Abstract
Recently, some wireless devices have been found vulnerable to a novel class of side-channel attacks, called Screaming Channels. These leaks might appear if the sensitive leaks from the processor are unintentionally broadcast by a radio transmitter placed on the same chip. Previous work focuses on identifying the root causes, and on mounting an attack at a distance considerably larger than the one achievable with conventional electromagnetic side channels, which was demonstrated in the low-noise environment of an anechoic chamber. However, a detailed understanding of the leak, attacks that take full advantage of the novel vector, and security evaluations in more practical scenarios are still missing. In this paper, we conduct a thorough experimental analysis of the peculiar properties of Screaming Channels. For example, we learn about the coexistence of intended and unintended data, the role of distance and other parameters on the strength of the leak, the distortion of the leakmodel, and the portability of the profiles. With such insights, we build better attacks. We profile a device connected via cable with 10000·500 traces. Then, 5 months later, we attack a different instance at 15m in an office environment. We recover the AES-128 key with 5000·1000 traces and key enumeration up to 223. Leveraging spatial diversity, we mount some attacks in the presence of obstacles. As a first example of application to a real system, we show a proof-of-concept attack against the authentication method of Google Eddystone beacons. On the one side, this work lowers the bar for more realistic attacks, highlighting the importance of the novel attack vector. On the other side, it provides a broader security evaluation of the leaks, helping the defender and radio designers to evaluate risk, and the need of countermeasures.
Highlights
Modern information systems are more and more connected, often by means of wireless protocols, resulting in an increased attack surface
We assume that each byte has the same average leak, so that we can compute a pooled estimate of this average leak with a pool of 16 bytes, for each possible value of the leak variable
Screaming channels are an interesting leak vector, with peculiar characteristics compared to other forms of side channels
Summary
Modern information systems are more and more connected, often by means of wireless protocols, resulting in an increased attack surface. Given the shared nature of the transmission medium, the radio link is at risk of becoming a propagation vector for sensitive information leaks. The channel opened at the physical layer might as well transmit other side signals that carry sensitive information. We have discovered a novel attack vector, called Screaming Channels [CPM+18], introduced by radio transmitters on mixed-signal chips. In this type of devices, very popular to add wireless (e.g., Bluetooth, WiFi) capabilities to connected objects, a processor and one or more radios lay on the same silicon chip. In Screaming Channels, a trace lm ,yp,k (t) is the average of m traces measured with the same plaintext-key pair. Xis the true value, whereas xg is a guess or hypothesis
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
