Stealing Keys From a Laptop In Another Room — and Offline

Motherboard carries a report that with equipment valued at about $3,000, a group of Israeli researchers have been able to extract cryptographic keys from a laptop that is not only separated by a physical wall, but protected by an air gap. This, they say, "is the first time such an approach has been used specifically against elliptic curve cryptography running on a PC." From the article: The method is a so-called side-channel attack: an attack that doesn't tackle an encryption implementation head on, such as through brute force or by exploiting a weakness in the underlying algorithm, but through some other means. In this case, the attack relies on the electromagnetic outputs of the laptop that are emitted during the decryption process, which can then be used to work out the target's key. Specifically, the researchers obtained the private key from a laptop running GnuPG, a popular implementation of OpenPGP. (The developers of GnuPG have since released countermeasures to the method. Tromer said that the changes make GnuPG âoemore resistant to side-channel attack since the sequence of high-level arithmetic operations does not depend on the secret key.â)

Tempest protocol

[WSOGMM]

This is why our government uses the "Tempest" certification on buildings, categorizing whether information can be stolen from electromagnetic emanations within neighboring wall, room, just outside the building, etc.

It's called Van Eck phreaking, and it's one of the many modern day forms of wizardry. Essentially different components of your computer communicate via high frequency electric currents. These currents broadcast corresponding EM waves somewhere in the radio spectrum, and you decode the corresponding frequency components into your own information, which if you know what monitor they're using, for instance, you can catch the signal from their wires and reproduce their monitor image on your screen.

Re:Tempest protocol

[lowen]

One of the key concepts to realize with 'van Eck phreaking' is that no shielding provides infinite attenuation at all frequencies. Even solid copper shielding has a finite, if very large, attenuation. With a cryogenic-cooled HEMT or similar front-end and a high gain antenna, the requirements for shielding could be as high as an attenuation of 100dB or more (copper screen is good for 30dB or so typically).

A cryo HEMT front-end isn't that far out of reach, even on pennies, as dry ice can get the temps low enough to foil thin shielding, and thicker shielding can be defeated with liquid nitrogen temps. Specialized near-field antennas that work on magnetic induction principles foil even the thickest pure copper, tin, or aluminum shielding; you need a ferromagnetic shield (mu metal is good) in addition to the copper to shield then.

Vent holes are the hardest, as you then want copper honeycomb material to act as 'waveguide beyond cutoff' attenuators. Slots and gaps of any kind can act as antennas; the Parkes radio telescope, for instance, has a webcam that required a very special enclosure where even the screw spacing had to be controlled. (see http://www.atnf.csiro.au/outre... for details).

Better summary

When performing different operations, computers emit different EM signals. EM antennae and post-processing software have become sufficiently fast and accurate that if you know the source code of an encryption algorithm, you can trace through the code non-intrusively, simply by watching for patterns in the emitted EM radiation. As it happens, GnuPG's EEC implementation performed different operations depending on the private key, so you can reconstruct the private key. GnuPG's developers addressed this by changing the implementation to try to ensure that the same sequence of operations will always get executed, regardless of the key. This is similar to how cryptographic string comparisons always compare all characters in a string and don't stop when they encounter the first difference, as normal string comparisons do.