BlueScream: Screaming Channels on Bluetooth ...
Type de document :
Communication dans un congrès avec actes
Titre :
BlueScream: Screaming Channels on Bluetooth Low Energy
Auteur(s) :
Ayoub, Pierre [Auteur]
Eurecom [Sophia Antipolis]
Cayre, Romain [Auteur]
Eurecom [Sophia Antipolis]
Francillon, Aurélien [Auteur]
Eurecom [Sophia Antipolis]
Maurice, Clementine [Auteur]
Self-adaptation for distributed services and large software systems [SPIRALS]
Eurecom [Sophia Antipolis]
Cayre, Romain [Auteur]
Eurecom [Sophia Antipolis]
Francillon, Aurélien [Auteur]
Eurecom [Sophia Antipolis]
Maurice, Clementine [Auteur]

Self-adaptation for distributed services and large software systems [SPIRALS]
Titre de la manifestation scientifique :
40th Annual Computer Security Applications Conference (ACSAC '24)
Ville :
Waikiki, Honolulu, Hawaii
Pays :
Etats-Unis d'Amérique
Date de début de la manifestation scientifique :
2024-12-09
Titre de l’ouvrage :
Proceedings of the 40th Annual Computer Security Applications Conference (ACSAC '24)
Date de publication :
2024-12-09
Mot(s)-clé(s) en anglais :
Screaming Channels
Side-channel attacks
Bluetooth Low Energy
BLE
Distant side-channels
Mixed-signal chips
Side-channel attacks
Bluetooth Low Energy
BLE
Distant side-channels
Mixed-signal chips
Discipline(s) HAL :
Informatique [cs]/Cryptographie et sécurité [cs.CR]
Informatique [cs]
Informatique [cs]/Traitement du signal et de l'image [eess.SP]
Sciences de l'ingénieur [physics]/Electronique
Informatique [cs]
Informatique [cs]/Traitement du signal et de l'image [eess.SP]
Sciences de l'ingénieur [physics]/Electronique
Résumé en anglais : [en]
In recent years, a class of wireless devices has been demonstrated to be vulnerable to a new side-channel attack called Screaming Channels. This attack exploits distant electromagnetic side channels up to a few meters, ...
Lire la suite >In recent years, a class of wireless devices has been demonstrated to be vulnerable to a new side-channel attack called Screaming Channels. This attack exploits distant electromagnetic side channels up to a few meters, when a coupling occurs between the digital activity and the radio transceiver of a system. This can happen in mixed-signal chips, where both digital and analog parts reside on the same silicon die. Until now, the Screaming Channel attack has mainly been demonstrated using custom firmware used in laboratory conditions or simple protocols -- e.g., Google Eddystone.In this paper, we evaluate an end-to-end Screaming Channel attack on a real-world firmware running on an off-the-shelf and popular Bluetooth Low Energy stack. By doing a careful analysis of Bluetooth Low Energy to find how to make the victim device leak, our results show that an attacker can manipulate the protocol such that a Screaming Channel leak happens during a radio transmission. Finally, we conducted one successful full-key recovery attack against AES using instrumented firmware and a partial-key recovery using stock firmware.Lire moins >
Lire la suite >In recent years, a class of wireless devices has been demonstrated to be vulnerable to a new side-channel attack called Screaming Channels. This attack exploits distant electromagnetic side channels up to a few meters, when a coupling occurs between the digital activity and the radio transceiver of a system. This can happen in mixed-signal chips, where both digital and analog parts reside on the same silicon die. Until now, the Screaming Channel attack has mainly been demonstrated using custom firmware used in laboratory conditions or simple protocols -- e.g., Google Eddystone.In this paper, we evaluate an end-to-end Screaming Channel attack on a real-world firmware running on an off-the-shelf and popular Bluetooth Low Energy stack. By doing a careful analysis of Bluetooth Low Energy to find how to make the victim device leak, our results show that an attacker can manipulate the protocol such that a Screaming Channel leak happens during a radio transmission. Finally, we conducted one successful full-key recovery attack against AES using instrumented firmware and a partial-key recovery using stock firmware.Lire moins >
Langue :
Anglais
Comité de lecture :
Oui
Audience :
Non spécifiée
Vulgarisation :
Non
Projet ANR :
Collections :
Source :