[148511] in cryptography@c2.net mail archive
[Cryptography] RSA Key Extraction via Low-Bandwidth Acoustic
daemon@ATHENA.MIT.EDU (Tamzen Cannoy)
Wed Dec 18 18:16:41 2013
X-Original-To: cryptography@metzdowd.com
From: Tamzen Cannoy <tamzen@cannoy.org>
Date: Wed, 18 Dec 2013 15:16:03 -0800
To: Cryptography <cryptography@metzdowd.com>
Cc: Tamzen Cannoy <tamzen@cannoy.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf
"Many computers emit a high-pitched noise during operation, due to vibratio=
n in some of their electronic components. These acoustic emanations are mor=
e than a nuisance: they can convey information about the software running o=
n the computer, and in particular leak sensitive information about security=
-related computations. In a preliminary presentation (Eurocrypt=9204 rump s=
ession), we have shown that different RSA keys induce different sound patte=
rns, but it was not clear how to extract individual key bits. The main prob=
lem was that the acoustic side channel has a very low bandwidth (under 20kH=
z using common microphones, and a few hundred kHz using ultrasound micropho=
nes), many orders of magnitude below the GHz-scale clock rates of the attac=
ked computers.
In this paper we describe a new acoustic cryptanalysis key extraction attac=
k, applicable to GnuPG=92s current implementation of RSA. The attack can ex=
tract full 4096-bit RSA decryption keys from laptop computers (of various m=
odels), within an hour, using the sound generated by the computer during th=
e decryption of some chosen ciphertexts. We experimentally demonstrate that=
such attacks can be carried out, using either a plain mobile phone placed =
next to the computer, or a more sensitive microphone placed 4 meters away.
Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be=
performed by measuring the electric potential of a computer chassis. A sui=
tably-equipped attacker need merely touch the target computer with his bare=
hand, or get the required leakage information from the ground wires at the=
remote end of VGA, USB or Ethernet cables."
Tamzen
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: windows-1252
wj8DBQFSsiyz5/HCKu9Iqw4RAsDAAKD5NagaUbdkjvLn9qyurv+wv2S8eACg+Z9B
uJTblmrg6pSofgmpgsYekns=3D
=3DxMyE
-----END PGP SIGNATURE-----
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
