Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks

Camurati, Giovanni; Francillon, Aurélien; Standaert, François-Xavier

doi:10.13154/tches.v2020.i3.358-401

Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks

Camurati, Giovanni

;

Francillon, Aurélien

;

Standaert, François-Xavier

(2020) IACR Transactions on Cryptographic Hardware and Embedded Systems — Vol. 2020, n° 3, p. 358-401 (2020)

Files

UnderstandingScreamingChannels_FromaDetailedAnalysistoImprovedAttacks.pdf

Open Access
Adobe PDF
3.03 KB

Download

Details

Authors

Camurati, GiovanniEURECOM, Sophia-Antipolis, France
Author
Francillon, AurélienEURECOM, Sophia-Antipolis, France
Author
Standaert, François-XavierUCLouvain
Author

Abstract

Recently, some wireless devices have been found vulnerable to a novel class of side-channel attacks, called Screaming Channels. These leaks might appear if the sensitive leaks from the processor are unintentionally broadcast by a radio transmitter placed on the same chip. Previous work focuses on identifying the root causes, and on mounting an attack at a distance considerably larger than the one achievable with conventional electromagnetic side channels, which was demonstrated in the low-noise environment of an anechoic chamber. However, a detailed understanding of the leak, attacks that take full advantage of the novel vector, and security evaluations in more practical scenarios are still missing. In this paper, we conduct a thorough experimental analysis of the peculiar properties of Screaming Channels. For example, we learn about the coexistence of intended and unintended data, the role of distance and other parameters on the strength of the leak, the distortion of the leak model, and the portability of the profiles. With such in sights, we build better attacks. We profile a device connected via cable with10000·500traces. Then,5months later, we attack a different instance at15 min an office environment. We recover theAES-128key with5000·1000traces and key enumeration up to223. Leveraging spatial diversity, we mount some attacks in the presence of obstacles. Asa first example of application to a real system, we show a proof-of-concept attack against the authentication method of Google Eddy stone beacons. On the one side, this work lowers the bar for more realistic attacks, highlighting the importance of the novel attack vector. On the other side, it provides a broader security evaluation of the leaks, helping the defender and radio designers to evaluate risk, and the need of countermeasures.

Affiliations

UCLouvainSST/ICTM/ELEN - Pôle en ingénierie électrique

Citations

APA
Chicago
FWB

Camurati, G., Francillon, A., & Standaert, F.-X. (2020). Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(3), 358-401. https://doi.org/10.13154/tches.v2020.i3.358-401 (Original work published 2020)