Wednesday, November 2, 2011

Compromising emissions!

Been reading about various side channel attacks, I think my skills (lateral thinking, electronics, 'puters, physics and math) could lend themselves well to this ...where do I sign up!
basically is eavesdropping information leaked via power,RF/EMI,sound,light or other means to gain information

http://en.wikipedia.org/wiki/Power_analysis
http://youtu.be/4L8rnYhnLt8
(RF/EMI demo)

http://syhw.posterous.com/two-amusing-side-channel-attacks
(USB port power and sound)
http://cs.tau.ac.il/~tromer/acoustic/
(PoC for picking up sound from mobo capacitors to break RSA )
http://digitallounge.gatech.edu/digitallife/index.html?nid=71506
(Keyboard taps)
http://lasecwww.epfl.ch/keyboard/
(keyboard EMI)

http://www.wired.com/threatlevel/2007/08/researchers-cra/
(car keys...brute forcing the private key from all challenge/responses)

http://www.pop.is/1eyo
(a physical side channel aka safe cracking)

Padding oracle attacks
http://www.usenix.org/event/woot10/tech/full_papers/Rizzo.pdf
(decrypt ciphertext without knowing the key eg to bypass CAPTCHA )
http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf
( Efficient Padding Oracle Attacks on Cryptographic Hardware )


RSA FOB tokens
http://www.geekosystem.com/broken-tokens/


http://www.newscientist.com/blogs/onepercent/2011/11/encryption-for-transit-cards-h.html
(Crack 3DES smart cards with an RFID reader and an oscilloscope, via power analysis of the chip in the card while de/encrypting)

http://www.techwarelabs.com/rfid-hacking-is-it-a-threat

http://www.cl.cam.ac.uk/~mgk25/ieee02-optical.pdf
(Read displays at a distance)
http://applied-math.org/acm_optical_tempest.pdf
http://dl.acm.org/citation.cfm?doid=545186.545189
(Flashing lights on your network kit may be a spanned port!)


TEMPEST backronyms from wikipedia

Tiny ElectroMagnetic Particles Emitting Secret Things
Transmitted Electro-Magnetic Pulse / Energy Standards & Testing
Telecommunications ElectroMagnetic Protection, Equipment, Standards & Techniques
Transient ElectroMagnetic Pulse Emanation STandard
Telecommunications Electronics Material Protected from Emanating Spurious Transmissions

1 comment:

  1. http://blog.cryptographyengineering.com/2012/10/attack-of-week-cross-vm-timing-attacks.html
    is a good summary of
    http://www.cs.unc.edu/~reiter/papers/2012/CCS.pdf

    ReplyDelete