[Cryptech Tech] goals / use cases

[Fredrik Thulin]

On Thursday, January 29, 2015 04:11:59 AM Peter Gutmann wrote:
> Fredrik Thulin <fredrik at thulin.net> writes:
> >If we show the SoC made of stuff that we can't audit the AES/HMAC key, it
> >might exfiltrate it through some kind of side channel - not necessarily in
> >the output of the AES/HMAC operation which, as you say, is totally
> >deterministic.
> 
> I know that's the theoretical answer, but how would you side-channel AES or
> SHA-1?  For DSA and ECDSA, which are a whole smorgasbord of side-channel
> opportunities, I can see this would be an issue (thus the comment about
> leaving that for an FPGA), but any side-channel on AES is going to be
> something like leaking the key via EMI, in which case an FPGA can do exactly
> the same thing.

The side channel could be in some other operation. Hidden inside timing of USB 
packets sent for example.

I heard of a keyboard backdoor that leaked passwords typed by varying some 
timing parameter slightly.

As illustration, since the short explanation didn't come out very clear with 
me not being a native English speaker, consider a keyboard that sends all it's 
key presses to the host at 100 ms intervals. When it wants to exfiltrate a '1' 
it sends the next keypress 5 ms before the 100 ms mark, if it wants to 
exfiltrate a '0' it sends the next keypress at 5 ms past the 100 ms mark.

This exfiltration was said to be observable by even a passive attacker sniffing 
an SSH session. Ouch.

/Fredrik