Side-channel f can recover secret keys from cryptographic algorithms (including the pervasive AES) using measurements such as power use. However, these previously-known attacks on AES tend to require unrestricted, physical access to the device. Using improved antenna and signal processing, Fox-IT and Riscure show how to covertly recover the encryption key from two realistic AES-256 implementations while:
- Attacking at a distance of up to 1 m (30 cm in realistic conditions; “TEMPEST”),
- Using minimal equipment (ﬁts in a jacket pocket, costs less than €200) and
- Needing only a few minutes (5 minutes for 1 m and 50 seconds for 30 cm.
To the best of our knowledge, this is the ﬁrst public demonstration of such covert attacks from a distance. This demonstration reinforces the real need for defence-in-depth when designing high assurance systems — as Fox-IT is well known for.
If you want to read the whole blog, please find it attached to this page.
We did not attack the SmartFusion®2 FPGA’s built-in AES hardware. We used a textbook implementation of AES (from OpenSSL) showing that an unprotected implementation is unsafe and more vulnerable than was previously known. We demonstrate the need to incorporate DPA/DEMA countermeasures – such as those used in Microsemi’s FPGAs and in Fox-IT’s high assurance security products.
The security of the FPGAs used in the demonstration were not the subject of attack, and most any processor capable of running OpenSSL could have been used as the demonstration platform. The Fox-IT experiments did not test (or break) the DPA resistance of any Microsemi cryptographic implementations used in SmartFusion2.