Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

Cloning Hardware Wallet Without Valid Credentials Through Side-Channel Analysis of Hash Functionopen access

Authors
Park, DongjunKim, JoonsupKim, HeeseokHong, Seokhie
Issue Date
2024
Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
Keywords
Cryptocurrency; Cryptography; Universal Serial Bus; Random access memory; Microprogramming; Hardware security; Side-channel attacks; Electronic commerce; Online banking; hardware security; side-channel analysis
Citation
IEEE ACCESS, v.12, pp 132677 - 132688
Pages
12
Indexed
SCIE
SCOPUS
Journal Title
IEEE ACCESS
Volume
12
Start Page
132677
End Page
132688
URI
https://scholar.korea.ac.kr/handle/2021.sw.korea/200321
DOI
10.1109/ACCESS.2024.3440370
ISSN
2169-3536
2169-3536
Abstract
Hardware wallets, specialized devices designed to securely manage users' credentials, play a crucial role in securing cryptocurrencies, ensuring credentials remain under user control without reliance on third-party entities. However, despite extensive research on Side-Channel Analysis (SCA) attacks, studies specifically addressing their implications for hardware wallets remain relatively limited. While previous work has demonstrated various SCA attacks on hardware wallets, most of these attacks require sophisticated environmental controls or detailed knowledge of target device. In addition, some attacks assume unrealistic scenarios that require valid credentials to conduct the attacks. This paper introduces a novel SCA attack on hardware wallets to extract master seeds-a foundational component in the security of hardware wallets. Our proposed attack leverages power traces obtained during the processing of the Keyed-Hash Message Authentication Code (HMAC), or more precisely, the Secure Hash Algorithm 2 (SHA-2) inside the HMAC. Notably, our attack is non-invasive, ensuring the integrity of the target device, thereby making it difficult for the wallet owners to detect the attack. Furthermore, our attack can be conducted without a profiling phase, excluding the excessive capabilities required for the attack.
Files in This Item
There are no files associated with this item.
Appears in
Collections
Graduate School > Department of Cyber Security > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Kim, HeeSeok photo

Kim, HeeSeok
Graduate School (Department of Cyber Security)
Read more

Altmetrics

Total Views & Downloads

BROWSE