<?xml version="1.0" encoding="UTF-8" ?>
<?xml-stylesheet type="text/xsl" href="https://devzone.nordicsemi.com/cfs-file/__key/system/syndication/rss.xsl" media="screen"?><rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Screaming Channels - possible countermeasure?</title><link>https://devzone.nordicsemi.com/f/nordic-q-a/38538/screaming-channels---possible-countermeasure</link><description>Recently, the side-channel attack &amp;quot;Screaming Channel&amp;quot; was described in a paper ( http://s3.eurecom.fr/tools/screaming_channels/ ). The authors demonstrate a remote, passive, side-channel attack on nrf52 that allows data to be compromised if the processor</description><dc:language>en-US</dc:language><generator>Telligent Community 13</generator><lastBuildDate>Wed, 19 Sep 2018 11:09:59 GMT</lastBuildDate><atom:link rel="self" type="application/rss+xml" href="https://devzone.nordicsemi.com/f/nordic-q-a/38538/screaming-channels---possible-countermeasure" /><item><title>RE: Screaming Channels - possible countermeasure?</title><link>https://devzone.nordicsemi.com/thread/149398?ContentTypeID=1</link><pubDate>Wed, 19 Sep 2018 11:09:59 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:cd35ca49-4a72-4d66-80c6-2f52500065bd</guid><dc:creator>haakonsh</dc:creator><description>&lt;p&gt;Not running continuous AES-128 computations on the same key&amp;nbsp;in SW&amp;nbsp;while continuously transmitting&amp;nbsp;on a single channel for an extended period of time.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;If you use HW accelarated AES-128 then this is not a feasable attack as the digital GND leakage of the HW AES wont carry the same&amp;nbsp;quality of information as the SW AES.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;We never run AES encryption while transmitting with our SoftDevices, and we offer HW accelarated AES encryption. There&amp;#39;s not really anything you will have to do.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;br /&gt;In short this is an extremly difficult attack that requires access to the FW in order to carry out,&amp;nbsp;and a large amount of time. If you&amp;#39;ve already got access to the FW then you do not need this attack at all. This is interresting research, but it has yet to be re-produced. I&amp;#39;m not doubting the reasearchers, quite the opposite, the attack they have described is increadibly difficult and as of now not practically feasable outside the lab. We&amp;#39;re not worried about Screaming Side Channel Attacks today, nor do we worry about it in the future. There are already security flaws in the BLE spec that needs a lot more focus than SSC Attacks:&amp;nbsp;&lt;a title="nWP031 - Security Threat in Bluetooth LESC Pairing" href="http://infocenter.nordicsemi.com/topic/com.nordic.infocenter.whitepapers/dita/whitepapers/nwp_031/intro.html?cp=11_0"&gt;nWP031 - Security Threat in Bluetooth LESC Pairing&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;Also note that the reasearchers chose the nRF52 because of its ease of development and not because it is any more vulnerable to screaming side channel attacks than any other radio + MCU solution.&amp;nbsp;&lt;br /&gt;&lt;br /&gt;&lt;br /&gt;&lt;br /&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item></channel></rss>