Cloning Hardware Wallet Without Valid Credentials Through Side-Channel Analysis of Hash Functionopen access
- Authors
- Park, Dongjun; Kim, Joonsup; Kim, Heeseok; Hong, Seokhie
- Issue Date
- 2024
- Publisher
- IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
- Keywords
- Cryptocurrency; Cryptography; Universal Serial Bus; Random access memory; Microprogramming; Hardware security; Side-channel attacks; Electronic commerce; Online banking; hardware security; side-channel analysis
- Citation
- IEEE ACCESS, v.12, pp 132677 - 132688
- Pages
- 12
- Indexed
- SCIE
SCOPUS
- Journal Title
- IEEE ACCESS
- Volume
- 12
- Start Page
- 132677
- End Page
- 132688
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/200321
- DOI
- 10.1109/ACCESS.2024.3440370
- ISSN
- 2169-3536
2169-3536
- Abstract
- Hardware wallets, specialized devices designed to securely manage users' credentials, play a crucial role in securing cryptocurrencies, ensuring credentials remain under user control without reliance on third-party entities. However, despite extensive research on Side-Channel Analysis (SCA) attacks, studies specifically addressing their implications for hardware wallets remain relatively limited. While previous work has demonstrated various SCA attacks on hardware wallets, most of these attacks require sophisticated environmental controls or detailed knowledge of target device. In addition, some attacks assume unrealistic scenarios that require valid credentials to conduct the attacks. This paper introduces a novel SCA attack on hardware wallets to extract master seeds-a foundational component in the security of hardware wallets. Our proposed attack leverages power traces obtained during the processing of the Keyed-Hash Message Authentication Code (HMAC), or more precisely, the Secure Hash Algorithm 2 (SHA-2) inside the HMAC. Notably, our attack is non-invasive, ensuring the integrity of the target device, thereby making it difficult for the wallet owners to detect the attack. Furthermore, our attack can be conducted without a profiling phase, excluding the excessive capabilities required for the attack.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Graduate School > Department of Cyber Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.