Reseachers grab encryption keys by listening

December 19, 2013 // 8:46 a.m.

Tags: #adi-shamir #cryptanalysis #cryptography #daniel-genkin #encryption #eran-tromer #gnupg #open-source #privacy #security #tempest

Researchers have come up with what they claim is a means of extracting the private key used in cryptography from a system by simply listening to sounds made by the CPU - or even just by touching the PC's chassis.

The vast majority of modern cryptosystems rely on public-key cryptography, which relies on two pieces of information: a public key which can be provided to all without the need for secrecy, and a private key which - as the name suggests - must be protected from disclosure. Using the public key, anyone can encrypt a document in such a way that only the holder of the private key can decrypt it - with even the person who encrypted it in the first place having no way to recover the encrypted data if no copy was kept.

Keeping the private key private is of vital importance in public-key cryptography, but new research suggests it might not be as easy as first thought. A paper (PDF warning) by Daniel Genkin, Adi Shamir and Eran Tromer claims success in extracting a usable copy of a private key used with popular open-source cryptography package GnuPG - simply by listening to the sounds a computer's CPU makes during processing.

'Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations,' the trio claim in their paper. 'The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.'

The attack works by listening to the noise made by tiny vibrations in the capacitors and coils of a system's voltage regulation hardware as the CPU changes its power draw during computation. While these sounds aren't made by the CPU directly, they are influenced by whatever task the CPU is working on - and provide enough information to recover the private key, albeit with the proviso that the team forced the system to decrypt ciphertext they themselves had provided.

Even with that in mind, some claims in the paper have raised eyebrows - in particular that an unmodified mobile phone, placed 30cm away from a laptop computer, is enough to pick up the otherwise inaudible signals.

One name associated with the research, however, stands out: Adi Shamir is the 'S' in 'RSA,' one of a trio - with Ron Rivest and Leonard Adleman - who published the public-key cryptosystem that bears their names, and against which the attack is targeted, back in 1977. In other words: arguing the finer points of public-key cryptography with Shamir is likely to end with you on the losing side.

In some ways, the paper describes an attack similar to that of the military TEMPEST programme, but where TEMPEST relies upon capturing electromagnetic radiation the new method operates simply through audio - and can work, its authors claim, even on military-grade TEMPEST-shielded hardware. While the attack is claimed to be immune to fan noise due to the high-frequency nature of the audio, the team claim another attack channel: tapping in to the electrical potential of shielded cables connected to the target system, or even 'merely touching the laptop chassis with his hand, while surreptitiously measuring his own body potential relative to the room's ground potential.'

The concept isn't new, with the team having presented their original findings at a cryptography event back in 2004. Since describing it theoretically nine years ago, however, the trio have worked with others to produce verifiable proof of the attack's efficacy - including the full-key extraction attack levelled against GnuPG, along with a patch for the software which thwarts the methods used.

While hardly the easiest way of breaking encryption - threatening the key holder with torture or imprisonment, such as with the UK's Regulation of Investigatory Powers Act enforcing a two-year prison sentence on citizens who refuse to divulge passwords and encryption keys when asked, is a simpler and more reliable method - it's certainly a novel attack, and one which may give the military's TEMPEST-hardened hardware toters cause for concern.