Re: DPA mapped to spectral analysis

1999-11-21 Thread Bill Frantz 

At 4:04 PM -0800 11/19/99, Matt Crawford wrote:
>> A while back someone on cypherpunks posted a program that would let you
>> hear FSK modulation on a normal radio when the program
>> was run, by modulating PCI traffic.
>
>Shoot, I remember the operators of the CDC 3150 at the local state
>college doing this around 1973 -- they set a radio on top of the
>console and ran a program that fiddled accumulator bits to play
>tunes.
>   Matt

We used to use an AM radio as a debugging aid with an IBM 1620 (20
microsecond cycle time) at Dartmouth Collage in 1962-1963.  My wife reports
a program called Mutran (sp?) she saw at Reed Collage which used a radio
and the 1620 to play suitably encoded sheet music.


-
Bill Frantz   | Internet Explorer, the | Periwinkle -- Consulting
(408)356-8506 | hacker's path to your  | 16345 Englewood Ave.
[EMAIL PROTECTED] | hard disk. | Los Gatos, CA 95032, USA

Re: DPA mapped to spectral analysis

1999-11-21 Thread Markus Kuhn 

"Marcus Leech" wrote on 1999-11-19 19:45 UTC:
> Has anyone considered experimenting with DPA (Differential Power
> Analysis), but using spectral data, instead of power consumption?
> 
> Different operations will produce different EM spectra, and so the
> attack
>   should work, given suitable selection of frequency range.  This could
>   potentially allow the bad guy to attack a card without having access
> to
>   the card, using a suitably directional antenna, etc.

We are working on experiments along such lines. The information carrying
components of the power spectrum extend even for a 3.5 MHz clock
microcontroller well into the VHF range, where meter-long cables become
good antennas. (Note that normal spectrum analysers are useless for such
studies, because they provide you only with the spectrum of the entire
power line, and they do not show you the much weaker information-
carrying components in it are are only of interest here.)

We are pretty certain that the currents and path lengths on the chip
itself are orders of magnitude too small to be picked up by any
practical form of antenna (unless perhaps you are in a very
well-shielded environment and use some esoteric helium-cooled
lowest-noise antennas), even if long-time averaging is performed.
However, this is not the case for currents on all the lines that leave
the chip surface.

Our experimental target is at the moment the PIC16F84 microcontroller.
It is in many aspects fully comparable to a smartcard controller (it is
in fact used in some smartcards), but assembler-level development kits
for it are much more easily openly available then for other smartcard
processors and we do not want to have to ask our students to sign
manufacturer NDAs before they can join the project. The PIC has also
more I/O ports than a normal smartcard CPU, which simplifies triggering
the oscilloscope during measurements, and it has a reasonably simple
architecture. We have been working with an 8-bit 200 MHz storage scope
so far, which is more than sufficient for performing a number of
attacks, but in order to fully characterize the spectral properties of
the leaking information, we will now use a new 8-bit 2 GHz scope as
well.

Our interest in the EM aspects is not specific to smartcards. For
smartcards, you can usually get easily galvanic access to the
connectors, and for most attacks, direct microprobing of the chip
surface is the easiest approach anyway. However, EM attacks on
microcontrollers are a first step towards better understanding the CPU
EM emissions of other more complex embedded security applications,
eventually even workstation-class systems. That's where compromising
emanations will really become interesting.

Some related earlier publications are on

  http://www.cl.cam.ac.uk/Research/Security/tamper/

especially

  http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf
  http://www.cl.cam.ac.uk/~mgk25/sc99-tamper.pdf

Markus

-- 
Markus G. Kuhn, Computer Laboratory, University of Cambridge, UK
Email: mkuhn at acm.org,  WWW:

Re: DPA mapped to spectral analysis

1999-11-20 Thread Peter Gutmann 

"Matt Crawford" <[EMAIL PROTECTED]> writes:

>>A while back someone on cypherpunks posted a program that would let you
>>hear FSK modulation on a normal radio when the program was run, by 
>>modulating PCI traffic.

>Shoot, I remember the operators of the CDC 3150 at the local state college 
>doing this around 1973 -- they set a radio on top of the console and ran a 
>program that fiddled accumulator bits to play tunes.

Steve Dompier did this in 1975 using the first generally-available
microcomputer (an Altair), he demonstrated it by playing "Bicycle for Two"
over the radio.  At that time it was the only way to get sound out of it,
although this type of output capability was later a noted (mis-)feature of 
the early TRS-80's.

Someone who worked on big iron in the UK once told me that there was so much 
RFI coming from one of their test facilities that aircraft had to be prevented
from flying overhead.

Peter.

Re: DPA mapped to spectral analysis

1999-11-20 Thread Marcus Leech 

David Honig wrote:
> 
> You have just reinvented the stuff TEMPEST tries to fight -
> van Eck monitoring.  Monitors, RS232 lines, and PC busses
> have been found to radiate well.
> 
> A while back someone on cypherpunks posted a program that would let you
> hear FSK modulation on a normal radio when the program
> was run, by modulating PCI traffic.
> 
Yup, I'm well aware of Van Eck monitoring, having done Van Eck video
monitoring
  with a friend of mine about 15 years ago.  Since most smart cards are
not
  terribly well shielded, I wonder whether you could *in reality* use
Van Eck
  monitoring to do a DPA-like crack of DES as a result.

Re: DPA mapped to spectral analysis

1999-01-17 Thread Matt Crawford 

> A while back someone on cypherpunks posted a program that would let you
> hear FSK modulation on a normal radio when the program
> was run, by modulating PCI traffic. 

Shoot, I remember the operators of the CDC 3150 at the local state
college doing this around 1973 -- they set a radio on top of the
console and ran a program that fiddled accumulator bits to play
tunes.
Matt

Re: DPA mapped to spectral analysis

1999-01-17 Thread David Honig 

At 02:45 PM 11/19/99 -0500, Marcus Leech wrote:
>Has anyone considered experimenting with DPA (Differential Power
>Analysis), but
>  using spectral data, instead of power consumption?
>
>Different operations will produce different EM spectra, 

You have just reinvented the stuff TEMPEST tries to fight -
van Eck monitoring.  Monitors, RS232 lines, and PC busses
have been found to radiate well.

A while back someone on cypherpunks posted a program that would let you
hear FSK modulation on a normal radio when the program
was run, by modulating PCI traffic.

DPA mapped to spectral analysis

1999-01-17 Thread Marcus Leech 

Has anyone considered experimenting with DPA (Differential Power
Analysis), but
  using spectral data, instead of power consumption?

Different operations will produce different EM spectra, and so the
attack
  should work, given suitable selection of frequency range.  This could
  potentially allow the bad guy to attack a card without having access
to
  the card, using a suitably directional antenna, etc.

Does anyone have an all-software simulator for Kochers DPA attack?