AES Wireless Keyboard – Template Attack for Eavesdropping

Presented at Black Hat Asia 2018, March 22, 2018, 3:30 p.m. (60 minutes)

In today's mobile world, wireless technology is used in many places. We use it to access online while on the go, connect mobile accessories to a PC, listen to music on the phone, and browse e-mail. Because wireless technology is so universally used, we often think it is safe. However, many of us use wireless technology to enter passwords, send personal data, and share confidential information. In reality, if every point in a wireless communication system has potential vulnerabilities and proper security measures are not in place, personal information can be compromised. We are targeting wireless keyboards based on encryption that are widely used in the real world.

Our attack was conducted in a black box manner for the target device, with the exception of the public information. As a result of the attack, we can obtain a 128-bit secret key that is used to encrypt the plaintext when a user types the wireless keyboard. We provide a method to analyze specifically the internal behavior of the target device and provide a template generation method for side-channel attacks. It also shows how you can extract the encryption key from other wireless keyboards using the same chip.

Therefore, we can decrypt all the input data even if the user encrypts using the encryption-based wireless keyboard and transmits the encrypted data. The most important part of our contribution is that we have identified problems with wireless keyboard devices that have similar product configurations and provide our know-how to analyze similar vulnerabilities. Our results show that the combination of reverse engineering and side-channel attacks has a significant impact on the security of embedded devices.

Presenters:

• Taehyun Kim - CTO, Research Director, SNT Works, Inc.
  Tae Hyun Kim is the CTO of SNTWORKS and a lecture of Sejong cyber University, Rep. of Korea. He received his PhD in engineering in information security from Korea University, Seoul, Rep. of Korea, in 2009. Before joining SNTWORKS, He was a security analyst of Telecommunication Technology Association. In the past, he was a research professor of the Center for Information Security Technologies (CIST) at Korea University, Seoul, Rep. of Korea, and a visiting researcher with the School of Systems Information Science, Future University, Hakodate, Japan. Moreover, he was a researcher with the Attached Institute of ETRI, Daejeon, Rep. of Korea. His research interests include side channel attacks, fault injection attacks, and the design and implementation of the cryptosystems.
• Taewon Kim - Senior Researcher, SNT Works, Inc.
• Sangryeol Ryu - Researcher, SNT Works, Inc.
• Kwonyoup Kim - CEO, Founder, SNT Works, Inc.
  Kwon Youp Kim is the founder and CEO of SNTWORKS, providing cutting edge information security services and intellectual property litigation support to clients around the globe. The company identifies security vulnerabilities in embedded devices and provides countermeasures. And SNTWORKS provides an evidence analysis service for patent infringement litigation of embedded devices. He is currently working on various projects and systems development and processes to provide efficient analysis services.

Links:

• https://www.blackhat.com/asia-18/briefings/schedule/#aes-wireless-keyboard--template-attack-for-eavesdropping-9414

Similar Presentations:

• DeepSec 2019 „Internet of Facts and Fears“ / New Tales of Wireless Input Devices
• DeepSec 2016 „Ten“ / Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets
• 32C3 (2015) / Building and Breaking Wireless Security: Wireless Physical Layer Security & More...