Preloader

Sleepwalk Side-Channel Attack Exposes Cryptographic Keys

Sleepwalk Side-Channel Attack Exposes Cryptographic Keys

Sleepwalk Side-Channel Attack Exposes Cryptographic Keys

What is the Sleepwalk Attack?
Cybersecurity researchers from two American universities have discovered an innovative and theoretical method to steal private cryptographic keys by monitoring the standard behavior of the CPU and operating system. This attack, called Sleepwalk, is considered a type of side-channel attack.

From Simple Attacks to Hardware-Level Intrusion

Information security has multiple layers. Alongside common attacks like phishing and social engineering, there are more sophisticated methods that exploit software vulnerabilities or even fundamental features of hardware.
The Sleepwalk attack falls into the category of the most advanced methods, where an attacker, instead of directly hacking software, uses side signals from hardware activity to access sensitive information.

How Sleepwalk Works

This attack operates based on context switching in the operating system.
During a context switch, the OS saves the state of one program and loads another program into the CPU. This process causes a spike in power consumption, the pattern of which depends on the previous program and its data.
Researchers have shown that by precisely timing a context switch in the middle of running a cryptographic algorithm and measuring this power spike, one can identify the "power fingerprint" of each process and use it to extract cryptographic keys.

Testing on Raspberry Pi 4

In experiments, researchers were able to recover portions of private cryptographic keys using an oscilloscope and only a single precise measurement.

  • For the SIKE algorithm (designed for the post-quantum era), the private key was fully recovered.
  • For AES-128, 10 out of 16 bytes of the key were obtained — a significant advancement.

Security Implications

Although this attack has not yet become operationally common, it shows that even standard OS processes can be a security vulnerability. These findings could inspire the development of algorithms that are more resistant to both quantum-era and traditional attacks.

 

Source: MedadPress
www.medadpress.ir