Acoustic Cryptanalysis of RSA key

[GuardMoony]

Just came accros this today:

Summary Quote:

Summary

Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations. In a preliminary presentation, we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was that the acoustic side channel has a very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.

Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.

Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.

Source: http://www.cs.tau.ac.il/~tromer/acoustic/

Full Paper: http://www.tau.ac.il/%7Etromer/papers/acoustic-20131218.pdf

[digininja]

That all sounds very fishy to me. I'd have to see it in action to beleive it.

[digip]

There was something out similar, many years ago when I worked at the bank, that made them move all sensitive equipment that had LED's on them such as older US Robotics dial up modem devices(we even had acoustic couplers still in use in some areas of the data center on the old mainframe side with big modem boards setup on a Racal dial up stack from branches, HDD and other Server Enclosures with open cases and lights and such near windows, moved out of line of site due to fear or "folklore" that you could read the devices blinks to determine data on devices coming in and out of them that used serial connections or such. Our IT department ended up moving development servers from cubicles that were near windows into the main data center computer room which had no windows and a separate wall and room put up for sensitive things like ATM machine testing and other equipment with fiber optic connectors and lights on the outside of the devices since it was part of what they believed to be readable. Serial devices use specific frequency modulation of impulses, kind of like what Darren was going over when talking about TDM and the phone stuff, so I can see devices giving off certain signatures that could then be recorded and trans-coded back into actual data from the impulses recorded off devices making noise, although I would think you'd have to be well within close proximity or high tech equipment for recording through walls.

Can't find the original videos, but here is another study on same thing: http://www.dailymotion.com/video/k7amb5qtOGW2C6Odmq and http://www.dailymotion.com/video/x74iq0_compromising-electromagnetic-emanat_tech http://lasecwww.epfl.ch/keyboard/

Not sure how much truth in it, but I can see the acoustic part being somewhat real when combined with other recording equipment that measured the magnetic/electrical impulses at the same time, since there was another study done, where someone could sit in an adjacent room, and actually record keystrokes with a high level of accuracy, what the person in the next room was typing based on the frequency of the recorded sound of the keyboards, which had varying results depending on the type of keyboard and could be dialed in to identify most keyboards in use and get most of the information someone was typing just based on recording the sound through the wall and analyzing the keyboards sounds in combination with their electrical impulses. So Secretary Sally typing at the front desk in front of glass doors or windows of an office building, sending email for the boss or transcribing notes to email or word doc for an executive, could possibly have their keystrokes monitored from a vehicle sitting in line of site of the person typing or in a room adjacent to theirs. Sounds like the stuff of Hollywood movie fantasy, but there was actual video demos of the research on youtube as well. Hoax? Lots of videos have been later debunked, but we know that people with RFID chips can be recorded from much further distances than previously thought, and even bluetooth devices as well, so I think its very possible, just would like to see a demonstration.

I know places like the NSA also pump sound through their glass windows to help thwart recording of sound inside the building from laser mics, which can be used to bounce sound back to a reflector/receiver to spy on conversations. In one of the seasons, Wess setup something similar where he transmitted music from the stereo over a laser pen or something using some parts I think you could get at Radio Shack.

[digininja]

I belive there is something there just the last paragraph in the initial post about using bare hands makes me think it may be a bit overhyped

[digip]

I don;t know exactly how it relates to cryptography, since I would think crunching encrypted data would be much harder, but I can see it used for things in plain text that send data over insecure protocols or equipment not shielded against recording of the electromagnetic information in combination with actual acoustic impulses, somewhere, someone is probably doing this if not working on the technology by some nation state if not already in use I would think. Just not sure how it works with regard to encrypted data other than when the human factor comes in and they have to type a one time pad or other such decrypted key for any reason. They used to use aligator clips and an old line mens handset to tap phone calls in the neighborhoods back in the day, but now almost everything is digital, so you'd need something that understands the digital data to turn it back into readable data.

Edited December 19, 2013 by digip

[digininja]

Get them on stage at Shmoocon to give a demo, then I'll believe it all!

[barry99705]

Get them on stage at Shmoocon to give a demo, then I'll believe it all!

I'd rather see it happen at defcon, cause you know, I can actually get a ticket to that! ;)

[Rocco]

For all you non-believers out there (digininja), I would just like to point out, in case you haven't taken the time to look at the full paper closely enough, that one of the co-authors of the paper is "Adi Shamir", who is a co-creator of the RSA Algorithm ®ivest (S)hamir (A)dleman. So I would highly doubt that the co-creator of the RSA ALGORITHM would be lying about an attack or bad implementation of the RSA ALGORITHM. But then again, I might be wrong, who knows ;)

[digininja]

Even without his name on the paper I believe there is something to it but how practical it is I'm still very skeptical about. Some things I just have to see to believe.