[Cryptography] Side channel attack on OpenSSL ECDSA on iOS and Android
Perry E. Metzger
perry at piermont.com
Wed Mar 2 14:19:23 EST 2016
[My comment -- not clear if this has real practical implications but
it shows yet again how hard it is to do this stuff right. --Perry]
Cryptology ePrint Archive: Report 2016/230
ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical
Side Channels
Daniel Genkin and Lev Pachmanov and Itamar Pipman and Eran Tromer and
Yuval Yarom
Abstract: We show that elliptic-curve cryptography implementations on
mobile devices are vulnerable to electromagnetic and power
side-channel attacks. We demonstrate full extraction of ECDSA secret
signing keys from OpenSSL and CoreBitcoin running on iOS devices, and
partial key leakage from OpenSSL running on Android and from iOS's
CommonCrypto. These non-intrusive attacks use a simple magnetic probe
placed in proximity to the device, or a power probe on the phone's
USB cable. They use a bandwidth of merely a few hundred kHz, and can
be performed cheaply using an audio card and an improvised magnetic
probe.
https://eprint.iacr.org/2016/230
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list