Breaking RSA Keys by Listening to Your Computer

An anonymous reader writes "Adi Shamir and crew gave a talk on preliminary results in extracting a private RSA key just by listening to the computer!. Similar to power analysis and LED leakage, this is a non-invasive, side channel attack that may have applications to tamper-resistant systems. It appears to be related to noisy capacitors on the motherboard, an effect which has been observed when CPU power saving is enabled on laptops."

Some guy was investigated for excercising the FOIA

[ObviousGuy]

Investigations are an important part of the justice system. Though the tenet is "innocent until proven guilty", it's only possible to prove someone guilty by means of an investigation.

By encrypting your data, you are bringing unnecessary suspicion upon yourself. I wouldn't be surprised if the FBI's powers are enhanced to include surveillance of you and your data.

Does anyone...

[centralizati0n]

Does anyone know the range of how far you can be away from the computer to hear the sounds? The proof-of-concept website just seemed to be "look, here are pictures of computer operations... in sound! Yay!" without enlightening us on any details.

reminds me of the old days

[belmolis]

Twenty years ago at Bell Labs one of the speech machines (an SEL with homebrew audio i/o) had output to loudspeakers that went through unshielded speaker wires that ran past the CPU, so if you weren't playing anything back the speakers played back CPU noise. We could tell what stage a compilation was at by the noise that came over the speakers.

Re:I can attest to this...

[Mashiki]

I usually get this on my own setup a P4b-266 w/1.7(oc'd to 1874), but only after a reboot; and only do you hear it on re-init's prior to loading windows(pick a flavor) or BSD. Not when the machine is running.

I'm thinking that it's the little critters getting just abit too hot, I found that increasing the airflow and cooling everything down by a couple of degrees seems to make the noise go away. Unless...it's in the winter...in which case...the house is more then cool enough and you don't have to worry about it. heh.

The boards are good, but my man...were already looking at the operational product end for these boards and it's been two years since they came out. It took intel 6mo to come out with the 533, then the 800's. I kick myself in the ass everytime I think on that...and and buying a AMD next time around; I can get a proc and board twice the speed at half the price for what I paid for this one.

Patenting.

[Zangief]

If you go to the site of the DPA attack [cryptography.com],Cryptographic Research, you can see that they have already have patents on Systems to protect against these kind of attacks. So it's not like they have developed anything (I don't know if they have) but you can already pay them to get protection from this kind of attack! yay!

Re:reminds me of the old days

[LiquidCoooled]

I actually still get that.

If i turn my speakers wayyyyyyyyyyyyy up and start working, I can here the data being moved around. Scares the crap out of me when something plays a sample, but fun all the same.

Its happened on my 2 most recent boards, and I just put it down to the integrated sound cards vs the Sound blasters I used to use.

Is this actually possible?

[idiot900]

Even at a 96 kHz sampling rate, the maximum frequency that can be sampled is 44 kHz. How could one hope to extract a certain few bits from a recording when the CPU's instruction throughput is many times that? Most of the information that would need to be examined wouldn't make it onto the recording. Correct me if I'm wrong, but it seems Nyquist leaves this idea dead in the water.

Re:reminds me of the old days

[drinkypoo]

The Vectrex video game system runs an unshielded audio cable right past the tube and you can hear the system pulling the photons around - as it's a vector scan system, it produces an extremely wide variety of noise on the speaker.

Forget capacitors, listen to the keyboard.

[Hans Lehmann]

Other than fans & hard drives, I don't think I've ever heard noise from any machine I've ever worked on, though back in the old days we would hold an AM radio next to the computer, which would give very distinct noise patterns as the CPU went about its business.

If you really want to do some acoustic evesdropping, listen to the keyboard. It's got a much larger signal to begin with (from across the room, instead of having to paste your ear to the computer case.) Since there are always slight mechanical differences between keys on any given keyboard, I would think that the sound spectrum would also be slightly different. Being able to always listen in on the same user would also help, since most people are somewhat consistent regarding which finger they use on which key. (Evesdropping on people who were smart enough to take a touch-typing class in high school is also a big plus.)

Assuming you could discern between the acoustic fingerprint of 100 different keys, then it's just a matter of figuring out which sound goes with which key. It's a simple substitution cypher, which are almost trivial to break.

Sneak your cell phone into your boss's office, set it to silent mode and plug in a headset so that you can set it to auto-answer when a call comes in. Then, while your boss is busy typing dirty notes to his mistress, you call your cell phone, start recording it, and presto, you've got a keylogger without ever having touch his computer or the software on it. Then, at your next performance review, you convince him to give you a hefty raise.

...Profit!!!

Re:Quite didn't get it!!!

[David Horn]

Is this similar to the noise heard when using an onboard sound card? On my laptop when plugged in to the mains, a distint hiss/buzz/rumble comes out the line-out jack. It changes when moving the mouse or accessing the hard disk, or when the CPU is under load.

It seems that this is a more reliable method for finding a key than using a microphone, but, of course, it does require physical access to the computer.

Re:Noise from HLT state etc..

[0x0d0a]

The most common thing I've found to induce audible noise (I use a SB Live, and can easily hear this with even cheap speakers) is to demute the sound card inputs that aren't connected to anything -- like CD audio and whatnot -- and then start moving my PS/2 mouse, which generates a fairly slow sequence of signals, producing a definite buzz. Video redraw also can do this -- dragging windows works well as well, and what's on the screen (oddly enough, lots of white areas seems to cause more of a buzz) has an impact.

It's really amazing how dirty a computer power supply is -- I also picked up a headphone preamp that fits inside a 5.25" drive bay, and can optionally run off the computer power supply. If it's running off the power supply, I get a *very* noisy signal that is affected by things like hard drive access.

Interesting...

[boola-boola]

It is interesting to note that Adi Shamir (one of the co-authors) is one of the three people who came up with RSA-encryption [thefreedictionary.com]

R = Ron Rivest
S = Adi Shamir
A = Len Adleman

Re:Is this actually possible?

[Welsh Dwarf]

the key, no, but log(10) of the key, you might well be able to have a fare guess at, and that already eliminates one hell of a lot of the factorization troubles...

Re:reminds me of the old days

[Alien Conspiracy]

My old Atari ST would emit different background hiss via the TV modulator output depending on the CPU load.

Sounds, Electronics, and the Hound :)

[Zizkus]

Having worked in telecommunications as well as consumer electronics and computing, I've played a lot :) One of the more interesting things for fun was to poke around with a induction amplifier, you know, the "hound" in the fox and hound tone generator/ handheld probe that the phone guys use for tracing copper thru a building. It is pretty sensitive and I've found many fun sounds by waving it around in various analog and digital equipment, it kinda gives a unique viewpoint. Used in different locations in a PC it picks up various interesting sounds that are very different according to what the system is doing, and where you are probing, memory, chipset, io/chips, cpu etc. Never found it very good for troubleshooting PC's, but lots of fun! Also, I think the sounds you can hear around running electronics is partly caused by sympathetic viberation induced in the air molecules by high frequency energy changes happening, especially on the buses where there are long runs exposed, as well as perhaps by the caps, (?), could it be the aluminum in the caps is reacting to the energy field?, most of the round tall caps you see on a board are used on low frequency mainly power filtering applications.

Re:Is this actually possible?

[Jim Starx]

I don't think the idea is to extract certain bits. This hasn't moved out of the concept phase. Even when it does it probably won't go extrodinarily far in terms of practical applications. The point is just that information can be gathered. It may not be bits, but it can tell you how much work the computer is doing, when it's doing it, and as the examples show there is a possibility of determining what type of operations are being performed. Your not going to "hear" they key or anything like that. But you may get a little snippet of info that reduces the time it takes to perform a brute force attack. Every little bit of info helps when talking about breaking encryption.

Re:No no (Re:No)

[Jim Starx]

I think your parent hit it on the nose. You're never going to "hear" individual bits. The computer processes at speeds that are fucking orders higher then the best sample rates known to man. The atoms of air just can't be excited that fast. They can't hold that type of information. Shamir is qualified, but that doesn't mean everything he works on is going to be a cryptographic holy grail. This is really interesting stuff, and there's certainly big potential here, but lets not kid ourselves about the possibilities.

Playing TI-99/4 games by ear

[LoadWB]

I recall reading rumors of a blind fella who could play MunchMan on the TI-99/4 just by listening to the sounds in the background of the game.

While my experience is no where near that in-depth, I do remember that the computer made distinct sounds when performing certain tasks, such as reading GROM, initializing, running BASIC programs (I recall that some statements also have distinct sounds as well.)

Since then I have been able to detect certain sounds from my machines which indicate normal operations; to some extent I think we all do, just as we do with cars to "know" that something isn't right. And it's been pretty consistent through all of my computers: Commodore 64, 128D, Atari 800XL, various Amigas (amazing things heard by holding your ear to the A500 power supply,) many desktop PCs and notebooks. Even some console systems generate sounds under operation (an old NES on my shelf with a bad filter cap is good for this.)

I'm curious to know what correlations between design type, grounding, processor architecture, and other factors exist for this. Might be worth investigating like this chap did, should I find the time to do so.

I'm running Seti@home. Listen all you want.

[dharma21]

How can you differentiate between computations , when the CPU is at 100% utilization all the time? :)

Re:The other shoe dropping

[Effugas]

Well, to use the scientific term, "it depends". I've been thinking about this (like about ten thousand other crypto people) throughout the day. Certainly, Brumley and Boneh's attack will work (and probably better, because 1/44,100 is microsecond resolution): http://crypto.stanford.edu/~dabo/papers/ssl-timing .pdf

We do have more data than just time, too -- we have instruction profiles. If it's possible to absolutely know the input to the RSA signing function, and it's possible to alter that input while still knowing the (probably hashed) result, then you can get a set that looks like:

RSA(Known_Hash_1, Unknown_RSA_Private) = Known_CPU_Profile1
RSA(Known_Hash_2, Unknown_RSA_Private) = Known_CPU_Profile2
RSA(Known_Hash_3, Unknown_RSA_Private) = Known_CPU_Profile3 ...
RSA(Known_Hash_N, Unknown_RSA_Private) = Known_CPU_ProfileN

So you're solving for Unknown_RSA, based on the differentials in CPU profiles. Not trivial, mind you -- but absolutely fascinating.

--Dan