Slashdot Mirror

← Back to Stories (view on slashdot.org)

Breaking RSA Keys by Listening to Your Computer

Posted by Hemos on from the sssh-i'm-hunting-for-wabbits dept.

An anonymous reader writes "Adi Shamir and crew gave a talk on preliminary results in extracting a private RSA key just by listening to the computer!. Similar to power analysis and LED leakage, this is a non-invasive, side channel attack that may have applications to tamper-resistant systems. It appears to be related to noisy capacitors on the motherboard, an effect which has been observed when CPU power saving is enabled on laptops."

12 of 186 comments (clear)

  1. That's it... screw the enviroment by Anonymous Coward · · Score: 5, Funny

    No power saving for me! My encrypted porn is far too important.

  2. Lucky for me... by relyter · · Score: 5, Funny

    I've got so many fans running in my computer that you can't even hold a conversation in the same room, much less listen for capacitors

  3. Extracting the Actual Numbers? by artlu · · Score: 5, Insightful

    The article does not deal with actually computing the encoding (Pe) and decoding functions (Pd) for q,n,d. Where q,n are unique primes. The only thing their interference spotted is the markings between computing each function for the signature, and this drastically varies based on the machine. They do have a Proof of Conept, but no quantifiable data.
    My $0.02.

    artlu

    --
    -------
    artlu.net
  4. reminds me of the old days by belmolis · · Score: 5, Interesting

    Twenty years ago at Bell Labs one of the speech machines (an SEL with homebrew audio i/o) had output to loudspeakers that went through unshielded speaker wires that ran past the CPU, so if you weren't playing anything back the speakers played back CPU noise. We could tell what stage a compilation was at by the noise that came over the speakers.

    1. Re:reminds me of the old days by LiquidCoooled · · Score: 5, Interesting

      I actually still get that.

      If i turn my speakers wayyyyyyyyyyyyy up and start working, I can here the data being moved around. Scares the crap out of me when something plays a sample, but fun all the same.

      Its happened on my 2 most recent boards, and I just put it down to the integrated sound cards vs the Sound blasters I used to use.

      --
      liqbase :: faster than paper
  5. Aha! by dupper · · Score: 5, Funny

    Now I have an excuse to play loud music at work: security!

  6. No by Transient0 · · Score: 5, Informative

    at best, they have shown that they can detect differences in the types of instructions the processor is executing by listening to the sounds of the capacitors. It is a long way from there to the point where they can extract the key itself from the information. In fact, I would venture that the data is far too noisy (haha) for any significant part of the key to ever be extracted, reagardless of the amount of computational power thrown at the problem. What they might be able to do however is use the information gleaned to eliminate large swaths of the set of possible keys. This could make cracking the key by conventional means a computationally easier task.

    So, in all, this paper is not insignificant, but it's also not a reason to completely give up on security or to install a cone of silence around your computer.

    --
    lysergically yours
  7. Re:RSA sucks anyway by kasperd · · Score: 5, Insightful

    Nope, for it's DSA/DSS all the way, and all the noisy capacitors in the world won't help you break it.
    That wouldn't change anything. RSA as well as DSS is based on modulus exponentiation with a secret exponent. If you can get the exponent you have broken the system, it is as simple as that.

    Why do I trust it? Because it was developed by the NSA, not a bunch left leaning MIT eggheads.
    That kind of logic is useless in the security business. Basing your trust upon who designed the algorithm is stupid. How many (and who) tried to break the algorithm and failed at that is a better meassure on the security. A good rationale behind the design is another good meassure on the security. And finally mathematical proofs.

    --

    Do you care about the security of your wireless mouse?
  8. I've tried this... by bhmit1 · · Score: 5, Funny

    ...but all I heard was "Dave, what are you doing Dave?"
    Hmm, maybe I should put away the screwdriver.

  9. Forget capacitors, listen to the keyboard. by Hans+Lehmann · · Score: 5, Interesting
    Other than fans & hard drives, I don't think I've ever heard noise from any machine I've ever worked on, though back in the old days we would hold an AM radio next to the computer, which would give very distinct noise patterns as the CPU went about its business.

    If you really want to do some acoustic evesdropping, listen to the keyboard. It's got a much larger signal to begin with (from across the room, instead of having to paste your ear to the computer case.) Since there are always slight mechanical differences between keys on any given keyboard, I would think that the sound spectrum would also be slightly different. Being able to always listen in on the same user would also help, since most people are somewhat consistent regarding which finger they use on which key. (Evesdropping on people who were smart enough to take a touch-typing class in high school is also a big plus.)

    Assuming you could discern between the acoustic fingerprint of 100 different keys, then it's just a matter of figuring out which sound goes with which key. It's a simple substitution cypher, which are almost trivial to break.

    Sneak your cell phone into your boss's office, set it to silent mode and plug in a headset so that you can set it to auto-answer when a call comes in. Then, while your boss is busy typing dirty notes to his mistress, you call your cell phone, start recording it, and presto, you've got a keylogger without ever having touch his computer or the software on it. Then, at your next performance review, you convince him to give you a hefty raise.

    ...Profit!!!

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  10. Re:Is this actually possible? by Doctor+Wonky · · Score: 5, Informative

    What they did was, create tight loops performing the same operation over and over. And found that different operations tend to result in different sorts of noise on the power supply, resulting in different sounds from the capacitors.

    Remember though with their 96,000 Hz sampling rate, a 1 Ghz CPU performs over 10,000 instructions per sample.

    Air does not vibrate fast enough, and there are no microphones with frequency response high enough to let you look at individual operations.

    So I guess, if you knew the characteristics well enough, you could record the sound of the capacitors and say 'Hey, this guy is running GnuPG' on it. I don't see a concievable way to figure out the keys and this article doesn't suggest one.

  11. Interesting... by boola-boola · · Score: 5, Interesting
    It is interesting to note that Adi Shamir (one of the co-authors) is one of the three people who came up with RSA-encryption

    R = Ron Rivest
    S = Adi Shamir
    A = Len Adleman