Breaking RSA Keys by Listening to Your Computer 186
An anonymous reader writes "Adi Shamir and crew gave a talk on preliminary results in extracting a private RSA key
just by listening to the computer!. Similar to power analysis and LED leakage, this is a non-invasive, side channel attack that may have applications to tamper-resistant systems. It appears to be related to noisy capacitors on the motherboard, an effect which has been observed when CPU power saving is enabled on laptops."
No (Score:5, Informative)
So, in all, this paper is not insignificant, but it's also not a reason to completely give up on security or to install a cone of silence around your computer.
Re:Some guy was investigated for excercising the F (Score:4, Informative)
That discovery encrypted data can still be used as evidence in justifying further warrants... while discovering 20 GB of Britney Spears music in readable form would most likely cause the investigation to give up on worrying about the contents of that hard drive.
Kinda like that CPU speed crack (Score:5, Informative)
mod parent down, -1 stupid (Score:2, Informative)
The other shoe dropping (Score:5, Informative)
The particular pattern of CPU operations executed while an RSA private key is executed varies depending on that RSA private key. Given a rough estimate of the pattern of CPU operations executed, the set of possible RSA private keys is greatly reduced. So it becomes much, much easier -- possibly trivial, particularly if you have a chosen plaintext scenario -- to extract a private key from an otherwise secure system. Consider an e-voting machine with an audio system for handicapped access -- with nothing but a very sensitive microphone in the booth, you might be able to determine the private key used to sign votes (and thus gain the capability to spoof votes elsewhere).
And of course, this would be a very, very successful attack against an RSA private key embedded within a trusted computing environment. Processors -- even those encased in epoxy -- still need power, and variable amounts depending on what they're doing. The brilliance here is that rather than needing some very expensive analog energy drain measurement equipment, you just need a sound card. It's a side channel attack for the masses.
Very very cool work. Wow.
--Dan
Re:Is this actually possible? (Score:5, Informative)
Remember though with their 96,000 Hz sampling rate, a 1 Ghz CPU performs over 10,000 instructions per sample.
Air does not vibrate fast enough, and there are no microphones with frequency response high enough to let you look at individual operations.
So I guess, if you knew the characteristics well enough, you could record the sound of the capacitors and say 'Hey, this guy is running GnuPG' on it. I don't see a concievable way to figure out the keys and this article doesn't suggest one.
Sound vs. electromagnetic emanations (Score:2, Informative)
Re:reminds me of the old days (Score:2, Informative)
One day when I had the case open and was moving stuff around, I noticed it made noise whenever I bumped the cable for said jacks. Once removed, the noise went away.... probably not the same thing in your case, but gotta love unshielded cables.
No no (Re:No) (Score:5, Informative)
Uh, no. Your analysis runs contrary to cryptanalytic principles and the history of these sorts of attacks.
If you spot me 1 bit of key information, you have by definition halved the work for an attack. In this specific analysis, I need only consider those settings of key bits (in this case, bits of p and q) that correspond to observed behavior for an interval of the spectogram. This means that I can potentially crack the key in time almost linear in the size of the key, rather than completely exponential.
The work on timing attacks and power attacks uses very similar sorts of information, and the anlysis used here will likely be similar also. This is why Shamir, who is certainly qualified to evaluate the work at this point, describes it as "proof of concept": it would be surprising if the observed information fails to extend to a practical attack. It's just that in science, you publish when you have anything interesting to report, so that folks know you got there first.
Well... (Score:2, Informative)
Typical CPU HLT execution either by the O/S (linux and w2k or so i thought... w2k didn't do it too good when I tried it) or by an external program (on ring 0) e.g CpuIDLE will cause several things, from what I've experienced:
Variable fan speed: Typical cheap comes-with-case power supplies regulate +5V whiwh surprise! gets a greater power draw when CPU is busy. Result, you fan sounds higher pitched when you ger a greater CPU load since +12V isn't regulated and the draw on +5V affects it. My newer power supply (old one died) doesn't seem to do this anymore, my old one, especillay with my old CoolerMaster fan (pretty noisy) was exceptionally good at this.
Transformer/inductance/capacitor hum: when I turn off the main CPU fan you can distinguish some hums from several places in my pc, exclusind the power supply fan. Causes can be anything from sound being played thorugh some soundcard transformer to CPU drawing more power though something.
Also, MANY other noises plague PCs:
HDD head movement. I'm sure someone has developed a way to measure approximately what area of an hdd a user is accesing by listening to head noise.
CDROM spinning/head moving/tracking/focussing. Wow do these 52x drives make a helluva lot of noise!
Modem. Surely a mike placed next to the modem transformer could pick up the signal, and it then could easily be decoded to get the stream of PPP packets.
speakers/soundcard. If I crack up the volume, depending on inputs selected, etc I can easily hear different noises, when I move a window, when I scroll something, etc they all make different noises/click rates. Of course it scares the hell out of me when someone IM's me through Jabber with that ding-dong noise.
Take that and keyboard/mouse/CRT monitor/whatever noise and you have a wealth of information which you can use to predict what a user was doing.
FAQ (Score:5, Informative)
The web page [weizmann.ac.il] was extended to include a FAQ discussing the issues brought up here.
Re:reminds me of the old days (Score:3, Informative)
Where in the World is Carmen Sandiago? (Score:2, Informative)
The only things he had for it was WordPerfect and "Where in the World is Carmen Sandiago?" Based on the sound of the spinning drive, I could decipher which of the multiple choice answers was correct to move to the next stage while the current stage was loading. After a while, I started plugging my ears while a stage was loading so the game didn't suck.
I am listening to my CPU right now (Score:1, Informative)
is idle. Apparently, it is when linux puts the CPU in a halt state that it makes the noise because if I do something CPU intensive (such as gzipping the kernel) it is actually quieter.
In the old days, I used to listen to the RS-232 signals going to the terminal since they shared an output line on the CPU with the audio signals. I couldn't tell exactly what was being printed but I could definitely recognize patterns.
Later, I discovered that I could hear when the pattern changed on an ordinary CRT monitor displaying text. It was possible to tell, with my back to the computer, when, for example, a compilation completed and whether or not it was successful.
So, there are other possible low bandwidth audio leaks besides the one mentioned.
Keeping the cpu busy fixed it for me. (Score:2, Informative)
Strange thing is that high cpu usage actually dampens the noise, so my solution was to run a distributed computing client (THINK, in my case, but others will do as well) to keep the cpu busy. Works perfectly, and I even forgot I had the problem until I read this post.
I do think it's pretty lame that so many on-board audio chips have this problem.