TY - GEN
T1 - Screaming channels
T2 - 25th ACM Conference on Computer and Communications Security, CCS 2018
AU - Camurati, Giovanni
AU - Poeplau, Sebastian
AU - Muench, Marius
AU - Hayes, Tom
AU - Francillon, Aurélien
PY - 2018/10/15
Y1 - 2018/10/15
N2 - This paper presents a new side channel that affects mixed-signal chips used in widespread wireless communication protocols, such as Bluetooth and WiFi. This increasingly common type of chip includes the radio transceiver along with digital logic on the same integrated circuit. In such systems, the radio transmitter may unintentionally broadcast sensitive information from hardware cryptographic components or software executing on the CPU. The well-known electromagnetic (EM) leakage from digital logic is inadvertently mixed with the radio carrier, which is amplified and then transmitted by the antenna. We call the resulting leak “screaming channels”. Attacks exploiting such a side channel may succeed over a much longer distance than attacks exploiting usual EM side channels. The root of the problem is that mixed-signal chips include both digital circuits and analog circuits on the same silicon die in close physical proximity. While processing data, the digital circuits on these chips generate noise, which can be picked up by noise-sensitive analog radio components, ultimately leading to leakage of sensitive information. We investigate the physical reasons behind the channel, we measure it on several popular devices from different vendors (including Nordic Semiconductor nRF52832, and Qualcomm Atheros AR9271), and we demonstrate a complete key recovery attack against the nRF52832 chip. In particular, we retrieve the full key from the AES-128 implementation in tinyAES at a distance of 10 m using template attacks. Additionally, we recover the key used by the AES-128 implementation in mbedTLS at a distance of 1 m with a correlation attack. Screaming channel attacks change the threat models of devices with mixed-signal chips, as those devices are now vulnerable from a distance. More specifically, we argue that protections against side channels (such as masking or hiding) need to be used on this class of devices. Finally, chips implementing other widespread protocols (e.g., 4G/LTE, RFID) need to be inspected to determine whether they are vulnerable to screaming channel attacks.
AB - This paper presents a new side channel that affects mixed-signal chips used in widespread wireless communication protocols, such as Bluetooth and WiFi. This increasingly common type of chip includes the radio transceiver along with digital logic on the same integrated circuit. In such systems, the radio transmitter may unintentionally broadcast sensitive information from hardware cryptographic components or software executing on the CPU. The well-known electromagnetic (EM) leakage from digital logic is inadvertently mixed with the radio carrier, which is amplified and then transmitted by the antenna. We call the resulting leak “screaming channels”. Attacks exploiting such a side channel may succeed over a much longer distance than attacks exploiting usual EM side channels. The root of the problem is that mixed-signal chips include both digital circuits and analog circuits on the same silicon die in close physical proximity. While processing data, the digital circuits on these chips generate noise, which can be picked up by noise-sensitive analog radio components, ultimately leading to leakage of sensitive information. We investigate the physical reasons behind the channel, we measure it on several popular devices from different vendors (including Nordic Semiconductor nRF52832, and Qualcomm Atheros AR9271), and we demonstrate a complete key recovery attack against the nRF52832 chip. In particular, we retrieve the full key from the AES-128 implementation in tinyAES at a distance of 10 m using template attacks. Additionally, we recover the key used by the AES-128 implementation in mbedTLS at a distance of 1 m with a correlation attack. Screaming channel attacks change the threat models of devices with mixed-signal chips, as those devices are now vulnerable from a distance. More specifically, we argue that protections against side channels (such as masking or hiding) need to be used on this class of devices. Finally, chips implementing other widespread protocols (e.g., 4G/LTE, RFID) need to be inspected to determine whether they are vulnerable to screaming channel attacks.
KW - Electromagnetic side channels; Mixed-signal chips
UR - http://www.scopus.com/inward/record.url?scp=85056834096&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85056834096&partnerID=8YFLogxK
U2 - 10.1145/3243734.3243802
DO - 10.1145/3243734.3243802
M3 - Conference contribution
AN - SCOPUS:85056834096
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 163
EP - 177
BT - CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 15 October 2018
ER -