Tempest attacks against AES: Stealing keys using minimal equipment [pdf]

[JoachimSchipper]

This is research by my close colleagues; I'm happy to answer any questions.

[calculat0r]

What mode of operation of AES was used for the analysis?

[JoachimSchipper]

ECB, I think? The focus was definitely on attacking the crypto core per se.

(Of course, ECB is almost certainly a bad idea if you're trying to build an actual application!)

[cramsay]

Yes, ECB, although other modes would only require superficial changes. In practice the harder task is actually identifying the mode in use!

[enimodas]

Doesn't the device case act as a faraday cage?

[JoachimSchipper]

Less so than we expected; a metallic case definitely reduces the signal strength, but IIRC for the one case we tried placing, the small-loop antenna directly on the case still gets you a good-enough signal to break this (pretty basic) AES implementation. Someone could definitely do more research into that, though - we only did a one-off experiment.

Of course, everyone uses plastic nowadays... ;-)

[marcosdumay]

> but IIRC for the one case we tried placing, the small-loop antenna directly on the case still gets you a good-enough signal

Was the case grounded?

Laptops are mostly plastic and some non-grounded metal. Desktops are mostly grounded steel.

Steel may be permeable enough for a tempest attack. I don't know.

[cramsay]

Good point. The case wasn't grounded but that is more common for embedded targets/laptops.

We haven't looked at attacking desktops but the fact that there is a market for tempest shielded desktops (from OSPL, etc.) is perhaps an indication that it might still be possible...