DOI: 10.14489/vkit.2019.12.pp.046-053
Мостовой Р. А., Левина А. Б., Слепцова Д. М., Борисенко П. С. АТАКИ ПО СТОРОННИМ КАНАЛАМ НА МОБИЛЬНЫЕ ТЕЛЕФОНЫ (c. 46-53)
Аннотация. В статье показано, что клиентские приложения для мобильных телефонов особенно уязвимы к атакам по сторонним каналам в результате несложного доступа к атакуемому устройству. Дана оценка уровня угроз с учетом индивидуальных особенностей определенной целевой системы на примере смартфонов Alcatel POP3 и Xperia M2. Проведен анализ информативности сигналов побочных каналов, полученных с мобильных телефонов. Во время исследования использовано доступное оборудование, позволяющее показать возможность реализации атаки без использования дорогостоящего и высокотехнологичного лабораторного оборудования. При исследовании полученных данных использовался алгоритм NICV (Normalized Inter-Class Variance), значительно повышающий эффективность анализа полученных во время проведения атаки записей сторонних сигналов.
Ключевые слова: атаки по сторонним каналам; мобильные телефоны; NICV-алгоритм.
Mostovoy R. A., Levina A. B., Sleptsova D. M., Borisenko P. S. SIDE-CHANNEL ATTACKS ON THE MOBILE PHONES (pp. 46-53)
Abstract. Currently, attacks on side channels are the main method of cryptanalysis, but despite this, these attacks have a very specific model of the attacker. As a result, the practical usage of side-channel attacks is sometimes disputable. The level of threat in each case should be assessed taking into account the individual characteristics of a specific target system. Client applications, such as mobile phone applications, are especially vulnerable due to easy access to the device, so it's required to pay sufficient attention to their security, since they are more accessible to the attacker and usually contain a large amount of confidential information. This study represents an assessment of the informativeness of signals from side channels received from mobile phones. The studies used not expensive equipment to minimize the requirements for the level of the attacker and, consequently, increase the applicability of the attack. This undoubtedly leads to the complication of the attacks, so the NICV algorithm was used to analyze the data obtained. The NICV (normalized interclass variance) algorithm can significantly improve the efficiency of the analysis of the traces obtained during an attack by reducing the number of points.
Keywords: Side-channel attacks; Mobil phones; NICV-algorithm.
Р. А. Мостовой, А. Б. Левина, Д. М. Слепцова, П. С. Борисенко (Национальный исследовательский университет ИТМО, Санкт-Петербург, Россия) E-mail:
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
R. A. Mostovoy, A. B. Levina, D. M. Sleptsova, P. S. Borisenko (ITMO University, Saint Petersburg, Russia) E-mail:
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
1. Kocher P. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems // CRYPTO 1996. 18 – 22 August 1996. Santa Barbara, California, USA, 1996. Р. 104 – 113. 2. Bechtsoudis A., Sklavos N. Side Channel Attacks Cryptanalysis Against Block Ciphers Based on FPGA Devices // Proc. of IEEE Computer Society Annual Symposium on VLSI (IEEE ISVLSI'10). Kefalonia, Greece, July 5 – 7, 2010. Greece, 2010. P. 460 – 461. 3. Kocher P., Jaffe J., Jun B. Differential Power Analysis // CRYPTO 1999. 15 – 19 August 1999. Santa Barbara, California, USA, 1999. P. 388 – 397. 4. NACSIM 5000 Tempest Fundamentals (Report) // National Security Agency. February 1982. 5. Genkin D., Pipman I., Tromer E. Get your Hands off my Laptop: Physical Side-channel Key-extraction Attacks on PCs // Journal of Cryptographic Engineering. 2015. No. 5(2). P. 95 – 112. 6. Acoustic Side-channel Attacks on Printers / M. Backes et al. // Proc. of the 19th USENIX Conference on Security (USENIX Security'10). 11 – 13 August 2010. Washington, CA, USA. P. 20. 7. Genkin D., Shamir A., Tromer E. Acoustic Cryptanalysis // J. Cryptol. 2017. V. 30, No. 2. P. 392 – 443. DOI: https://doi.org/10.1007/s00145-015-9224-2. 8. Standaert F. X. Introduction to Side-Channel Attacks // Secure Integrated Circuits and Systems. 2010 Р. 27 – 42. 9. A Study on Power Side Channels on Mobile Devices / L. Yan et al. // Symposium of Internetware – Internetware 2015. 6 November 2015. Wuhan, China, 2015. P. 30 – 38. 10. Gebotys C. H., Ho S., Tiu C. C. EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA // Cryptographic Hardware and Embedded Systems – CHES 2005, ser. LNCS, V. 3659. Springer, 2005. P. 250 – 264. 11. Mobile Social Networking under Side-Channel Attacks: Practical Security Challenges / A. Ometov et al. // IEEE Access. 2017. V. 5. P. 2591 – 2601. 12. Goller G., Sigl G. Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment // Constructive Side-Channel Analysis and Secure Design – COSADE 2015, ser. LNCS, V. 9064. Springer, 2015. P. 255 – 270. 13. ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels / D. Genkin et al. // Conference on Computer and Communications Security (CCS 2016). 24 – 28 October, 2016. Vienna, Austria, 2016. P. 1626 – 1638. 14. NICV: Normalized Inter-class Variance for Detection of Side-Сhannel Leakage / S. Bhasin et al. // IEEE International Symposium on Electromagnetic Compatibility. 13 – 16 May 2014. Tokyo, Japan, 2014. V. 3. P. 310 – 313.
1. Kocher P. (1999). Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. CRYPTO 18 – 22 August 1999, (pp. 104-113). Santa Barbara, Cali¬fornia, USA. 1996. 2. Bechtsoudis A., Sklavos N. (2010). Side Channel Attacks Cryptanalysis Against Block Ciphers Based on FPGA Devices. Proc. of IEEE Computer Society Annual Symposium on VLSI (IEEE ISVLSI'10), Kefalonia, Greece, July 5 – 7, 2010. Greece, 2010. P. 460 – 461. 3. Kocher P., Jaffe J., Jun B. (1999). Differential Power Analysis. CRYPTO 15 – 19 August 1999, (pp. 388-397). Santa Barbara, California, USA. 1999. 4. NACSIM 5000 Tempest Fundamentals (Report). (1982). National Security Agency. February 1982. Genkin D., Pipman I., Tromer E. (2015). Get your Hands off my Laptop: Physical Side-channel Key-extraction Attacks on PCs. Journal of Cryptographic Engineering, 5(2), pp. 95 – 112. 5. Genkin D., Pipman I., Tromer E. (2015). Get your Hands off my Laptop: Physical Side-channel Key-extraction Attacks on PCs. Journal of Cryptographic Engineering, 5(2), pp. 95 – 112. 6. Backes M., Dürmuth M., Gerling S. et al. Acoustic Side-channel Attacks on Printers. Proc. of the 19th USENIX Conference on Security (USENIX Security'10). 11 – 13 August 2010, (p. 20). Washington, CA, USA. 7. Genkin D., Shamir A., Tromer E. (2017). Acoustic Cryptanalysis. J. Cryptol, 30(2), pp. 392 – 443. DOI: 10.1007/s00145-015-9224-2. 8. Standaert F. X. (2010). Introduction to Side-Channel Attacks. Secure Integrated Circuits and Systems. (pp. 27 – 42). 9. Yan L., Guo Y., Chen X., Mei H. (2015). A Study on Power Side Channels on Mobile Devices. Symposium of Internetware – Internetware. (pp. 30-38). 6 November 2015. Wuhan, China. 10. Gebotys C. H., Ho S., Tiu C. C. (2005). EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA. Cryptographic Hardware and Embedded Systems – CHES 2005, ser. LNCS, 3659, Springer, pp. 250 – 264. 11. Ometov A., Orsino A., Andreev S. et al. (2017). Mobile Social Networking under Side-Channel Attacks: Practical Security Challenges. IEEE Access, 5, pp. 2591 – 2601. 12. Goller G., Sigl G. (2015). Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment. Constructive Side-Channel Analysis and Secure Design – COSADE 2015, ser. LNCS, 9064, Springer, pp. 255 – 270. 13. Genkin D., Pachmanov L., Pipman I. et al. (2016). ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels. Conference on Computer and Communications Security (CCS 2016). 24 – 28 October, 2016. Vienna, Austria, pp. 1626 – 1638. 14. Bhasin S., Danger J.-L., Guilley S. et al. (2013). NICV: Normalized Interclass Variance for Detection of Side-Сhannel Leakage. IEEE International Symposium on Electromagnetic Compatibility, (pp. 310-313). 13 – 16 May 2013. Vol. 3. Tokyo.
Статью можно приобрести в электронном виде (PDF формат).
Стоимость статьи 350 руб. (в том числе НДС 18%). После оформления заказа, в течение нескольких дней, на указанный вами e-mail придут счет и квитанция для оплаты в банке.
После поступления денег на счет издательства, вам будет выслан электронный вариант статьи.
Для заказа скопируйте doi статьи:
10.14489/vkit.2019.12.pp.046-053
и заполните форму
Отправляя форму вы даете согласие на обработку персональных данных.
.
This article is available in electronic format (PDF).
The cost of a single article is 350 rubles. (including VAT 18%). After you place an order within a few days, you will receive following documents to your specified e-mail: account on payment and receipt to pay in the bank.
After depositing your payment on our bank account we send you file of the article by e-mail.
To order articles please copy the article doi:
10.14489/vkit.2019.12.pp.046-053
and fill out the form
.
|