Skip to main content
Conference ProceedingsOPEN ACCESS

ECDSA key extraction from mobile devices via nonintrusive physical side channels

Proceedings of the ACM Conference on Computer and Communications Security (2016) 24-28-October-2016 1626-1638
DOI: 10.1145/2976749.2978353
135Citations
Citations of this article
134Readers
Mendeley users who have this article in their library.

Abstract

We show that elliptic-curve cryptography implementations on mobile devices are vulnerable to electromagnetic and power side-channel attacks. We demonstrate full extraction of ECDSA secret signing keys from OpenSSL and CoreBitcoin running on iOS devices, and partial key leakage from OpenSSL running on Android and from iOS's Common-Crypto. These non-intrusive attacks use a simple magnetic probe placed in proximity to the device, or a power probe on the phone's USB cable. They use a bandwidth of merely a few hundred kHz, and can be performed cheaply using an audio card and an improvised magnetic probe.

Cite

CITATION STYLE

APA

Genkin, D., Pachmanov, L., Pipman, I., Tromer, E., & Yarom, Y. (2016). ECDSA key extraction from mobile devices via nonintrusive physical side channels. In Proceedings of the ACM Conference on Computer and Communications Security (Vol. 24-28-October-2016, pp. 1626–1638). Association for Computing Machinery. https://doi.org/10.1145/2976749.2978353

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free