Security is said to be a fundamental feature of the PS4 and XBox one so how well do they do against sidechannel attacks? SemiAccurate can only answer that question for half of the new crop at the moment but stay tuned for the other half, we expect results soonish.
Sidechannel or sideband attacks are simple enough to describe, you don’t look at the input or output data as a normal crypto attack does, you look at indirect items. Things like CPU power use, time to completion, EMI, and other related numbers paint the picture in this type of attack. From that you can either discern the keys directly or narrow the keyspace substantially. These type of attacks don’t require sophisticated tools and in the hands of a knowledgeable attacker are remarkably effective.
Rambus bought a company called Cryptography Research about two years ago, they specialize in technology to defend against this type of attack. As far as demos go, theirs is one of the best you will see at a trade show, they can rip the public and private keys out of a smartphone or device in seconds. Sure there is tons of boring gruntwork done before the demo to find trace locations, frequencies, and places to put a probe but that is relatively rote.
At IDF 2011 Rambus/Cryptography Research personnel were showing off how to grab keys quickly and even at a bit of a distance. At ARM Techcon 13 last week they were showing off slightly updated demos of pulling keys off smartphones with EMI, timing, and power based attacks. If you can run a crypto loop on any modern hardware, with some talented interns and an evil genius guiding them, you should be able to grab the root keys faster than you can say, “NSA backdoor”.
That got us thinking about the PS4 and XBox One, engineers in both camps claim that security is job one but is it? Would the new consoles fare any better than the smartphones that lost war in under a minute? Did security mean real security or just another humorous attempt to extract money from consumers by selling their removed rights back to them? Since neither console is out yet the task was a bit tougher than usual but a few well placed calls to some aforementioned evil geniuses got us the answer to half the question.
Note: The following is for professional and student level subscribers.
Disclosures: Charlie Demerjian and Stone Arch Networking Services, Inc. have no consulting relationships, investment relationships, or hold any investment positions with any of the companies mentioned in this report.
Latest posts by Charlie Demerjian (see all)
- ARM outs automotive ISPs with Mali-C71 - Apr 24, 2017
- Intel to brief press on Sandy-E/X on May 2 - Apr 24, 2017
- Broadcom’s Quartz implements Time Sensitive Network Ethernet - Apr 19, 2017
- Intel mercy kills IDF - Apr 17, 2017
- Is Intel’s Hyperscaling really a change? - Apr 4, 2017