Extracting Secret Keys from a Device's Power LED Using COTS Video Cameras
Speaker
Ben Nassi
Cornell Tech
Host
Alexandra Henzinger
CSAIL MIT
Over the past 25 years, research has highlighted the fact that high-end hardware can be used by attackers to recover secret keys from devices.
Numerous studies have demonstrated innovative secret key extraction techniques that rely on dedicated professional equipment to capture data-dependent physical leakage from target devices. These methods employ equipment like scopes to obtain power traces, software-defined radio and probes to capture electromagnetic radiation (EMR) traces, as well as ultrasonic microphones to capture acoustic traces. While these methods have deepened our understanding regarding the cryptanalytic risks associated with various types of leakage (EMR, acoustic, power) and high-end sensors to secret keys, much less is known about the cryptanalytic risks posed by optical leakage and accessible ubiquitous equipment such as video cameras.
In this talk, we will reveal the findings from the two research papers, optical cryptanalysis (CCS’23) and video-based cryptanalysis (SP’24), and discuss how attackers can extract cryptographic keys using video footage of a device’s power LEDs captured by standard video cameras. In the first part of the talk, we will review the history of the side-channel cryptanalytic attacks from the first timing attack that was published in 1996, through the cryptanalytic power-based attacks and cryptanalytic EMR attacks that were published since 1998 until the acoustic attack that was published at 2014 and conclude interesting insights regarding the lessons we learned from these works. Next, we will discuss information leakage from power LEDs (based on the findings presented at CCS 23), and understand why the intensity of the light emitted by a device’s power LED can be used as an alternative to power traces obtained from the device to recover secret keys (2048-bit RSA, 256-bit ECDSA and 378-bit SIKE keys) from commonly used cryptographic libraries (Libgcrypt, GnuPG, PQCryptoSIDH) using a photodiode. In the second part of the talk, we will discuss how standard video cameras (e.g., of an iPhone 13 PRO Max, and security camera) can be used as alternatives for the photodiodes (based on the findings presented at SP’24) to extract secret keys (256-bit ECDSA and 378-bit SIKE keys). We will discuss a video camera’s rolling shutter and understand how it can be used to increase the sampling rate of a video camera from the frame-per-second rate (60 measurements per second) to the rolling shutter rate (60,000 measurements per second). We will see videos of secret key recoveries that were taken by a smartphone and by an Internet-connected security camera to recover a 256-bit ECDSA key (using the Minerva side-channel attack) and a 378-SIKE key (using the HertzBleed side-channel attack). At the end of the talk, we will discuss countermeasures, and provide insights regarding the real potential of extracting cryptographic keys by video cameras in our days and in the near future, taking into account the expected improvements in the specifications of video cameras expected by Moore’s Law.
Numerous studies have demonstrated innovative secret key extraction techniques that rely on dedicated professional equipment to capture data-dependent physical leakage from target devices. These methods employ equipment like scopes to obtain power traces, software-defined radio and probes to capture electromagnetic radiation (EMR) traces, as well as ultrasonic microphones to capture acoustic traces. While these methods have deepened our understanding regarding the cryptanalytic risks associated with various types of leakage (EMR, acoustic, power) and high-end sensors to secret keys, much less is known about the cryptanalytic risks posed by optical leakage and accessible ubiquitous equipment such as video cameras.
In this talk, we will reveal the findings from the two research papers, optical cryptanalysis (CCS’23) and video-based cryptanalysis (SP’24), and discuss how attackers can extract cryptographic keys using video footage of a device’s power LEDs captured by standard video cameras. In the first part of the talk, we will review the history of the side-channel cryptanalytic attacks from the first timing attack that was published in 1996, through the cryptanalytic power-based attacks and cryptanalytic EMR attacks that were published since 1998 until the acoustic attack that was published at 2014 and conclude interesting insights regarding the lessons we learned from these works. Next, we will discuss information leakage from power LEDs (based on the findings presented at CCS 23), and understand why the intensity of the light emitted by a device’s power LED can be used as an alternative to power traces obtained from the device to recover secret keys (2048-bit RSA, 256-bit ECDSA and 378-bit SIKE keys) from commonly used cryptographic libraries (Libgcrypt, GnuPG, PQCryptoSIDH) using a photodiode. In the second part of the talk, we will discuss how standard video cameras (e.g., of an iPhone 13 PRO Max, and security camera) can be used as alternatives for the photodiodes (based on the findings presented at SP’24) to extract secret keys (256-bit ECDSA and 378-bit SIKE keys). We will discuss a video camera’s rolling shutter and understand how it can be used to increase the sampling rate of a video camera from the frame-per-second rate (60 measurements per second) to the rolling shutter rate (60,000 measurements per second). We will see videos of secret key recoveries that were taken by a smartphone and by an Internet-connected security camera to recover a 256-bit ECDSA key (using the Minerva side-channel attack) and a 378-SIKE key (using the HertzBleed side-channel attack). At the end of the talk, we will discuss countermeasures, and provide insights regarding the real potential of extracting cryptographic keys by video cameras in our days and in the near future, taking into account the expected improvements in the specifications of video cameras expected by Moore’s Law.