[cryptography] side channel analysis on phones

Ethan Heilman eth3rs at gmail.com
Fri Mar 8 07:45:55 EST 2013

It depends what sort of side channel attacks you are worried about and what
sort of crypt algorithms you are using.

My knowledge area is cache based side channel attacks.

1. ARM chips use trustzone which claims it prevents cache based side
channel attacks when running in secure mode but probably amplifies them (I
found this on a set of slides a crypto class a professor had put up on the
web a few years back but have not verified it myself).
2. ARM v8 has the AES instruction set which you should use, some mobile
libraries may not use so check your library.
3. Timers on ARM chips don't have the same resolution as timers on x86 so
cache based attacks are very possible but harder.

Other than using the AES instruction set which should
completely mitigate the risk of cache based side channel attacks against an
AES key I am not sure there is much else you can do. Noise can always be
averaged away.

On Fri, Mar 8, 2013 at 2:57 AM, ianG <iang at iang.org> wrote:

> Has anyone done any side channel analysis on phones?
> I'm working on an android crypto app at the moment, and an unanswered
> question from the threat model is how to limit the possibilities of
> attacking the keys from another app.  I can see obvious techniques of
> adding additional camouflage crunching and delays, but as there might be
> smart apps sitting right there in another sandbox, it seems intuitively
> that just adding noise isn't going to cut it.
> iang
> ______________________________**_________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/**mailman/listinfo/cryptography<http://lists.randombit.net/mailman/listinfo/cryptography>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130308/1aa3a5e0/attachment.html>

More information about the cryptography mailing list