Professional Documents
Culture Documents
Recovering AES-128 Encryption Keys from a Raspberry Pi
Recovering AES-128 Encryption Keys from a Raspberry Pi
net/publication/320102039
CITATIONS READS
5 2,825
2 authors:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Ibraheem Frieslaar on 29 September 2017.
Abstract—This research is the first of its kind to perform This research investigates the susceptibility of a block-
a successful side channel analysis attack on a symmetric en- cipher implementation on a high powered device against SCA
cryption algorithm executing on a Raspberry Pi. It is demon- attacks. The investigation will focus on the Advanced Encryp-
strated that the AES-128 encryption algorithm of the Crypto++
library is vulnerable against the Correlation Power Analysis tion Standard (AES) cryptographic algorithm of the Crypto++
(CPA) attack. Furthermore, digital processing techniques such library executing on a Raspberry Pi 2. This research is the
as dynamic time warping and filtering are used to recovery the first of it’s kind to perform a SCA attack against the AES-
full encryption key. In Addition, it is illustrated that the area 128 algorithm executing on a Raspberry Pi 2. Furthermore,
above and around the CPU of the Raspberry Pi leaks out critical the following questions are highlighted:
and secret information.
1) How exposed is the implementation of the AES-128
Index Terms—AES-128, Electromagnetic, Raspberry Pi, Side
Channel Analysis, encryption algorithm based on the Crypto++ library?
2) What physical channels can be used for the attacks?
3) Can existing SCA techniques be used to recover secret
I. I NTRODUCTION information?
4) How expensive are such attacks, would cheap off the
shelf equipment be required?
The growth of the Internet of Things (IoT) has driven
society to incorporate multiple devices into their daily lives. The remainder of this paper is organized as follows: Sec-
These devices are located in homes, businesses, and even tion II discusses research in the field of SCA attacks against
entire cities. Although, this has enhanced user experience and high powered devices; Section III details the methodology
assisted in the comfort and ease of daily activities, it poses of this research; followed by the results and analysis in
a significant security threat. The vulnerabilities of these IoT Section IV; finally the paper is concluded with a discussion
devices was demonstrated as they were used to carry out a in Section V.
Distributed Denial of Service (DDoS) attacks on a French
hosting provider OVH [1]. Additionally, a DDoS attack was II. R ELATED W ORK
carried out against DynDNS [2] which resulted in major As mentioned in Section I SCA attacks on small embed-
sites and services including GitHub, Reddit, PayPal, Amazon, ded devices has been extensively researched against various
and thousands more to be inaccessible to billions of people cryptographic schemes, particular by utilising electromagnetic
worldwide. (EM) emanations [3]–[5]. EM emanations are captured from
The urgency to protect our IoT devices has become imper- devices and subsequently used to retrieve the secret informa-
ative as vulnerabilities will lead to critical information such tion. An advantage of using EM measurements, is that it does
as credit card details, bank details, home security passwords not require the attacker to have direct contact with the device.
and much more being stolen and used in fraudulent activities. Therefore, EM Attacks are less intrusive than the conventional
Therefore, our digital transactions and activities needs to be power analysis [3].
secured and protected. There has been various SCA attacks against PCs. These
Cryptographic applications has been introduced to secure attacks range from recovering secret keys from various cryp-
information. These applications obfuscate the information to tographic algorithms such as RSA. ELGamal and ECDH [6],
prevent the interception of private and critical data. Theo- [9], [10] . However, for this research the focus will remain
retically, cryptographic algorithms are mathematically secure. on SCA attacks against smartphones and ARM architectures.
However, the implementation of these algorithms are suscepti- Therefore, the rest of this section will detail the research
ble to side channel analysis (SCA) attacks. Traditionally, the involving attacks against smartphones and ARM devices.
research community has focused on SCA attacks based on Aboulkassimi et al. [11] performed EM attacks on sym-
smartcards, RFID tags, FPGAs and microcontrollers [3]–[5]. metric ciphers at a high bandwidth rate, i.e: capturing signals
However, in the last few years a paradigm shift has unfolded at the device clock rate frequencies on a Java based cellphone.
where the research community are targeting the vulnerabilities Furthermore, Goller and Sigl [12] implemented attacks on the
of high powered devices such as laptops and smartphones RSA [13] public key algorithm on an Android smartphone
against SCA attacks [6]–[8]. executing RSA.
Nakano et al. [14] attacked an Android smartphone using A. Equipment
low frequency attacks. The smartphone ran at 832 MHz. Their
attacks focused on the RSA and Elliptic curve cryptography This research used two Raspberry Pi 2’s, a FUNcube
(ECC) encryption implementations. Kenworthy and Rohatgi Dongle Pro+ which is a software defined radio (SDR) 1 , and a
achieved a non-invasive low-frequency attack against RSA electromagnetic (EM) probe. The first Raspberry Pi served as
running various smartphones [15]. Due to security reasons, the victim and the secondary Pi was the attacker. The Lubuntu
they do not mention the make or model of the smartphones. 14.04 operating system and the Linux 3.18.0-20-rpi2 kernel
Furthermore, they demonstrated attacks against the ECC. were used. The victim executed the AES-128 algorithm in the
Crypto++ library. No services were disabled on the device as
Belgarric et al. [7] and Genkin et al. [8] concurrently the objective was to keep the conditions close to a real world
introduced an invasive low frequency attack on the Elliptic scenario. However, the victim’s maximum CPU frequency
Curve Digital Signature Algorithm (ECDSA) implementation was set to 600 MHz. This prevents the CPU from using
of Android’s BouncyCastle library. A difference between the internal step-up controls to adjust power and CPU frequency.
two studies was that Belgarric et al. placed the magnetic By keeping the CPU at a constant frequency it enabled the
probe inside the smartphone where as Genkin et al. placed research to capture signals at a fixed range, instead of scanning
the magnetic probe in close proximity of the device. Addi- between the 600 – 900 MHz. The research mentioned in
tionally, Genkin et al. demonstrated that they were able to Section II also used a fixed frequency [9], [16].
successfully recover the secret ECDSA signing keys from
OpenSSL running on an iOS devices and partial keys from No adjustments were made to the attackers CPU fre-
an Android device. Furthermore, they exhibit the ability to quency. The FUNcube dongle was inserted into a usb port
recover the secret keys from Corebitcoin off an iOS device. and GNURadio was used to interface with the device. The
Their experimental setup comprised of cheap, compact and attacker ran GNURadio to intercept the EM data from the
easily available equipment such as sound cards and makeshift victim while it executed the encryption algorithm. GNU Radio
electromagnetic probes is a free software development toolkit that provides signal
processing blocks to implement software-defined radios and
Balasch et al. demonstrated a Differential Power Analysis signal-processing systems. Fig. 1 illustrates the setup of the
(DPA) attacks against the bitsliced AES encryption algorithm two Raspberry Pi’s, on the right is the attacker with the
running on a BeagleBone Black ARM development board FUNCube dongle and the EM probe connected to it. The EM
[16]. The processor used was an ARM Cortex-A8 proces- probe is placed over the CPU of the victim.
sor running at 1 GHz. The EM probe was placed over a
decoupling capacitor which was situated closely to the CPU.
Furthermore, Galea et al. performed a similar attack against
the device. However, their attacks were at lower frequencies
[17]. The results in these studies illustrates that symmetric key
encryption running on high powered devices are vulnerable to
SCA attacks. However, both studies physically glued the EM
probe onto the area of leakage and focused on specialised
hardware.
Based on the research discussed in this section. it is clearly
outlined that high powered devices are susceptible to SCA Fig. 1. The experimental setup of the two Raspberry Pi’s.
attacks. The attacks against high powered devices are fairly
new and many cryptographic algorithms and hardware has B. Data Collection and Processing
not been put under scrutiny based on SCA attacks. Therefore,
this research will be the first to take up the mantle to perform This subsection details the experimental setup in this re-
SCA attacks against a Raspberry Pi executing a symmetric search. The setup procedure to recover the secret information
encryption algorithm. Furthermore, this research will use comprises of two stages. These two stages are the capture
inexpensive and easily available equipment to capture EM data and analysis data phase.
emanations.
III. M ETHODOLOGY
Subkey
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Recovered - Y - - Y Y - - Y - - - - Y Y -
Time (s)
Quickest 3.3
Mean 141.36
Slowest 362.3
Elastic Alignment 37.5% This research is the first to attack and successfully recover
AES-128 encryption keys off a Raspberry Pi by utilizing side
All Techniques 75%
channel techniques. The results indicates that the Raspberry Pi
was vulnerable to SCA attacks even though it is a complicated
0% 20% 40% 60% 80% 100% high powered device executing multi-cores with advance
Success Ratio power management.
Fig. 7. The success ratio of the CPA attack with the addition of various As mentioned in Section I IoT devices are at risk for
alignment techniques. various attacks. These devices are not the only devices at
risks. Devices such as satellite TV are vulnerable as the
attacker could intercept and decrypt the signal using the
the total subkeys The research was able to recover one subkey stolen encryption keys. The decrypted signal can be used
without any digital modification. In addition, by applying and distributed to others without paying, thus resulting in
elastic alignment six subkeys were recovered, followed by companies loosing revenue. Furthermore, our cellphone calls
12 subkeys using all the techniques available. Although only would also be exposed and leaked to various third parties if the
partial key recovery was achieved, it is possible to recover encryption keys were stolen. Services like pay-per-view and
the entire secret key when perfect alignment is achieved or video streaming would be susceptible as the attacker could
by using brute force. Additionally, Table III illustrates the pretend to be the streamer and make millions of dollars. Since
12 subkeys that was recovered. The subkeys 10 – 13 were the arrival of Digital Economy the use of IoT, smartphones
not recovered, thus reiterating the need to align the traces and other devices has expanded specifically to include tasks
perfectly in order to retrieve the remaining subkeys. such as banking, social networking, e-commerce and bitcoin
TABLE III
T HE 12 SUBKEYS THAT WERE RECOVERED
Subkey
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Recovered Y Y Y Y Y Y Y Y Y - - - - Y Y Y