Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealing Keys From a Laptop In Another Room — and Offline

Posted by timothy on from the it's-coming-from-inside-the-faraday-cage dept.

Motherboard carries a report that with equipment valued at about $3,000, a group of Israeli researchers have been able to extract cryptographic keys from a laptop that is not only separated by a physical wall, but protected by an air gap. This, they say, "is the first time such an approach has been used specifically against elliptic curve cryptography running on a PC." From the article: The method is a so-called side-channel attack: an attack that doesn't tackle an encryption implementation head on, such as through brute force or by exploiting a weakness in the underlying algorithm, but through some other means. In this case, the attack relies on the electromagnetic outputs of the laptop that are emitted during the decryption process, which can then be used to work out the target's key. Specifically, the researchers obtained the private key from a laptop running GnuPG, a popular implementation of OpenPGP. (The developers of GnuPG have since released countermeasures to the method. Tromer said that the changes make GnuPG âoemore resistant to side-channel attack since the sequence of high-level arithmetic operations does not depend on the secret key.â)

4 of 58 comments (clear)

  1. Van Eck Phreaking by Anonymous Coward · · Score: 1, Interesting

    Part of the plot in the 1999 novel Cryptonomicon by Neal Stephenson so this isnt new.

  2. 300 processes by dargaud · · Score: 4, Interesting

    I currently have 300 processes running on my laptop, more on my server. I really wonder how they can filter out the noise of 299 of them to find out the electromagnetic noise of the PGP process (which lasts for only a split second) and THEN exploit that. It's one thing to get the Van Eck of an analog signal of a monitor (two very regular frequencies), another one entirely to get this of an 8 core CPU which uses variable frequencies depending on load.

    --
    Non-Linux Penguins ?
  3. Guess: Yes, because .. by burni2 · · Score: 4, Interesting

    Because even if you have 300 processes running, the 299 could be ignored because of their "cpu fingerprint".

    They do not occupy one CPU to the max, most processes running on a computer do just a bit more than nothing.

    I have the uncanny feeling that GnuPG is not parallalized at all.

    A crypto application however runs - if it's not parallelized - on one CPU-Core 100% for a depending on the processing power of the machine certain amount of time.

    (In crypto does not like timing sidechannel attacks)

    I guess, without having read the article, this specific burst of activity is where a crypto "broadcast" can be identified by.

    When I would attack a webservers private key using this tactic, I would just initiate a https connection and send certain data and than would see the what the spectrum says, I would then repeat it .. and I recognize patterns, and a again and again and again, till I have gathered enough data.

    However I think your point hints at a possible counter measure, having similar fingerprints also similarly timed it would interfere with the "broadcast".

  4. Re:Better summary by Anonymous Coward · · Score: 2, Interesting

    These things are notoriously easy to overlook. For example, there have been versions of cryptographic string comparisons that were vulnerable to a compiler optimisation which caused them to bail out at the first difference, which was really hard to see because at first glance the loop looked like it would iterate over all characters.
    Here's an article by the authors with nice graphs (why wasn't that in the summary) and here's what a fix looks like. I'll let you judge for yourself whether you'd have realised you had a problem if you had seen the code.