EMA as a Physical Method for Extracting Secret Data from Mobile Phones

Today’s mobile phones have diverse functions and features such as calling, Internet surfing, game playing, banking, storage of personal and professional data. Given that these devices run an increasing amount of added value applications, the number of the software attacks on such devices has drastically increased. This study shows that the mobile platforms, especially their constituent components running security-related applications, could also be good targets for hardware attacks where sensitive data stored in the mobile phone are extracted using physical methods. This article discusses the feasibility and presents the result of a technique involving the extraction of secret keys by using the Electromagnetic Analysis (EMA) on software implementations of the Advanced Encryption Standard (AES) running on Java mobile phones. Obtaining these keys can be used for forensic purposes or to recover encrypted data that could have been enciphered using such keys and stored in the device.

[1]  David Naccache,et al.  Experimenting with Faults, Lattices and the DSA , 2005, Public Key Cryptography.

[2]  Arenberg Doctoral,et al.  Electromagnetic Techniques and Probes for Side-Channel Analysis on Cryptographic Devices , 2010 .

[3]  Bruno Robisson,et al.  Design and characterisation of an AES chip embedding countermeasures , 2011, Int. J. Intell. Eng. Informatics.

[4]  Dan Page,et al.  Defending against cache-based side-channel attacks , 2003, Inf. Secur. Tech. Rep..

[5]  ChangKyun Kim,et al.  Differential Side Channel Analysis Attacks on FPGA Implementations of ARIA , 2007 .

[6]  W. Rosenstiel,et al.  Correlation power analysis in frequency domain extended abstract , 2010 .

[7]  Jasper G. J. van Woudenberg,et al.  Improving Differential Power Analysis by Elastic Alignment , 2011, CT-RSA.

[8]  Peng Zhang,et al.  EM Frequency Domain Correlation Analysis on Cipher Chips , 2009, 2009 First International Conference on Information Science and Engineering.

[9]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[10]  Akashi Satoh,et al.  High-Resolution Side-Channel Attack Using Phase-Based Waveform Matching , 2006, CHES.

[11]  Dowon Hong,et al.  Data Acquisition from Cell Phone using Logical Approach , 2007 .

[12]  Catherine Gebotys,et al.  EM Analysis of Rijndael and ECC on a PDA , 2005 .

[13]  Lionel Torres,et al.  Evaluating the robustness of secure triple track logic through prototyping , 2008, SBCCI '08.

[14]  Mark Roeloffs,et al.  Forensic Data Recovery from Flash Memory , 2007 .

[15]  Ing. M. F. Breeuwsma Forensic imaging of embedded systems using JTAG (boundary-scan) , 2006, Digit. Investig..

[16]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[17]  Svein Yngvar Willassen Forensic Analysis of Mobile Phone Internal Memory , 2005, IFIP Int. Conf. Digital Forensics.

[18]  David Naccache,et al.  Cryptography and Security: From Theory to Applications , 2012, Lecture Notes in Computer Science.

[19]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.