Slashdot Mirror

← Back to Stories (view on slashdot.org)

Breaking RSA Keys by Listening to Your Computer

Posted by Hemos on from the sssh-i'm-hunting-for-wabbits dept.

An anonymous reader writes "Adi Shamir and crew gave a talk on preliminary results in extracting a private RSA key just by listening to the computer!. Similar to power analysis and LED leakage, this is a non-invasive, side channel attack that may have applications to tamper-resistant systems. It appears to be related to noisy capacitors on the motherboard, an effect which has been observed when CPU power saving is enabled on laptops."

2 of 186 comments (clear)

  1. No by Transient0 · · Score: 5, Informative

    at best, they have shown that they can detect differences in the types of instructions the processor is executing by listening to the sounds of the capacitors. It is a long way from there to the point where they can extract the key itself from the information. In fact, I would venture that the data is far too noisy (haha) for any significant part of the key to ever be extracted, reagardless of the amount of computational power thrown at the problem. What they might be able to do however is use the information gleaned to eliminate large swaths of the set of possible keys. This could make cracking the key by conventional means a computationally easier task.

    So, in all, this paper is not insignificant, but it's also not a reason to completely give up on security or to install a cone of silence around your computer.

    --
    lysergically yours
  2. Re:Is this actually possible? by Doctor+Wonky · · Score: 5, Informative

    What they did was, create tight loops performing the same operation over and over. And found that different operations tend to result in different sorts of noise on the power supply, resulting in different sounds from the capacitors.

    Remember though with their 96,000 Hz sampling rate, a 1 Ghz CPU performs over 10,000 instructions per sample.

    Air does not vibrate fast enough, and there are no microphones with frequency response high enough to let you look at individual operations.

    So I guess, if you knew the characteristics well enough, you could record the sound of the capacitors and say 'Hey, this guy is running GnuPG' on it. I don't see a concievable way to figure out the keys and this article doesn't suggest one.