[cryptography] side channel analysis on phones
Felix.Wyss at inin.com
Sat Mar 9 09:06:01 EST 2013
> -----Original Message-----
> From: cryptography [mailto:cryptography-bounces at randombit.net] On Behalf
> Of ianG
> Sent: Saturday, March 09, 2013 05:07
> To: cryptography at randombit.net
> Subject: Re: [cryptography] side channel analysis on phones
> Sure. RSA signing is the algorithm. The side channel is another app that
> is also running on the same phone, and has some ability to measure what
> else is going on. Although there is sandboxing and so forth in the
> Android, I'm expecting this to be weak, and I'm expecting there to be a
> way to measure the rough CPU / energy consumption, etc, of other apps.
> Enough to determine (for example) the beginning and end of an RSA sig.
How frequently will your application perform the RSA signing operation in practical use? I presume you'd want to minimize that at least for resource usage anyway. So unless an adversary is able to force you to perform it much more frequently, it seems that a side-channel attack on the device is not very practical as it would require timing measurements for a very long time. The longer this would take, the more other noise the adversary will have to deal with, such as the mix of installed and running applications changing, OS updates, etc. It thus seems an attack on other aspects of your application would be higher on the list for an adversary. For example, how do you manage the signing keys?
More information about the cryptography