Keys Leaking Through the Air At RSA

← Back to Stories (view on slashdot.org)

Keys Leaking Through the Air At RSA

Posted by CmdrTaco on Tuesday February 15, 2011 @09:41AM from the patch-it-up dept.

NumberField writes "The RSA Conference is underway in San Francisco. A theme among the opening speakers is that the attackers are winning, and even well-funded organizations like NASDAQ can't secure their networks reliably. The show floor is lively, but dominated by the typical firewalls and 'compliance solutions.' One interesting exception is a scary side-channel analysis demo in the Cryptography Research booth using GNU Radio to capture secret keys from various smartphones from about 10 feet away. (The method is related to early computer music using AM radio interference.)"

12 of 85 comments (clear)

Min score:

Reason:

Sort:

I fucking hate summaries like this by topham · 2011-02-15 09:56 · Score: 5, Insightful

I fucking hate summaries with a half dozen links that don't seem to link to an article actually discussing the issue in the summary.
Why approved this shit?
1. Re:I fucking hate summaries like this by Lord+Ender · 2011-02-15 10:08 · Score: 3, Insightful
  
  Sounds like the poster is using slashdot to blog about what he is seeing at the RSA conference. There aren't good links because the data was originally presented in meatspace.
  
  --
  A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
why on earth... by joocemann · 2011-02-15 10:12 · Score: 2

. are sensitive networks like NASDAQ even connected to the internet? There is a common fix for this issue called an AIR GAP. You simply physically disconnect the nternet from the sensitive technology, and then you work forward from there while always regarding the fundamental necessity of the air gap. It is, reckless and foolish considering the reality of the internet, to think you can connect and protect.
1. Re:why on earth... by jandrese · 2011-02-15 10:20 · Score: 3, Informative
  
  Because eTrade would throw a hissyfit if the stock exchanges were completely disconnected from the net. Not to mention all of the traders that no longer work directly on the floor, but instead issue trades via the network, often times using bots.
  
  --
  
  I read the internet for the articles.
2. Re:why on earth... by Mashiki · 2011-02-15 10:30 · Score: 3, Interesting
  
  Because all trade networks connect to each other now, and the internet is the cheapest way than building dedicated hardlinks to innerconnect to all stock exchanges. I doubt that any exchange would be willing to drop billions to build trans-atlantic/pacific data exchanges, unless something catastrophic happened. Plus it creates central points of weakness.
  The internet 'routes around damage'.
  
  --
  Om, nomnomnom...
3. Re:why on earth... by vux984 · 2011-02-15 10:32 · Score: 2
  
  . are sensitive networks like NASDAQ even connected to the internet?
  So you can get up to date stock quotes from yahoo, instead of waiting for them in the news paper?
  So you can log into your bank or brokerage and buy and sell shares of something?
  So brokers, fund managers, and so on can do the same, all in real-time from their offices around the world?
  Air gapping the stock exchange would be pretty inconvenient for pretty much anyone who deals with it at all.
4. Re:why on earth... by Fnkmaster · 2011-02-15 10:43 · Score: 2
  
  Hmmm... Okay, but all the other servers that have to talk to it *are* connected to the internet. I know because I've set servers up before in their primary data center.
  So even if you keep all the NASDAQ servers on a private network only, you still have all the entry points from the physical ethernet drops throughout the data center going into all the cages (several thousands of them) of people routing orders onto NASDAQ.
  So when Joe Brokerage or John Trading Shop gets compromised, it's only a hop away to the NASDAQ servers anyway.
  Also, any functions that NASDAQ runs that do need internet access now need to be run on servers that are segregated out from their private network servers... and again, surely those probably need to communicate with those private network servers at some point.
  In fact, I'm guessing that's roughly how their stuff is set up from what I remember about interacting with it. But completely disconnecting everything from the internet makes it kind of hard to interact with all the stuff out there that is on the internet.
5. Re:why on earth... by mlts · 2011-02-15 10:44 · Score: 2
  
  Ideally, the networks should be on a backbone which can piggyback over Internet connections, but by using half-routers that already know each other and use preshared symmetric keys (so even if RSA is broken, the communication going across the pipe is still secure unless someone hacks the endpoint.)
  The US government has learned this (NIPRNet and SIPRnet), maybe businesses need their own backbone that is separate from the Internet.
6. Re:why on earth... by Doug+Neal · 2011-02-15 10:55 · Score: 2
  
  There is a middle ground between using the internet (where delivery is on a best effort basis and has no guarantees of anything) and laying your own submarine cables. Private international leased lines are readily available from a variety of vendors and are used extensively by financial institutions. They're available with various SLAs on contention, latency and uptime depending on how much you're willing to spend. Transatlantic routes are available surprisingly cheaply, as there is an abundance of bandwidth and a ton of carriers competing to sell it. It's usually provided over an MPLS core, which handles routing around damage, with a layer 2 (ethernet) or 3 (IP) handoff.
7. Re:why on earth... by TheLink · 2011-02-15 22:16 · Score: 2
  
  I don't even mind high frequency trading. What I mind is them getting to see stuff before others and act on it.
  http://www.nytimes.com/2009/07/24/business/24trading.html
  http://www.nytimes.com/imagepages/2009/07/24/business/0724-webBIZ-trading.ready.html
  http://www.nytimes.com/2009/08/05/business/05flash.html
  Go ahead, send your orders as fast as you want. But being able to see other people's orders AND cancel your orders accordingly before the rest of the market gets them is cheating.
  --
  
  Too many replies beneath your current threshold
Some background by Dr.+JJJ · 2011-02-15 10:43 · Score: 5, Informative

I'm sorry that there's no direct article for this submission, and I'm not certain who submitted it, but as an employee of CRI and one of the designers of the demo, I'd like to give you some details about what's going on.
At CRI we have a lab full of what I consider to be cool equipment, and what's more, some spare time to look at things. We specialize in side-channel analysis and we asked ourselves: what sort of side-channel leaks might be present in consumer PDAs? We took a USRP(1) interface that we had lying around and started investigating the RF emanations of a few of the devices we had easily on hand. We coded some simple cryptographic applications and were surprised at how quickly we were able to find ways to demodulate the various signals in the device in a way that revealed the bits of the secret keys being used.
We are indeed using GNURadio for the demo. It's been very helpful because it makes rapid prototyping very easy. We use gnuradio-companion to set up the signal processing blocks (mostly AM demodulation) and to set up a simple UI that helps us tune into the right carrier frequencies in real-time during the demo. The rest of the demo involves using our own custom waveform viewer to look at the demodulated signal and show visitors how we can analyze the signal on the screen and extract the key bits that were used during the encryption/decryption process on the device.
1. Re:Some background by Anonymous Coward · 2011-02-15 11:45 · Score: 3, Insightful
  
  What's wrong with demodulating an amplitude modulated signal? How would you have phrased it differently without losing information?