I seem to be missing something that makes this unlikely.
Most chips have a capacitor across the power pins. That would tend to "integrate" the signal.
Recent chips operate at sub-volt values but the LED is in the 2+ volt range so they likely are on different rails of the power supply or have buck/boost circuits.
Even trivial designs don't use full in-order processing so multiple ADDs might overlap a MULT. This ain't your father's first processor.
The traces on the board, if not carefully designed, likely have reflection and ringing effects, especially at via points making the signal rather noisy.
Processors are running in the nano/pico range but the led/camera likely can't reach that resolution.
At these speeds the resistor-to-ground circuit on the LED would have capactive and inductive effects that would be hard to model and need to be pre-measured.
If it is a near-field (touch card) key then there are a lot of other noise sources including other chips and circuit trace induced voltages.
Cryptographic coprocessors in Verilog/VHDL are available as open source or vendor IP. They won't leak.
I could construct a "bench level test" that MIGHT be able to detect the computation but I'd need a really good oscilloscope on a well engineered circuit board knowing the exact specs of the processor and knowledge of the algorithm used.
Oh, and as mentioned, nobody who knows anything about crypto already knows and protects against timing/power attacks.
"We demonstrate the application of video-based cryptanalysis by performing two
side-channel cryptanalytic timing attacks and recover: (1) a 256-
bit ECDSA key from a smart card by analyzing video footage of
the power LED of a smart card reader via a hijacked Internet-connected security camera located 16 meters away from the smart
card reader, and (2) a 378-bit SIKE key from a Samsung Galaxy
S8 by analyzing video footage of the power LED of Logitech Z120
USB speakers that were connected to the same USB hub (that
was used to charge the Galaxy S8) via an iPhone 13 Pro Max."
To all the EEs out there. PSRR and power supply cross talk is a thing...
This is solved by extending the constant time calculation principle to the CPU instruction level. Easier said than done, but probably only really necessary on HSMs or smart cards.
On a side note, the Computerphile[0] YouTube channel has an endlessly fascinating variety of computer science, theory, and history videos. A related channel that is equally worth following is Numberphile[1].
No, it will completely eliminate it, if the capacitor is large enough. If you're super paranoid you can do the maths and compute how much does it cut off at such frequency ranges. It's likely to be a ridiculous value. And one does not have an infinite amplitude resolution in any measurement device.
Also, you can just power the LED from a separate voltage regulator. Which is somewhat likely anyways, as the IC will probably want a lower voltage.
(Don't get me wrong, it's cool stuff, but there's also a very easy solution.)
It's a harder EE problem than you think. For example the Samsung Galaxy S8 was attacked by analyzing video footage of the power LED of Logitech Z120 USB speakers. Those were most certainly on a different power supply and the two were connected by a long wire.
There are circuit level solutions but the solution is not a $0.01 MLCC.
And once you solve the LED problem remember: The S8 was attacked by plugging in a peripheral to it’s 5V USB supply. Imagine if the peripheral was instead a high speed ADC that just measured 5V USB directly…
* Series battery cells in a battery pack inevitably become imbalanced. This is extremely common and why cell balancing was invented.
* Dyson uses a very nice ISL94208 battery management IC that includes cell balancing. It only requires 6 resistors that cost $0.00371 each, or 2.2 cents in total for six.
* Dyson did not install these resistors. (They even designed the V6 board, PCB 61462, to support them. They just left them out.)
* Rather than letting an unbalanced pack naturally result in lower usable capacity, when the cells go moderately (300mV) out of balance (by design, see step 3) Dyson programmed the battery to stop working...permanently. It will give you the 32 red blinks of death and will not charge or discharge again. It could not be fixed. Until now.
I'd at least solder another diode across the terminals if I did that. An LED is a diode at the end of the day and breaking the circuit might break the device.
Not if it is just a power LED. No circuit that I'm aware of would break if the power LED wasn't drawing power. You'd have to go out of your way to make it that way.
They don't. The LEDs fluctuations are a by-product of power rail fluctuation and this in turn can be detected to discover some elements of the computations involved.
It's pretty subtle. This isn't like a flashing harddrive LED, it is an LED that to all intents and purposes is burning steadily. Until you look at it in more detail and you realize that it isn't quite as steady as it should be.
Rolling shutter is quite nice and used in different scenarios to increase framerate.
For example to extract sound from just a camera [1].
Additionally, while not directly related to the rolling shutter effect [2] uses a technique to increase the framerate of the Raspi Camera by 10x or more, but reducing image resolution.
Ironically, using an old tech incandescent lamp in place of the LED would make the detection impossible, the reason being that incandescent lamps are way slower to turn on and off than LEDs, therefore it would work as a low pass filter just like putting a capacitor in parallel to the LED, which makes a RC filter paired with the series resistor preceding it.
Of course one could still use LEDs of which they have gained control for exfiltrating information, whether LEDs have a capacitor in parallel or not. If there is a capacitor and the LED can't be turned on and off effectively at say more than 5Hz, one could just use 1Hz pulses and, given enough time, transmit the information anyway.
Thrilled that this guy read a paper then explained it to us all very slowly using the words actually and basically. He appears to have had nothing to do with authoring of the paper and was unable to show a demo of the technique. Great that he thinks it’s interesting though and the advice to not leak the secret key accidentally is priceless. We’re all back to the drawing board now
"Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes." [1]
I actually highly recommend the rest of computerphile YT channel - basically, it would seem that most of these guys actually teach computer stuff for a living.
alright that was mean. but I’m winning points, so I could make a very sound argument that even though contradicting the guidelines I was incentivized by design to be mean. In a way, I’m an innocent victim of unspoken policy
Most chips have a capacitor across the power pins. That would tend to "integrate" the signal.
Recent chips operate at sub-volt values but the LED is in the 2+ volt range so they likely are on different rails of the power supply or have buck/boost circuits.
Even trivial designs don't use full in-order processing so multiple ADDs might overlap a MULT. This ain't your father's first processor.
The traces on the board, if not carefully designed, likely have reflection and ringing effects, especially at via points making the signal rather noisy.
Processors are running in the nano/pico range but the led/camera likely can't reach that resolution.
At these speeds the resistor-to-ground circuit on the LED would have capactive and inductive effects that would be hard to model and need to be pre-measured.
If it is a near-field (touch card) key then there are a lot of other noise sources including other chips and circuit trace induced voltages.
Cryptographic coprocessors in Verilog/VHDL are available as open source or vendor IP. They won't leak.
I could construct a "bench level test" that MIGHT be able to detect the computation but I'd need a really good oscilloscope on a well engineered circuit board knowing the exact specs of the processor and knowledge of the algorithm used.
Oh, and as mentioned, nobody who knows anything about crypto already knows and protects against timing/power attacks.