Комментарии:
The one problem with this is how to know when the processor is processing a crypto task vs something else. CPUs do lots of things besides crypto. Do you just record hours of video then process the data looking for something that resembles a private key?
ОтветитьReally enjoyed this video. Started watching computerphile in high school and now I’ve graduated university. I thought I had chosen a nice medium from the course page and videos from my two fave which is art and technology. But as the course got further and further away from what I initially enjoyed, I kind of lost my sense of self in my practice but watching this today I remember why I fell in love with this field in the first place!
ОтветитьYou don't even need special camera looking at LED. You can have other led looking into the LED. That's gonna be extremely cheap and fast.
ОтветитьWho would win:
- Power LED attack
- 100uF capacitor
This should have been in mr robot
ОтветитьSome of these hacks just make me think that hackers are just masters of all trades in tech.
ОтветитьAny vulnerability of this type is better addressed through building operations and physical security than computer hardware or software. Put a better lock on your server room.
ОтветитьAttack vector defeated by duct tape
ОтветитьThey've been suggesting this since at least the 00s
ОтветитьWhat about randomizing redundancy
ОтветитьMy brain exploded from the ingenuity from this paper when I heard the word "rolling shutter", this is peak human ingenuity!
ОтветитьProgramming languages need support for branchless programming: It is not just useful to avoid wrong branch prediction, it is also useful in cryptographic implementations like this exact case of the square multiply algorithm.
ОтветитьWhy bother with this complexity? Just raise a freedom of information request to the PSNI and wait for them to publish it on the Internet. A much simpler solution.
We've invested £ billions in ensuring our data is safe but the human numpty has always been the weakest link in the cryptographic chain.
Can't a simple capacitor on the LED mitigate this effect
ОтветитьI've got two ideas off the top of my head to fix this vulnerability, would these work well in practice? I'm aware that more practical approaches have been commented so far but I'm curious whether these are viable at all.
a) for devices like personal computers or servers which usually come with a power led, one could design software that handles cryptographics so that it would also run some junk maths in parallel on another thread because it is typical for these kinds of machines to have more than one core
b) for dedicated small devices like an ATM, or some kind of a peripheral where it could be expected for a cpu to only have a single core, one could design the hardware to accommodate for heightened security because they are expected to handle cryptographics all the time, so it would make sense to put a door in front of the power led and only open it when it is needed to be seen when the machine is repaired, serviced, or under maintenance
This is both fascinating and terrifying. But I wonder if it is hard on a hardware level to take care of this. In theory all you have to do is ever so slightly vary the power to the LED continuosly. So that the variance in it's brightness is both random and permanent. Then it is not only harder to tell when the system is doing hard calculations, but it would also scramble the signal on the LED. Maybe an antenna and an operational amplifier could help with that. If the antenna is hooked up to the op-amp. And the op-amp is the last step in the power delivery to the LED, the EM-Field in the area should influence the LED. Should be quite random then.
ОтветитьA lot of photographers will know the problem of using an electronic shutter in a room with LED lighting - depending on the quality of the lighting you can easily get banding in the photo as the rolling shutter makes the the PWM dimming of the LED show up as light and dark bands.
Not great for photos of people at a party - but this is turning it on its head and making the bands the entire point of the photo.
I suppose a difficulty with writing code to always do the same thing whatever the input is that general purpose compilers, CPUs, virtual machines etc etc are all engineered to be efficient, meaning if they can detect that code is doing something that provably doesn't affect the "output" (not thinking of side channels as output) they will skip over that code to save time and power.
ОтветитьShould have had him do the interview topless
ОтветитьMoire video, yes please.
Ответитьdamn and here i thought this was a video on high wattage leds
ОтветитьA tiny cap between the series resistor and LED would make an effective low-pass filter that would mitigate this. Add a ferrite in series as well to add another tap to the filter.
ОтветитьOr just put a capacitor across the LED.
Ответитьback in the days, windows show the blinking lights of network activity in the taskbar, now they replaced it so they can ogle your pc without you noticing
ОтветитьA big ole inductor helps.
ОтветитьAdding low-pass filter in form of capacitor will filter out rapid changes in brightness and ruin analysis approach. Also there could be lots of other noise in power signal from power source and converters, other ICs on the same power line, etc. However, the paper gives unusual view angle on hardware, thank you for telling the story, it was interesting to learn of
Ответить♪ ♫ ♪ ♫ ♪ ♫ ♪ ♫ ♪ ♫
When the lines on your shirt start to dance and distort
Thats a Moiré
♪ ♫ ♪ ♫ ♪ ♫ ♪ ♫ ♪ ♫
You just broke my hardware wallet -_-
Ответить60fps on the ip security camera? HAH!
ОтветитьSomeone would have to put a ridiculous amount of work and money into that. It's easier to steal a badge or clone one using NFC, etc.
ОтветитьYou said it yourself, it's not rolling shutter - so stop calling it rolling shutter. Rolling shutter is a physical phenomenon associated with film cinematic cameras. This is an aliasing artefact.
ОтветитьGreat explanation!
ОтветитьThis is not practical.
ОтветитьThis is the coolest thing ever!!!
ОтветитьTurn off led when reading I guess
ОтветитьIt's very easy to stop. Piece of black electrical tape
ОтветитьThe shirt was fine on my phone, almost no moire and wasn't distracting
Ответитьsounds like a problem that can be solved with a capacitor
ОтветитьI'm pretty sure I read about a very similar method in some of the WikiLeaks. Super spy tech in the 80s to help decipher what's being typed on a computer screen based on the illumination of the room by the monitor.
ОтветитьJust some off-topic feedback: the shirt was OK in 4K resolution and probably in 1440p too.
ОтветитьNow I'm kind of curious if there's any security measure made before the 80's that's still in use today, in its original form.
Like, some algorithm or function that's just so stupidly powerful that nobody really bothered to add more stuff to it.
Wow!
ОтветитьTry a solar cell, small amplifier and speaker, feed the output of the solar panel into the amplifier while pointing the panel at distant car headlights, a lens and enclosure will help to focus the light, you should hear the music that the driver is listening to, the louder they have it the higher the amplitude expressed by their lights. I did this experiment back in the late 1980s with a radioshack solar cell and intercom and a lens while using my own car as the light source the song playing at the time was Boys in town, Divinyls.
ОтветитьLOL auto subs: "well so we're not talking about Mario patterns"
ОтветитьRidiculous. CPU power supplies are filtered and one level removed from the board’s 5 or 12 volt power. It’s also trivial to add a 5 cent capacitor to filter the LEDs. And nowadays there are multiple processors and CPUs and threads scrambling the power consumption.
ОтветитьI'll suggest a steganographic approach to counter this attack:
Hire a really bad electrician to hook up your key terminals to ensure that the power LED will constantly flicker erratically anyways because of the faulty wiring. 🙂
Cool. They swipe card and led turns off until the processing is done and door unlocked. No more steady lit.
ОтветитьThere are so many attacks like this because you can even end up in situations where the amount of power used is not just based on the number of computations but even the contents of registers etc because a register full of 1s takes more power than one full of zeros
ОтветитьSurely IRL the server's CPU will be processing multiple threads from different processes at the same time, so unless you know what all those other services/requests are how do you filter it out?
Related(?): I can tell when a compile finishes and whether it was successful from my PC fan.
Which is why I have, for many decades, included random delays in my cryptographic code.
Ответить