Abstract
As lightweight embedded devices become increasingly ubiquitous and connected, they present a disturbing target for adversaries circumventing the gates of cryptography. We consider the challenge of exfiltrating and locating cryptographic keys from the run-time environment of software-based services when their software layout and data structures in memory are unknown. We detail an attack that can, without affecting the system’s operation, exfiltrate keys in use promptly by leveraging the strong causality between transceivers and keyed cryptosystems (authentication, authorization, and encryption). We then propose how to effectively and efficiently reduce the key material’s search space from a batch of stackshots (stack extractions) by leveraging the stack’s innate composition, which, to the best of our knowledge, is the first method to systematically infer and reduce the search space of semi-arbitrary keys. We instantiate and evaluate our attack against MSP430 micro-controllers.
Original language | English |
---|---|
Title of host publication | Proceedddings of 17th International Conference on Distributed Computing in Sensor Systems |
Publisher | IEEE |
Publication date | 2021 |
Pages | 92-101 |
ISBN (Print) | 978-1-6654-3929-9 |
DOIs | |
Publication status | Published - 2021 |
Event | 17th International Conference on Distributed Computing in Sensor System - Pafos, Cyprus Duration: 14 Jul 2021 → 16 Jul 2021 Conference number: 2021 DCOSS |
Conference
Conference | 17th International Conference on Distributed Computing in Sensor System |
---|---|
Number | 2021 DCOSS |
Country/Territory | Cyprus |
City | Pafos |
Period | 14/07/2021 → 16/07/2021 |
Keywords
- Key-Exposure Problem
- Runtime Key Disclosure