[cryptography] side channel analysis on phones

Jeffrey Walton noloader at gmail.com
Thu May 16 01:57:52 EDT 2013

On Fri, Mar 8, 2013 at 2:57 AM, ianG <iang at iang.org> wrote:
> Has anyone done any side channel analysis on phones?
> I'm working on an android crypto app at the moment, and an unanswered
> question from the threat model is how to limit the possibilities of
> attacking the keys from another app.  I can see obvious techniques of adding
> additional camouflage crunching and delays, but as there might be smart apps
> sitting right there in another sandbox, it seems intuitively that just
> adding noise isn't going to cut it.
I just ran across this. It applies to hyperthreding (I believe its the
first paper), so you might see it on some tablets.

Are you still interested in them?


CACHE MISSING FOR FUN AND PROFIT, http://www.daemonology.net/papers/htt.pdf.

Abstract. Simultaneous multithreading | put simply , the sharing of
the execution resources of a superscalar processor between multiple
execution threads | has recently become widespread via its
introduction (under the name \Hyper-Threading") into Intel Pentium 4
processors. In this implementation, for reasons of efficiency and
economy of processor area, the sharing of processor resources between
threads extends beyond the execution units; of particular concern is
that the threads share access to the memory caches.

We demonstrate that this shared access to memory caches provides not
only an easily used high bandwidth covert channel between threads, but
also permits a malicious thread (operating, in theory , with limited
privileges) to monitor the execution of another thread, allowing in
many cases for theft of cryptographic keys.

Finally , we provide some suggestions to processor designers,
operating system vendors, and the authors of cryptographic software,
of how this attack could be mitigated or eliminated entirely.

More information about the cryptography mailing list