International Association for Cryptologic Research

International Association
for Cryptologic Research


Aurelien Francillon


Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks
Recently, some wireless devices have been found vulnerable to a novel class of side-channel attacks, called Screaming Channels. These leaks might appear if the sensitive leaks from the processor are unintentionally broadcast by a radio transmitter placed on the same chip. Previous work focuses on identifying the root causes, and on mounting an attack at a distance considerably larger than the one achievable with conventional electromagnetic side channels, which was demonstrated in the low-noise environment of an anechoic chamber. However, a detailed understanding of the leak, attacks that take full advantage of the novel vector, and security evaluations in more practical scenarios are still missing. In this paper, we conduct a thorough experimental analysis of the peculiar properties of Screaming Channels. For example, we learn about the coexistence of intended and unintended data, the role of distance and other parameters on the strength of the leak, the distortion of the leakmodel, and the portability of the profiles. With such insights, we build better attacks. We profile a device connected via cable with 10000·500 traces. Then, 5 months later, we attack a different instance at 15m in an office environment. We recover the AES-128 key with 5000·1000 traces and key enumeration up to 223. Leveraging spatial diversity, we mount some attacks in the presence of obstacles. As a first example of application to a real system, we show a proof-of-concept attack against the authentication method of Google Eddystone beacons. On the one side, this work lowers the bar for more realistic attacks, highlighting the importance of the novel attack vector. On the other side, it provides a broader security evaluation of the leaks, helping the defender and radio designers to evaluate risk, and the need of countermeasures.
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars
Aurelien Francillon Boris Danev Srdjan Capkun
We demonstrate a relay attack on Passive Keyless Entry and Start (PKES) systems used in modern cars. The attack allows the attacker to enter and start a car by relaying messages between the car and the smart key. We build two attack realizations, wired and wireless physical layer relays, demonstrating that this attack is both practical and inexpensive. We further show that, for the attack to work, it is sufficient that the attacker's devices are placed within a meter from both the key and the car. Moreover, on the cars we tested, relaying the signal in one direction only (from the car to the key) is sufficient as the responses of the key are transmitted in UHF, which has a longer range. As the signals are relayed at the physical layer, the attack is completely independent of the modulation scheme, protocols, or the presence of strong authentication and encryption. We demonstrate the attack on recent car models from different manufacturers. Our attack works for a set of PKES systems that we evaluated and whose operation is described in this paper. However, given the generality of the relay attack, it is likely that PKES systems based on similar designs are also vulnerable to the same attack. In this work, we further propose simple countermeasures that minimize the risk of relay attacks and that can be immediately deployed by the car owners; however, these countermeasures also disable the operation of the PKES systems. Finally, we discuss countermeasures against relay attacks that were suggested in the open literature and we sketch a new PKES system that prevents relay attacks. This system preserves convenience of use, for which PKES systems were initially introduced.