AES Wireless Keyboard - Template Attack for Eavesdropping

Explore a comprehensive analysis of AES wireless keyboard security vulnerabilities in this 39-minute Black Hat conference talk. Delve into the intricacies of eavesdropping techniques without physical access, including firmware and NVRAM acquisition, static and dynamic code analysis, and firmware modification. Examine side-channel attacks in real-world scenarios, focusing on Correlation Power Analysis (CPA) and Template Attacks across various device configurations. Gain insights into Advanced Encryption Standard (AES) implementation weaknesses and learn about proposed attack methods for different devices. Enhance your understanding of wireless technology security risks in mobile accessories and potential countermeasures against sophisticated eavesdropping attempts.

Intro
Eavesdropping of AES Wireless Keyboard without physical access
Firmware & NVRAM Acquisition
Firmware Acquisition - Keyboard
Firmware Acquisition - Pinout
Static Analysis - Finding Encryption functions
Static Analysis - Finding AES key
Dynamic Analysis - Debugging codes
Dynamic Analysis - Verifying Encryption functions
Firmware Modification - Modifying codes for Repeated execution
Side Channel Attacks in Real World
Side Channel Attack Environment
AES (Advanced Encryption Standard)
CPA (Correlation Power Analysis) - Recover the secret key
Template Attacks Case 1 -Same device
Template Attacks : Case 2-Difference device
Template Attacks : Case 2 - Difference device
Proposed Attacks: Case 2 - Difference device