DesignCon 2012 will see two live demonstrations of key recovery from mobile devices through RF electromagnetic (EM) signal analysis. These are part of the presentation, "Secret Cryptographic Key Extraction from Mobile Devices using RF EM Emissions," (Session 12-WP6), by Gary Kenworthy of Cryptography Research on Wednesday, February 1, from 2:50 to 3:30 p.m. in Ballroom F of the Santa Clara Convention Center.
One analysis uses a magnetic field probe to recover the private key of an RSA public key encryption algorithm. A second demonstration recovers the key from an ECC algorithm from a distance of approximately 3m. Both analyses use inexpensive readily available RF receiving equipment for signal collection. Baseband EM approaches are similar to power measurement attacks such as SPA and DPA. EM analyses do not require the same level of physical access to a device that other side channels may require. Compliance with FCC emission thresholds will likely not provide a sufficient level of protection. The presentation discuss hardware, software, and protocol level countermeasures that substantially mitigate information leakage, as well as testing methods beyond FCC for quickly assessing the degree of protection.
I can unlock a steering wheel lock with a bolt cutter. The real solution is to just disable the remote unlock function. Leave remote lock working, though. Of course it would be better if the cheapo car makers had left the key locks on the passenger side doors instead of being so cheap. Many times all I want to do is unlock the passenger side door and put things in, I don't want to unlock all doors in some of those areas that I do have to visit on occasion.
Of course, disabling the remote unlock function is probably not possible with the way the system is designed now.
Join our online Radio Show on Friday 11th July starting at 2:00pm Eastern, when EETimes editor of all things fun and interesting, Max Maxfield, and embedded systems expert, Jack Ganssle, will debate as to just what is, and is not, and embedded system.