Stories
Slash Boxes
Comments

SoylentNews is people

Physical Key Extraction Attacks on PCs

posted by cmn32480 on Monday July 25 2016, @01:04AM   Printer-friendly
from the keys-to-the-kingdom dept.

An Anonymous Coward writes:

- Story:
http://cacm.acm.org/magazines/2016/6/202646-physical-key-extraction-attacks-on-pcs/fulltext

- Archived:
https://web.archive.org/web/*/http://cacm.acm.org/magazines/2016/6/202646-physical-key-extraction-attacks-on-pcs/fulltext
https://archive.is/MrXho

For attackers, ramming the gates of cryptography is not the only option. They can instead undermine the fortification by violating basic assumptions made by the cryptographic software. One such assumption is software can control its outputs. Our programming courses explain that programs produce their outputs through designated interfaces (whether print, write, send, or mmap); so, to keep a secret, the software just needs to never output it or anything that may reveal it. (The operating system may be misused to allow someone else's process to peek into the program's memory or files, though we are getting better at avoiding such attacks, too.)

Yet programs' control over their own outputs is a convenient fiction, for a deeper reason. The hardware running the program is a physical object and, as such, interacts with its environment in complex ways, including electric currents, electromagnetic fields, sound, vibrations, and light emissions. All these "side channels" may depend on the computation performed, along with the secrets within it. "Side-channel attacks," which exploit such information leakage, have been used to break the security of numerous cryptographic implementations

Original Submission

 
This discussion has been archived. No new comments can be posted.
Physical Key Extraction Attacks on PCs | Log In/Create an Account | Top | 7 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by shrewdsheep on Monday July 25 2016, @08:57AM

    by shrewdsheep (5215) on Monday July 25 2016, @08:57AM (#379710)

    ...some disconnected machines!!!...

    Hm, .... I believe that your exclamation marks are somewhat misplaced here. I believe that the notion of the "air-gapped" machine is illusory and everyone should be aware of it. For example, the stuxnet attack used many channels and ultimately reached the air-gapped production networks via usb-drives. If you completely isolate a machine, it has no relation to the rest of the universe and can thereby be excluded from further consideration. I personally do have an older laptop serving solely as a backup machine only turned on once a year or so and sitting in what I believe to be a defined state. By no means is that machine disconnected. There are only grades and states of connectedness the degree and extend of which indeed needs to be carefully considered.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by opinionated_science on Monday July 25 2016, @09:40AM

    by opinionated_science (4031) on Monday July 25 2016, @09:40AM (#379721)

    well might need to drive it via a solar panel to prevent PSU intrusion, but you get the idea ;-)