understanding screaming channels from a detailed analysis
play

Understanding Screaming Channels: From a Detailed Analysis to - PowerPoint PPT Presentation

Jul 06, 2023 •322 likes •1.27k views

Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks Giovanni Camurati*, Aurlien Francillon*, Franois-Xavier Standaert** *EURECOM, **Universit catholique de Louvain Who am I? Giovanni Camurati Ph.D. Student at

  1. Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks Giovanni Camurati*, Aurélien Francillon*, François-Xavier Standaert** *EURECOM, **Université catholique de Louvain

  2. Who am I? Giovanni Camurati Ph.D. Student at EURECOM, Sophia-Antipolis, France @GioCamurati https://giocamurati.github.io Side Channels and Radios What happens if radio transceivers are close to computing devices? Computer Architectures, Electronics, Embedded Systems Hardware Design, Firmware Rehosting, Hack@DAC with NOPS 2

  3. Why radios and computing devices? 3

  4. Modern Connected Devices Have Radios Mixed-signal architecture CPU + Crypto + Radio Same chip 4

  5. Modern Connected Devices Have Radios Mixed-signal architecture CPU + Crypto + Radio Same chip Benefits Low Power, Cheap, Small Easy to integrate 4

  6. Modern Connected Devices Have Radios Mixed-signal architecture CPU + Crypto + Radio Same chip Benefits Low Power, Cheap, Small Easy to integrate Examples BT, BLE, WiFi, GPS, etc 4

  7. What can go wrong? 5

  8. Screaming Channels [1], The Idea Mixed-signal chip 𝟕𝟓 𝑵𝑰𝒜 𝟑. 𝟓 𝑯𝑰𝒜 Noise sensitive transmitter 6

  9. Screaming Channels [1], The Idea Mixed-signal chip Strong noise 𝟕𝟓 𝑵𝑰𝒜 𝟑. 𝟓 𝑯𝑰𝒜 source Noise sensitive transmitter 6

  10. Screaming Channels [1], The Idea Mixed-signal chip Strong noise 𝟕𝟓 𝑵𝑰𝒜 𝟑. 𝟓 𝑯𝑰𝒜 source Noise sensitive transmitter 6

  11. Screaming Channels [1], The Idea Mixed-signal chip Strong noise 𝟕𝟓 𝑵𝑰𝒜 𝟑. 𝟓 𝑯𝑰𝒜 source Noise sensitive transmitter Easy propagation 6

  12. Screaming Channels [1], The Idea Mixed-signal chip Strong noise 𝟕𝟓 𝑵𝑰𝒜 𝟑. 𝟓 𝑯𝑰𝒜 source Noise sensitive transmitter Easy propagation 6

  13. Screaming Channels [1], The Idea Mixed-signal chip Strong noise 𝟕𝟓 𝑵𝑰𝒜 𝟑. 𝟓 𝑯𝑰𝒜 source Noise sensitive transmitter Easy propagation Leak Propagation 6

  14. Screaming Channels [1], The Idea Mixed-signal chip Strong noise 𝟕𝟓 𝑵𝑰𝒜 𝟑. 𝟓 𝑯𝑰𝒜 source Noise sensitive transmitter Easy propagation Leak Propagation 6

  15. Screaming Channels [1] in Action Antenna + SDR RX 𝟑𝒏 Cortex-M4 + BT TX 15

  16. Screaming Channels [1] in Action Antenna + SDR RX Radio Off 𝟑𝒏 Cortex-M4 + BT TX Noise 16

  17. Screaming Channels [1] in Action Radio Off Radio TX Antenna + SDR RX 𝟑𝒏 Cortex-M4 + BT TX Packet Noise 17

  18. Screaming Channels [1] in Action Radio Off Radio TX Antenna + SDR RX 𝟑𝒏 Cortex-M4 + BT TX Packet Noise 18

  19. Screaming Channels [1] in Action AES On Radio Off Radio TX Antenna + SDR RX 𝟑𝒏 Cortex-M4 + BT TX Packet Noise 19

  20. Screaming Channels [1] in Action AES On Radio Off Radio TX Antenna + SDR RX AES Starts 𝟑𝒏 Cortex-M4 + BT TX Packet Noise 20

  21. Screaming Channels [1] in Action AES On Radio Off Radio TX Antenna + SDR RX AES Starts Time domain 𝟑𝒏 Cortex-M4 + BT TX Packet Noise 21

  22. A New Threat [1] 8

  23. The "Screaming Channels" Leak Vector Idea, Root Cause, First Attack Intuition and root cause 10m in anechoic chamber Countermeasures 9

  24. The "Screaming Channels" Leak Vector Idea, Root Cause, First Attack CCS 2018 [1] & BHUSA18 [2] Intuition and root cause Camurati, Poeplau, Muench, 10m in anechoic chamber Hayes, Francillon Countermeasures 9

  25. The "Screaming Channels" Leak Vector Idea, Root Cause, First Attack CCS 2018 [1] & BHUSA18 [2] Intuition and root cause Camurati, Poeplau, Muench, 10m in anechoic chamber Hayes, Francillon Countermeasures Systematic Analysis Data/leak coexistence Distortion, profile reuse, etc. Improved Attacks Realistic environment up to 15m Google Eddystone Beacons 9

  26. The "Screaming Channels" Leak Vector Idea, Root Cause, First Attack CCS 2018 [1] & BHUSA18 [2] Intuition and root cause Camurati, Poeplau, Muench, 10m in anechoic chamber Hayes, Francillon Countermeasures Systematic Analysis Data/leak coexistence TCHES 2020 Distortion, profile reuse, etc. Camurati, Francillon, Standaert Improved Attacks Realistic environment up to 15m Google Eddystone Beacons 9

  27. Some Other Interesting Cases “ LeakyNoise ” CPU to ADC side channel in mixed-signal chips CHES2019 [14] Second-Order Soft-TEMPEST Soft-TEMPEST + (un)intentional cascaded effects EMC Europe 2018 [15] AP-RASC 2019 [16] 10

  28. Let us answer some open questions about Screaming Channels 11

  29. What is the difference with conventional leakages? 1/4 12

  30. Intuitively Radio channel (data + leakage) Coupling on chip CPU TX Near-field probe 13

  31. Intuitively Radio channel (data + leakage) Coupling on chip CPU TX 1. SNR? 2. Distortion? Near-field probe 13

  32. Intuitively Radio channel (data + leakage) Coupling on chip CPU TX 3. SNR & Distortion 1. SNR? • Distance & Setup 2. Distortion? • BLE Channel 4. Data/Leakage Near-field probe modulation 5. Discrete packets 6. Frequency hopping 13

  33. Necessary Steps Before We Can Start 1. Extract traces (in the specific case of our BLE device) 1. Data (GFSK) and leakage (AM) are orthogonal 2. Trigger on a peculiar frequency 3. Fix the channel (we will consider hopping later) 4. Time diversity to deal with deep fade between packets 14

  34. Necessary Steps Before We Can Start 1. Extract traces (in the specific case of our BLE device) 1. Data (GFSK) and leakage (AM) are orthogonal 2. Trigger on a peculiar frequency 3. Fix the channel (we will consider hopping later) 4. Time diversity to deal with deep fade between packets 2. Normalize 1. Z-score normalization inspired by [3,4,5,6] 2. Per-trace normalization removes the effect of the channel! 14

  35. Necessary Steps Before We Can Start 1. Extract traces (in the specific case of our BLE device) 1. Data (GFSK) and leakage (AM) are orthogonal 2. Trigger on a peculiar frequency 3. Fix the channel (we will consider hopping later) 4. Time diversity to deal with deep fade between packets 2. Normalize 1. Z-score normalization inspired by [3,4,5,6] 2. Per-trace normalization removes the effect of the channel! 𝑧 𝑢 = 𝐻𝑦(𝑢) 𝑧−𝑏𝑤𝑕(𝑧) 𝐻𝑦−𝐻𝑏𝑤𝑕(𝑦) y’ = = = 𝑦′ 𝑡𝑢𝑒(𝑧) 𝐻𝑡𝑢𝑒(𝑦) 14

  36. Understanding the Leakage Leakage variable y = SBox(p xor k) Leakage model m(y) = HW[y] Leakage l(y) 14

  37. Understanding the Leakage Leakage variable y = SBox(p xor k) Leakage model m(y) = HW[y] model(y) Estimate (nonlinear) leakage model for each y, using the profiling set Leakage l(y) 14

  38. Understanding the Leakage Leakage variable y = SBox(p xor k) Leakage model m(y) = HW[y] model(y) Estimate (nonlinear) leakage model for each y, using the profiling set Leakage l(y) Estimate the linear correlation between m(y) and l(y) on test set 14

  39. Understanding the Leakage Leakage variable y = SBox(p xor k) Leakage model m(y) = HW[y] model(y) Estimate (nonlinear) leakage model for each y, using the profiling set Leakage l(y) This is the r-test [7] Estimate the linear correlation between m(y) and l(y) on test set 14

  40. Understanding the Leakage 15

  41. Understanding the Leakage 15

  42. Understanding the Leakage Leakage variable y = SBox(p xor k) Leakage model m(y) = HW[y] model(y) Estimate (nonlinear) leakage model for each y, using the profiling set Leakage l(y) This is the r-test [7] Estimate the linear correlation between m(y) and l(y) on test set Results for Screaming vs. Conventional • Less POIs • Slightly lower but still high correlation SNR is comparable • HW is not a good model But the leakage is distorted 16

  43. Understanding the Leakage Leakage variable y = SBox(p xor k) Leakage model m(y) = HW[y] Leakage l(y) 17

  44. Understanding the Leakage Leakage variable y = SBox(p xor k) Leakage model m(y) = HW[y] Linear combination of the bits of y Estimate a linear model of the bits Leakage l(y) of y using linear regression [7] 17

  45. Understanding the Leakage 18

  46. Understanding the Leakage 18

  47. Understanding the Leakage Leakage variable y = SBox(p xor k) Leakage model m(y) = HW[y] Linear combination of the bits of y Estimate a linear model of the bits Leakage l(y) of y using linear regression [7] Results for Screaming vs. Conventional • Confirm leakage from Sbox output • Linear model is good for conventional traces • Bad for screaming traces The leakage model is nonlinear 19

  48. Understanding the Leakage Leakage variable y Leakage model m(y) Templates [9] can capture a second order relation between m(y) and l(y) Leakage l(y) 20

  49. Understanding the Leakage Leakage variable y Leakage model m(y) Templates [9] can capture a second order relation between m(y) and l(y) Leakage l(y) Results for Screaming vs. Conventional • Templates attacks are not considerably better than profiled correlation attacks First-order leakage (for our sample size) 20

  50. Conclusion 1. Comparable SNR, distorted leakage model 2. Nonlinear leakage model 3. First order leakage Profiled Correlation Attacks 22

  51. Can we reuse the profiles? 2/4 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni

Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni

Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, Aurlien Francillon Whats this all about? - A nov novel attack ex exploiting g EM side

886 views • 77 slides
Mathematical understanding of violation of detailed balance condition and its application to

Mathematical understanding of violation of detailed balance condition and its application to

. Mathematical understanding of violation of detailed balance condition and its application to Langevin dynamics . . . Masayuki Ohzeki 1 Akihisa Ichiki 2 1 Department of Systems Science, Kyoto University 2 Green Mobility Collaborative Research

407 views • 36 slides
Detailed Task Analysis and Failure Modes and Effects Analysis HFE Requirements Development

Detailed Task Analysis and Failure Modes and Effects Analysis HFE Requirements Development

Detailed Task Analysis and Failure Modes and Effects Analysis HFE Requirements Development Sources Customer Subject Matter Experts Users, operators Existing, similar systems Brainstorming Task Analysis Goals

700 views • 25 slides
Class Five You havent run screaming yet... Lets do pointers! pointers are one of the

Class Five You havent run screaming yet... Lets do pointers! pointers are one of the

The Code Liberation Foundation Lecture 5 Pointers Class Five You havent run screaming yet... Lets do pointers! pointers are one of the most powerful things about c++ A pointer is a variable that holds the address of another

608 views • 22 slides
1. Project Overview 2. Objectives 3. Key Findings 4. Market Analysis Detailed Findings 5.

1. Project Overview 2. Objectives 3. Key Findings 4. Market Analysis Detailed Findings 5.

Student Housing West 1. Project Overview 2. Objectives 3. Key Findings 4. Market Analysis Detailed Findings 5. Survey Analysis 6. Demand Analysis 7. Next Steps Project Overview Public-Private Partnership Capstone Development Partners,

748 views • 39 slides
Session 15 Understanding Challenging Behaviour SECTION 5: 1 Behaviour There are many possible

Session 15 Understanding Challenging Behaviour SECTION 5: 1 Behaviour There are many possible

Session 15 Understanding Challenging Behaviour SECTION 5: 1 Behaviour There are many possible factors influencing challenging behaviour Social person cant communicate except through screaming, hitting etc Biological person

210 views • 6 slides
Detailed analysis of the introductory Presentation by Melvyn Grosvenor: Many of the slides are

Detailed analysis of the introductory Presentation by Melvyn Grosvenor: Many of the slides are

Detailed analysis of the introductory Presentation by Melvyn Grosvenor: Many of the slides are self-explanatory but the ones below need further explanation. Slide 5: Department of Business Energy and Industrial Strategy (DBEIS) a response letter

203 views • 4 slides
Detailed Storm Rainfall Analysis for Hurricane Ivan Flooding in Georgia Using the Storm

Detailed Storm Rainfall Analysis for Hurricane Ivan Flooding in Georgia Using the Storm

Detailed Storm Rainfall Analysis for Hurricane Ivan Flooding in Georgia Using the Storm Precipitation Analysis System (SPAS) and NEXRAD Weather Radar Ed Tomlinson, PhD and Bill Kappel Applied Weather Associates LLC Ron Corso Mead and Hunt Inc

523 views • 38 slides
Which is more useful? Reality Detailed map Detailed public

Which is more useful? Reality Detailed map Detailed public

Which is more useful? Reality Detailed map Detailed public transporta6on Simplified metro Saturday, July 22, 17 Models dont need to reflect reality A model is an

791 views • 61 slides
Kmean Cluster Analysis 1 Learning Objectives Understanding the kmean cluster analysis

Kmean Cluster Analysis 1 Learning Objectives Understanding the kmean cluster analysis

Kmean Cluster Analysis 1 Learning Objectives Understanding the kmean cluster analysis procedure. Understanding the methods used to determine the optimal number of clusters. Managing data for the sake of conducting cluster analysis.

1.1k views • 80 slides
Blended Analysis for Blended Analysis for Performance Understanding of Performance Understanding

Blended Analysis for Blended Analysis for Performance Understanding of Performance Understanding

Blended Analysis for Blended Analysis for Performance Understanding of Performance Understanding of Framework- -based Applications based Applications Framework Bruno Dufour, Barbara G. Ryder, Gary Sevitsky Course: IFT6310 Presented by Wei

535 views • 40 slides
Chapter 6 Marks and Channels Vis/Visual Analytics, Chap 6 Marks/Channels 1 CGGM Lab., CS

Chapter 6 Marks and Channels Vis/Visual Analytics, Chap 6 Marks/Channels 1 CGGM Lab., CS

Chapter 6 Marks and Channels Vis/Visual Analytics, Chap 6 Marks/Channels 1 CGGM Lab., CS Dept., NCTU Jung Hong Chuang The Big Picture Marks Basic graphical elements in an image Channels Visual channels to control the

667 views • 43 slides
MICHAEL SUNDERLAND SITUATION ANALYSIS Competitive advantages Distribution channels and

MICHAEL SUNDERLAND SITUATION ANALYSIS Competitive advantages Distribution channels and

PRETZEL CRISPS: MARKETING RECOMMENDATIONS BY DAVE FOSTER, BRENDAN AMESBURY, MATTHEW BRODNIK, DERRICK NGUYEN, AND MICHAEL SUNDERLAND SITUATION ANALYSIS Competitive advantages Distribution channels and brand strength Premium and

286 views • 27 slides
Covenants Presentation Pt 2 Detailed analysis of the Sinai & Moab covenants This study was

Covenants Presentation Pt 2 Detailed analysis of the Sinai & Moab covenants This study was

Covenants Presentation Pt 2 Detailed analysis of the Sinai & Moab covenants This study was transcribed from Part 2 video Transforming the Law to Love For the law was given by Moses, but grace and truth came by Yahushua Messiah (Joh 1:17 KJV)

345 views • 21 slides
Journal Club Presentation A Detailed Immunohistochemical Analysis of a Large Series of Cervical

Journal Club Presentation A Detailed Immunohistochemical Analysis of a Large Series of Cervical

Journal Club Presentation A Detailed Immunohistochemical Analysis of a Large Series of Cervical and Vaginal Gastric-type Adenocarcinomas Claire Carleton, MD,* Lien Hoang, MD,w Shatrughan Sah, FRCPath,z Takako Kiyokawa, MD,y Yevgeniy S.

467 views • 44 slides
Detailed R-matrix analysis of 7 Li ( p , ) at 441keV Michael Munch, Oliver Slund Kirsebom,

Detailed R-matrix analysis of 7 Li ( p , ) at 441keV Michael Munch, Oliver Slund Kirsebom,

Detailed R-matrix analysis of 7 Li ( p , ) at 441keV Michael Munch, Oliver Slund Kirsebom, Jacobus Andreas Swartz, Karsten Riisager and Hans Otto Uldall Fynbo Department for Physics and Astronomy, Aarhus University May 24 th 2018, NMNP 8 Be

592 views • 20 slides
CS26007 Introduction to Wireless Networking Guangtao Xue Department of Computer Sciences

CS26007 Introduction to Wireless Networking Guangtao Xue Department of Computer Sciences

CS26007 Introduction to Wireless Networking Guangtao Xue Department of Computer Sciences Shanghai Jiao Tong University Fall 2015 Course Information Course Information Course #: CS26007 Lecture: T8:55 11:40 pm @

1.08k views • 70 slides
Development and Application of Worm-type Algorithm in Classical and Quantum Lattice Models Youjin

Development and Application of Worm-type Algorithm in Classical and Quantum Lattice Models Youjin

Development and Application of Worm-type Algorithm in Classical and Quantum Lattice Models Youjin Deng Univ. of Sci. & Tech. of China (USTC) Adjunct: Umass, Amherst Ins-tute for

672 views • 42 slides
Verified cryptographic implementations: how far can we go? Gilles Barthe IMDEA Software

Verified cryptographic implementations: how far can we go? Gilles Barthe IMDEA Software

Verified cryptographic implementations: how far can we go? Gilles Barthe IMDEA Software Institute, Madrid, Spain September 30, 2014 Motivation Loss of trust in Internet Implementation bugs (HeartBleed) Logical bugs (Triple

670 views • 38 slides
Information Theoretic Security S ennur Ulukus Department of ECE University of Maryland

Information Theoretic Security S ennur Ulukus Department of ECE University of Maryland

Information Theoretic Security S ennur Ulukus Department of ECE University of Maryland ulukus@umd.edu Joint work with Raef Bassily, Ersen Ekrem, Nan Liu, Shabnam Shafiee. 2012 European School of Information Theory April 2012

1.56k views • 129 slides
Modulation and demodulation (reminder) analog baseband digital signal data digital analog

Modulation and demodulation (reminder) analog baseband digital signal data digital analog

COM-405 Mobile Networks Module A (Part A2) Introduction Prof. JP Hubaux http://mobnet.epfl.ch Note: some of the slides of this and other modules and derived from Schillers book 1 Modulation and demodulation (reminder) analog baseband

1.06k views • 76 slides
An overview of D2D in 3GPP LTE standard Sofia Martinez Lopez 21st June 2016 Introduction ProSe

An overview of D2D in 3GPP LTE standard Sofia Martinez Lopez 21st June 2016 Introduction ProSe

An overview of D2D in 3GPP LTE standard Sofia Martinez Lopez 21st June 2016 Introduction ProSe stands for Proximity Service D2D communication D2D discovery advertis ements Data and voice exchange Discovery of user equipments

549 views • 34 slides
in the Cuprates T V Ramakrishnan Department of Physics, Banaras Hindu University Department of

in the Cuprates T V Ramakrishnan Department of Physics, Banaras Hindu University Department of

High Temperature Superconductivity in the Cuprates T V Ramakrishnan Department of Physics, Banaras Hindu University Department of Physics, Indian Institute of Science __________________________________________ Work done with S Banerjee and C

616 views • 18 slides
Lanczos method 1D tight-binding model O(N) Krylov subspace method Applications

Lanczos method 1D tight-binding model O(N) Krylov subspace method Applications

Large-scale electronic structure methods Introduction Lanczos method 1D tight-binding model O(N) Krylov subspace method Applications Outlook Taisuke Ozaki (ISSP, Univ. of Tokyo) The Summer School on DFT: Theories and

689 views • 55 slides

More recommend