[Resource Topic] 2023/923: Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED

Resource Attacks and cryptanalysis
#1

Welcome to the resource topic for 2023/923

Title:
Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED

Authors: Ben Nassi, Etay Iluz, Or Cohen, Ofek Vayner, Dudi Nassi, Boris Zadov, Yuval Elovici

Abstract:

In this paper, we present video-based cryptanalysis,
a new method used to recover secret keys from a device by
analyzing video footage of a device’s power LED. We show that
cryptographic computations performed by the CPU change the
power consumption of the device which affects the brightness of
the device’s power LED. Based on this observation, we show how
attackers can exploit commercial video cameras (e.g., an iPhone
13’s camera or Internet-connected security camera) to recover
secret keys from devices. This is done by obtaining video footage
of a device’s power LED (in which the frame is filled with the
power LED) and exploiting the video camera’s rolling shutter
to increase the sampling rate by three orders of magnitude
from the FPS rate (60 measurements per second) to the rolling
shutter speed (60K measurements per second in the iPhone 13
Pro Max). The frames of the video footage of the device’s power
LED are analyzed in the RGB space, and the associated RGB
values are used to recover the secret key by inducing the power
consumption of the device from the RGB values. We demonstrate
the application of video-based cryptanalysis by performing two
side-channel cryptanalytic timing attacks and recover: (1) a 256-
bit ECDSA key from a smart card by analyzing video footage of
the power LED of a smart card reader via a hijacked Internet-connected security camera located 16 meters away from the smart
card reader, and (2) a 378-bit SIKE key from a Samsung Galaxy
S8 by analyzing video footage of the power LED of Logitech Z120
USB speakers that were connected to the same USB hub (that
was used to charge the Galaxy S8) via an iPhone 13 Pro Max.
Finally, we discuss countermeasures, limitations, and the future
of video-based cryptanalysis in light of the expected improvements
in video cameras’ specifications.

ePrint: https://eprint.iacr.org/2023/923

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .