PhD at the University of Strathclyde
TEMPEST attacks against AES
Side-channel attacks can recover secret keys from cryptographic algorithms (including the pervasive AES) using measurements such as power use. However, these previously-known attacks on AES tend to require unrestricted, physical access to the device. Using improved antenna and signal processing, Fox-IT and Riscure show how to covertly recover the encryption key from two realistic AES-256 implementations while:
1. Attacking at a distance of up to 1 m (30 cm in realistic conditions; "TEMPEST"),
2. Using minimal equipment (ﬁts in a jacket pocket, costs less than €200) and
3. Needing only a few minutes (5 minutes for 1 m and 50 seconds for 30 cm.)
To the best of our knowledge, this is the ﬁrst public demonstration of such covert attacks from a distance.
Craig Ramsay (@thecramsay) is currently pursuing a PhD at the University of Strathclyde, focusing on SoC hardware security and software defined radio applications.
This year he undertook an internship at Fox Crypto B.V.researching TEMPEST attacks against AES (basis for this talk!) while seeking shelter from the Scottish winter weather.
On the side, Craig has been co-authoring an upcoming book about developing for Zynq UltraScale+ devices with the Strathclyde-based research group.