Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealing Keys From a Laptop In Another Room — and Offline

Posted by timothy on from the it's-coming-from-inside-the-faraday-cage dept.

Motherboard carries a report that with equipment valued at about $3,000, a group of Israeli researchers have been able to extract cryptographic keys from a laptop that is not only separated by a physical wall, but protected by an air gap. This, they say, "is the first time such an approach has been used specifically against elliptic curve cryptography running on a PC." From the article: The method is a so-called side-channel attack: an attack that doesn't tackle an encryption implementation head on, such as through brute force or by exploiting a weakness in the underlying algorithm, but through some other means. In this case, the attack relies on the electromagnetic outputs of the laptop that are emitted during the decryption process, which can then be used to work out the target's key. Specifically, the researchers obtained the private key from a laptop running GnuPG, a popular implementation of OpenPGP. (The developers of GnuPG have since released countermeasures to the method. Tromer said that the changes make GnuPG âoemore resistant to side-channel attack since the sequence of high-level arithmetic operations does not depend on the secret key.â)

3 of 58 comments (clear)

  1. Way Offtopic but Interesting by Anonymous Coward · · Score: 0, Insightful

    This Day on Slashdot -- "2010 PA School Spied On Students Via School-Issued Laptop Webcams "

    Here's a little follow-up:

    In this case, a school had spying software put on their laptops that they loaned to their students. Turns out school officials were using the software to "check up" on their kids, sometimes in compromising situations. The activity was discovered and the school sued. Settlement was in the neighborhood of $600,000.

    The IT Director who allowed this to happen: Virginia DiMedio. This "lady" shut down an IT student intern who raised objections about the spying software, telling him to “take a breath and relax,”... "we are not a police state" when in fact they were a police state. When the shit hit the fan, Virginia got the axe as she should. She couldn't get another IT job and now teaches Pilates.

    https://www.linkedin.com/in/virginia-dimedio-4a87a430

    Power corrupts. Never forget it.

  2. *sigh* by sootman · · Score: 3, Insightful

    Tromer said that the changes make GnuPG Ãoemore resistant to side-channel attack since the sequence of high-level arithmetic operations does not depend on the secret key.Ã

    Hey, speaking of character encoding on Slashdot...
    - or -
    Hey, use the "Preview" button!

    Bonus funny: that changed from a lowercase 'a' with a '^' to an uppercase 'A' with a '~' while posting.

    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  3. Re:Quick question! by Anonymous Coward · · Score: 3, Insightful

    In the case of laptops, it would add so much weight to do it right, that it would render them unfit for purpose. The problem is that shielding doesn't completely nix the EM emissions, but it removes a percentage. The trouble with that is that if someone has a sufficiently good antenna and low-noise amplifier, even a tiny fraction of the original EM emission could give you away, so standard anti-EM foil isn't going to cut it. For now, it's better to try to design our software in such a way that it emits the same EM signature regardless of the cryptographic key used.