[cryptography] side channel analysis on phones

ianG iang at iang.org
Wed Mar 13 16:11:08 EDT 2013


On 9/03/13 18:30 PM, Tanja Lange wrote:
> Dear Ian,
>> Has anyone done any side channel analysis on phones?
>>
> On the constructive side you might want to check out NaCl for ARM (best
> with NEON), e.g.
> 	 http://cryptojedi.org/crypto/#neoncrypto
> which avoids all software side channel attacks. Not sure how you would
> avoid cache attacks in Java.
>
> Cryptographic Research has a demo attacking cell phones running slow
> crypto (Java) by electromagnetic radiatiion, see
> 	http://www.youtube.com/watch?v=4L8rnYhnLt8


OK, interesting.  One thing I did not understand here was that the 
speaker said that at one point that it didn't matter if there was a mode 
employed like CBC, and at another point he was stating that he needs 
e.g. 10,000 or similar usages of that one key.  Which is it?



> Attacking fast (good) implementations is a lot harder but wee're looking
> into it.

so I'm looking for a fast (good) implementation of Java crypto  :)  (As 
mentioned earlier, the open apps world is pretty much limited to pure 
software.)

What was fairly impressive was that he was reading the ECC key directly 
from the oscilloscope from one scan of the radio signal.

> All the best
> 	Tanja
>


thanks, iang



More information about the cryptography mailing list