this paper, the electromagnetic emanations of smartphones and embedded devices will be used to extract secret keys of public key cryptosystems. This will be done using standard radio equipment in combination with far-field antennas. While such attacks have been shown previously, the details of how to find relevant emanations and the limits of the attack remain largely unknown. Therefore, this paper will present all the required steps to find emanations of devices, implement a side channel attack exploiting ultra high frequency emanations and discuss different test setups. The result is a test setup which enables an attacker to mount a side channel attack for less than 30 Euros.

Gabriel Goller—This work has been partly supported by the German Bundesministerium für Bildung und Forschung as part of the project SIBASE with Förderkennzeichen 01IS13020E. Responsibility for the content of this publication lies with the authors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Google Scholar
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Google Scholar
Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. IACR Cryptol. ePrint Archive 2013, 857 (2013)
Google Scholar
National Security Agency: NACSIM 5000 Tempest Fundamentals. Partially released in December 2000–February 1982
Google Scholar
Agrawal, D., Archambeault, B., Rao, J., Rohatgi, P.: The EM side-channel(s). In: Kaliski, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002, pp. 29–45. Springer, Heidelberg (2003)
Chapter Google Scholar
Aboulkassimi, D., Agoyan, M., Freund, L., Fournier, J., Robisson, B., Tria, A.: Electromagnetic analysis (EMA) of software AES on java mobile phones. In: 2011 IEEE International Workshop on Information Forensics and Security (WIFS), pp. 1–6. IEEE (2011)
Google Scholar
Aboulkassimi, D., Fournier, J., Freund, L., Robisson, B., Tria, A.: EMA as a physical method for extracting secret data from mobile phones. Int. J. Comput. Sci. Appl. (IJCSA) 2(1), 16–25 (2013)
Google Scholar
Montminy, D., Baldwin, R., Temple, M., Oxley, M.: Differential electromagnetic attacks on a 32-bit microprocessor using software defined radios. IEEE Trans. Inf. Forensics Secur. 8(12), 2101–2114 (2013)
Article Google Scholar
Kenworthy, G., Rohatgi, P.: Mobile device security: the case for side channel resistance. In: Proceedings of the 2012 Mobile Security Technologies Conference, California, USA (2012)
Google Scholar
Jun, B., Kenworthy, G.: Is your mobile device radiating keys? Presentation, held at RSA Conference (2012)
Google Scholar
Kenworthy, G., Rohatgi, P.: Mobile device security: the case for side channel resistance. Presentation, held at Mobile Security Technologies Workshop (2012)
Google Scholar
Eaton, J., Bateman, D., Hauberg, S., Wehbring, R.: GNU Octave Free Your Numbers edition 3 for octave version 3.8.0 edition (2011)
Google Scholar
Swanson, D.C.: Signal Processing for Intelligent Sensor Systems with MATLAB, 2nd edn. Taylor & Francis, Boca Raton (2012)
Google Scholar
The OpenSSL Project: OpenSSL: The Open Source Toolkit for SSL/TLS. http://www.openssl.org. Accessed December 2014
Wiki, http://rtlsdr.org. Accessed December 2014
Johnson, D.H.: Signal-to-noise ratio. Scholarpedia 1(12), 2088 (2006)
Article Google Scholar

Download references

Author information

Authors and Affiliations

Giesecke and Devrient, Munich, Germany
Gabriel Goller
Institute for Security in Information Technology, Technische Universität München, Munich, Germany
Georg Sigl

Authors

Gabriel Goller
View author publications
You can also search for this author in PubMed Google Scholar
Georg Sigl
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gabriel Goller .

Editor information

Editors and Affiliations

Graz University of Technology, Graz, Austria
Stefan Mangard
NXP Semiconductors Germany GmbH, Hamburg, Germany
Axel Y. Poschmann

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Goller, G., Sigl, G. (2015). Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment. In: Mangard, S., Poschmann, A. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2015. Lecture Notes in Computer Science(), vol 9064. Springer, Cham. https://doi.org/10.1007/978-3-319-21476-4_17

Download citation

DOI: https://doi.org/10.1007/978-3-319-21476-4_17
Published: 17 July 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-21475-7
Online ISBN: 978-3-319-21476-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics