
Tempest attacks against AES: Stealing keys using minimal equipment [pdf] - Kristine1975
https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf
======
ckastner
This was the AES implementation this was tested against:

 _The trace below shows our signal for one block of AES-256 encryption running
on a SmartFusion2 target. We use OpenSSL 's implementation of AES on the ARM
Cortex-M3 core of the SmartFusion2. There are clear, distinct patterns for
each stage of processing. We see I/O to and from the Cortex-M3, calculations
for the key schedule, and the 14 encryption rounds._

So it was a software implementation.

I wonder if and how effective this attack would be against devices with
hardware implementations of AES.

~~~
hvidgaard
All it does is messuring power consumtion and uses knowledge about the
implementation to calculate the key.

Unless steps have been taken to equal power consumption between different
paths, theoretically there is nothing stopping this from working on a hw
implementaion of AES.

~~~
devdoomari
...how about a random-power-consumer? would it help?

~~~
dom0
No, not at all. A raised SNR can be overcome in almost all circumstances by
making more measurements, i.e. correlation, since noise is not correlated, it
is removed. For the same reason random delays don't help against timing
attacks.

~~~
Drdrdrq
Curious: how about generating noise which _is_ correlated to signal and
actively tries to modify output to some "random" noise?

------
2sk21
I remember reading about such attacks for the first time in Neal Stephenson's
book Cryptonomicon under the term "Van Eck Phreaking". Looks like its gotten a
lot easier in recent years!

------
wizeman
Are there any modern crypto algorithms that are, by design, immune from an
attack such as this? Would not having any key-dependent code paths be
sufficient to prevent this attack?

If it is possible to be immune by design to power analysis, timing and tempest
attacks, is there a list of such algorithms somewhere that I can look it up?
My google-fu hasn't returned anything useful.

~~~
JoachimSchipper
Side-channel-resistance is a property of the algorithm, not of the
implementation.

As technion says, ChaCha20 was designed such that the evident software
implementation resists such attacks; however, Schwabe and Kasper also have a
high-quality software implementation of AES.

Hardware implementations are a different beast altogether, and a _lot_ of
expertise has gone into making hardened AES implementations in hardware (as
forg0t_username says, masking helps - but this is an entire field of study.
Look at some CHES conference papers to get an idea.)

~~~
oconnor663
> Side-channel-resistance is a property of the algorithm, not of the
> implementation.

I don't think this part is true. There are constant time software
implementations of AES:
[https://crypto.stackexchange.com/a/92/21442](https://crypto.stackexchange.com/a/92/21442)

~~~
JoachimSchipper
Oops, sorry, I absolutely meant it the other way round: "Side-channel-
resistance is a property of the _implementation_ , not of the _algorithm_."

(Designing easier-to-implement-securely algorithms does help.)

------
mhkool
An intelligent noise generator that runs as the second hardware thread on the
same CPU using should be able to protect the encryption. If the second noise-
generation thread is able to randomly stop the encryption thread and do itself
some random crypto, it should be able to fool the eavesdropper which will
assume that the signals of the noise thread is produced by the encryption
thread.

One can also think about modifying the implemenation of OpenSSL and others by
inserting a lot of noise in the algorithm itself.

One can also ask chip designers to modify the circuitry to produce a lot of
noise during AES instructions. Or do the opposite in circuitry: use something
comparable to active noise cancellation in headphones.

------
JoachimSchipper
This is research by my close colleagues; I'm happy to answer any questions.

~~~
calculat0r
What mode of operation of AES was used for the analysis?

~~~
JoachimSchipper
ECB, I think? The focus was definitely on attacking the crypto core per se.

(Of course, ECB is almost certainly a bad idea if you're trying to build an
actual application!)

~~~
cramsay
Yes, ECB, although other modes would only require superficial changes. In
practice the harder task is actually identifying the mode in use!

------
ishitatsuyuki
Well, in many cases AES keys are used one time, and there's also forward
secrecy that guards it from decryption even if the key leaked.

~~~
the8472
Forward secrecy does not protect the data for which the key was leaked (which
could be at-rest data), it only protects future transmissions.

------
molticrystal
There was an attempt to do something similar with ps3
[http://www.eurasia.nu/modules.php?name=Forums&file=viewtopic...](http://www.eurasia.nu/modules.php?name=Forums&file=viewtopic&topic=7266&forum=87)
, progress stopped though.

------
wdb
Off topic, but I always wondered how defense forces deal with encryption of
channel when they collaborate with other forces from different countries. You
would somehow be able to add a new participant to the group. Would this
require re-issue of keys?

------
sqldba
I read it a few times and still don't understand how you can get like the 4k
of private key data or whatever it is out of a radio signal - and they don't
even mention keys they're talking about the algorithm itself.

Totally don't get it in the slightest.

~~~
buu700
[https://en.wikipedia.org/wiki/Timing_attack](https://en.wikipedia.org/wiki/Timing_attack).
(Also, AES-256 keys are only 32 bytes, not 4 KB.)

~~~
JoachimSchipper
That gives the correct flavour, but note that we use a different side-channel
than timing - this is really a hardware attack, so we e.g. pick up 0->1
transitions in the address bus.

~~~
buu700
Ah, thanks for clarifying that; I'd just assumed it was timing from a quick
skim.

------
joantune
alright, portable faraday cages for everyone!

------
xcz
Can someone ELI5 how this works? Would be much appreciated <3

~~~
u123u4
Could this be used to break my existing hard drive encryption, or does it only
apply to the key generation stage?

~~~
JoachimSchipper
In theory, yes. In practice, just grabbing your unlocked laptop and running
off is a lot simpler than our/my colleagues' attack. ;-)

~~~
marcosdumay
A "mind if I share that table" attack might be much more useful than
explicitly taking some laptop and running away with it. It completely depends
on your threat model.

------
amq
Guys, stop breaking the world! /s

------
celticninja
I'm all for the sharing of information and responsible disclosure etc, but
when a company that makes stuff that is supposed to be protected from this
sort of attack, then shows how if you dont buy their stuff you are at risk
from anyone who can follow their plans and has $200, which they likely
couldn't do yesterday, it doesnt seem to be as consumer friendly as it could
be. more protection racket perhaps,

~~~
JoachimSchipper
We're just showing the capability; it's not like we're throwing a ready-made
attack kit on the internet. And it's not like we could coordinate disclosure
with "everyone who has ever shipped an AES implementation".

