[cryptography] side channel analysis on phones

Derek Miller dreemkiller at gmail.com
Fri Mar 8 08:58:09 EST 2013


Since he's writing an Android client side app, TrustZone is probably not
available to him.

Also, the latest ARM chips are still ARMv7. We wont see any ARMv8 chips
until at least next year. So the AES acceleration instructions are not
available to him.

Many SoC's have hardware crypto accelerators on them (separate from the
CPU) and they may be accessible through the android crypto libraries. But
this doesn't protect him on chips that don't have accelerators. Those will
just use software implementations.
On Mar 8, 2013 5:46 AM, "Ethan Heilman" <eth3rs at gmail.com> wrote:

> It depends what sort of side channel attacks you are worried about and
> what sort of crypt algorithms you are using.
>
> My knowledge area is cache based side channel attacks.
>
> 1. ARM chips use trustzone which claims it prevents cache based side
> channel attacks when running in secure mode but probably amplifies them (I
> found this on a set of slides a crypto class a professor had put up on the
> web a few years back but have not verified it myself).
> 2. ARM v8 has the AES instruction set which you should use, some mobile
> libraries may not use so check your library.
> 3. Timers on ARM chips don't have the same resolution as timers on x86 so
> cache based attacks are very possible but harder.
>
> Other than using the AES instruction set which should
> completely mitigate the risk of cache based side channel attacks against an
> AES key I am not sure there is much else you can do. Noise can always be
> averaged away.
>
> On Fri, Mar 8, 2013 at 2:57 AM, ianG <iang at iang.org> wrote:
>
>> Has anyone done any side channel analysis on phones?
>>
>> I'm working on an android crypto app at the moment, and an unanswered
>> question from the threat model is how to limit the possibilities of
>> attacking the keys from another app.  I can see obvious techniques of
>> adding additional camouflage crunching and delays, but as there might be
>> smart apps sitting right there in another sandbox, it seems intuitively
>> that just adding noise isn't going to cut it.
>>
>> iang
>> ______________________________**_________________
>> cryptography mailing list
>> cryptography at randombit.net
>> http://lists.randombit.net/**mailman/listinfo/cryptography<http://lists.randombit.net/mailman/listinfo/cryptography>
>>
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130308/e26ef6d4/attachment.html>


More information about the cryptography mailing list