[148515] in cryptography@c2.net mail archive
Re: [Cryptography] RSA Key Extraction via Low-Bandwidth Acoustic
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Wed Dec 18 21:59:36 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <8F12366F-C2CC-44DF-9931-C3EDAA05649D@lrw.com>
Date: Wed, 18 Dec 2013 21:46:14 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Jerry Leichter <leichter@lrw.com>
Cc: Alexandre Anzala-Yamajako <anzalaya@gmail.com>,
Tamzen Cannoy <tamzen@cannoy.org>, Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5500098279731098802==
Content-Type: multipart/alternative; boundary=047d7bacb0b441a73e04edda2a9d
--047d7bacb0b441a73e04edda2a9d
Content-Type: text/plain; charset=ISO-8859-1
On Wed, Dec 18, 2013 at 9:24 PM, Jerry Leichter <leichter@lrw.com> wrote:
> On Dec 18, 2013, at 7:50 PM, Phillip Hallam-Baker wrote:
>
> As a student I was fortunate enough to attend one of Adi Shamir's lectures
>> at the university of Waterloo where he talked specifically about this
>> problem. It stuck with me and I'm glad to see that an actual key recovery
>> attack came out of it.
>> Have you trief this out against openssl ? How succesful do you think it
>> would be ?
>>
>
> I would expect it to work against any crypto code that has not been
> designed to avoid power or RF analysis....
>
> I've only read a very small part of the paper, but ... this isn't true.
> In fact, the paper comments that the techniques used to block traditional
> RF and power attacks make the acoustic attacks *easier*. (The acoustic
> attacks, by their nature, operate in a very much lower frequency band than
> traditional attacks. A side-effect of the traditional defenses is to tamp
> down the irrelevant low-frequency stuff while not stopping the
> low-frequency information they actually need.
>
I was thinking about the randomization defenses.
RF shielding etc is going to be borked, yep.
--
Website: http://hallambaker.com/
--047d7bacb0b441a73e04edda2a9d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Wed, Dec 18, 2013 at 9:24 PM, Jerry Leichter <span dir=3D"ltr">&=
lt;<a href=3D"mailto:leichter@lrw.com" target=3D"_blank">leichter@lrw.com</=
a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div style=3D"word-wrap:break-word"><div><di=
v class=3D"im"><div>On Dec 18, 2013, at 7:50 PM, Phillip Hallam-Baker wrote=
:</div>
</div><blockquote type=3D"cite"><div dir=3D"ltr"><div class=3D"gmail_extra"=
><div class=3D"gmail_quote"><div class=3D"im">
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div dir=3D"ltr"><div>As a student I was fortunate enough =
to attend one of Adi Shamir's lectures at the university of Waterloo wh=
ere he talked specifically about this problem. It stuck with me and I'm=
glad to see that an actual key recovery attack came out of it.<br>
</div>Have you trief this out against openssl ? How succesful do you think =
it would be ?</div></blockquote><div><br></div></div><div>I would expect it=
to work against any crypto code that has not been designed to avoid power =
or RF analysis....</div>
</div></div></div></blockquote>I've only read a very small part of the =
paper, but ... this isn't true. =A0In fact, the paper comments that the=
techniques used to block traditional RF and power attacks make the acousti=
c attacks *easier*. =A0(The acoustic attacks, by their nature, operate in a=
very much lower frequency band than traditional attacks. =A0A side-effect =
of the traditional defenses is to tamp down the irrelevant low-frequency st=
uff while not stopping the low-frequency information they actually need.</d=
iv>
</div></blockquote><div><br></div><div>I was thinking about the randomizati=
on defenses.</div><div><br></div><div>RF shielding etc is going to be borke=
d, yep.</div><div><br></div><div>=A0</div></div><div><br></div>-- <br>Websi=
te: <a href=3D"http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>
--047d7bacb0b441a73e04edda2a9d--
--===============5500098279731098802==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5500098279731098802==--
