Please use this identifier to cite or link to this item:
https://hdl.handle.net/2440/135052
Citations | ||
Scopus | Web of Science® | Altmetric |
---|---|---|
?
|
?
|
Type: | Conference paper |
Title: | Nonce@Once: A single-trace EM side channel attack on several constant-time elliptic curve implementations in mobile platforms |
Author: | Alam, M. Yilmaz, B. Werner, F. Samwel, N. Zajic, A. Genkin, D. Yarom, Y. Prvulovic, M. |
Citation: | Proceedings of the 6th IEEE European Symposium on Security and Privacy (Euro S&P 2021), 2021, pp.507-522 |
Publisher: | IEEE |
Publisher Place: | online |
Issue Date: | 2021 |
ISBN: | 9781665414913 |
Conference Name: | IEEE European Symposium on Security and Privacy (EuroS&P) (6 Sep 2021 - 10 Sep 2021 : Virtual Online) |
Statement of Responsibility: | Monjur Alam, Baki Yilmaz, Frank Werner, Niels Samwel, Alenka Zajic, Daniel Genkin, Yuval Yarom, Milos Prvulovic |
Abstract: | We present the first side-channel attack on fullfledged smartphones that recovers the elliptic curve secret scalar from the electromagnetic signal that corresponds to a single scalar-by-point multiplication in current versions of Libgcrypt, OpenSSL, HACL* and curve25519-donna. To avoid leaking information via side channels, these implementations follow the recommendations of RFC 7748 and use a constant-time conditional swap operation. Our attack targets signal differences created by systematic changes in operand values during this conditional swap operation. We deploy the attack, using low-cost equipment (<$800), against two Android-based mobile phones and against a Linux-based IoT development board. We repeat the attack 100 times, each time with a different scalar, on each device. In all of the implementations considered in this work, our attack successfully recovers the full secret key within seconds. To mitigate the attack we suggest randomizing the exclusive-or mask in the conditional swap operation. We show that this countermeasure is effective in preventing this and similar attacks. |
Rights: | © 2021, Monjur Alam. Under license to IEEE. |
DOI: | 10.1109/EuroSP51992.2021.00041 |
Grant ID: | http://purl.org/au-research/grants/arc/DE200101577 http://purl.org/au-research/grants/arc/DP210102670 |
Published version: | https://ieeexplore.ieee.org/ |
Appears in Collections: | Computer Science publications |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.