With the help of this video I found their paper. So: In order to compromise the smart card reader, they hooked up their own hardware to it and caused it to perform 10,500 signature operations while they carefully measured the brightness of the LED. For the Samsung private key attack, they’re applying in a novel way an already-known timing attack caused by an interaction between the crypto library and the power-saving features of the processor. They threw large numbers of carefully crafted cryptographic operations at the CPU to cause it to change its voltage and power characteristics in ways it’s not supposed to, which they then detected at a distance by observing the speaker’s LED, which led them to be able to deduce the private key.
It’s still extremely impressive and 100% valid research. But, I feel that “if we have access to the hardware / ability to attack the software at length, and in addition we can watch the LEDs, the LEDs can help with the attack operation we conduct” is a little different than what the article made it sound like.
Yeah, I pulled the paper as well since I was curious. As far as I understand it, for the card reader, they use the data they get from the LED to help with solving the key. The LEDs leak crucial information about each encryption calculation and some specific calculations give away more info than others so they had to capture many key exchanges. Not super useful in most cases but it demonstrates a novel way to observe leaked info.
I’ll add a link to the paper to the post for easier access.
Sounds good to me. Like I say it’s still extremely impressive; there’s no need to omit the “and they also did a conventional attack at the same time which the LED helped with” part for it to be a great story.
Power fluctuations on a USB hub indicate power draw and can be directly related to data sent over the bus. I can totally believe this.
This video explains the method in more detail: https://youtu.be/ITqBKRZvS3Y
With the help of this video I found their paper. So: In order to compromise the smart card reader, they hooked up their own hardware to it and caused it to perform 10,500 signature operations while they carefully measured the brightness of the LED. For the Samsung private key attack, they’re applying in a novel way an already-known timing attack caused by an interaction between the crypto library and the power-saving features of the processor. They threw large numbers of carefully crafted cryptographic operations at the CPU to cause it to change its voltage and power characteristics in ways it’s not supposed to, which they then detected at a distance by observing the speaker’s LED, which led them to be able to deduce the private key.
It’s still extremely impressive and 100% valid research. But, I feel that “if we have access to the hardware / ability to attack the software at length, and in addition we can watch the LEDs, the LEDs can help with the attack operation we conduct” is a little different than what the article made it sound like.
Yeah, I pulled the paper as well since I was curious. As far as I understand it, for the card reader, they use the data they get from the LED to help with solving the key. The LEDs leak crucial information about each encryption calculation and some specific calculations give away more info than others so they had to capture many key exchanges. Not super useful in most cases but it demonstrates a novel way to observe leaked info.
I’ll add a link to the paper to the post for easier access.
Sounds good to me. Like I say it’s still extremely impressive; there’s no need to omit the “and they also did a conventional attack at the same time which the LED helped with” part for it to be a great story.