Graduate School and Research Center in Digital Sciences

Screaming channels: When electromagnetic side channels meet radio transceivers

Francillon, Aurélien

CRYPTACUS 2018, Invited Talk, Conference on Cryptanalysis in Ubiquitous Computing Systems, September 18-20, 2018, Rennes, France

The drive for ever smaller and cheaper components in microelectronics has popularized so-called "mixed-signal circuits," in which analog and digital circuitry are residing on the same silicon die. A typical example is WiFi chips which include a microcontroller (digital logic) where crypto and protocols are implemented together with the radio transceiver (analog logic). The special challenge of such designs is to separate the "noisy" digital circuits from the sensitive analog side of the system.   In this talk, we show that although isolation of digital and analog components is sufficient for those chips to work, it's often insufficient for them to be used securely. This leads to novel side-channel attacks that can break cryptography implemented in mixed-design chips over potentially large distances. This is crucial as the encryption of wireless communications is essential to widely used wireless technologies, such as WiFi or Bluetooth, in which mixed-design circuits are prevalent on consumer devices. The key observation is that in mixed-design radio chips the processor's activity leaks into the analog portion of the chip, where it is amplified, up-converted and broadcast as part of the regular radio output. While this is similar to electromagnetic (EM) side-channel attacks which can be mounted only in close proximity (millimeters, and in a few cases a meter), we show that it is possible to recover the original leaked signal over large distances on the radio. As a result, variations of known side-channel analysis techniques can be applied, effectively allowing us to retrieve the encryption key by just listening on the air with a software defined radio (SDR).

Bibtex

Title:Screaming channels: When electromagnetic side channels meet radio transceivers
Type:Talk
Language:English
City:Rennes
Country:FRANCE
Date:
Department:Digital Security
Eurecom ref:5689
Copyright: © EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in CRYPTACUS 2018, Invited Talk, Conference on Cryptanalysis in Ubiquitous Computing Systems, September 18-20, 2018, Rennes, France and is available at :
Bibtex: @talk{EURECOM+5689, year = {2018}, title = {{S}creaming channels: {W}hen electromagnetic side channels meet radio transceivers}, author = {{F}rancillon, {A}ur{\'e}lien}, number = {EURECOM+5689}, month = {09}, institution = {Eurecom} address = {{R}ennes, {FRANCE}}, url = {http://www.eurecom.fr/publication/5689} }
See also: