Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealing Keys From a Laptop In Another Room — and Offline

Posted by timothy on from the it's-coming-from-inside-the-faraday-cage dept.

Motherboard carries a report that with equipment valued at about $3,000, a group of Israeli researchers have been able to extract cryptographic keys from a laptop that is not only separated by a physical wall, but protected by an air gap. This, they say, "is the first time such an approach has been used specifically against elliptic curve cryptography running on a PC." From the article: The method is a so-called side-channel attack: an attack that doesn't tackle an encryption implementation head on, such as through brute force or by exploiting a weakness in the underlying algorithm, but through some other means. In this case, the attack relies on the electromagnetic outputs of the laptop that are emitted during the decryption process, which can then be used to work out the target's key. Specifically, the researchers obtained the private key from a laptop running GnuPG, a popular implementation of OpenPGP. (The developers of GnuPG have since released countermeasures to the method. Tromer said that the changes make GnuPG âoemore resistant to side-channel attack since the sequence of high-level arithmetic operations does not depend on the secret key.â)

2 of 58 comments (clear)

  1. Better summary by Anonymous Coward · · Score: 5, Informative

    When performing different operations, computers emit different EM signals. EM antennae and post-processing software have become sufficiently fast and accurate that if you know the source code of an encryption algorithm, you can trace through the code non-intrusively, simply by watching for patterns in the emitted EM radiation. As it happens, GnuPG's EEC implementation performed different operations depending on the private key, so you can reconstruct the private key. GnuPG's developers addressed this by changing the implementation to try to ensure that the same sequence of operations will always get executed, regardless of the key. This is similar to how cryptographic string comparisons always compare all characters in a string and don't stop when they encounter the first difference, as normal string comparisons do.

  2. Re:Van Eck Phreaking by Anonymous Coward · · Score: 5, Funny

    Absolutely. Someone thinking about the possibility of something happening and someone implementing it are equivalent.