Keys Leaking Through the Air At RSA 85
NumberField writes "The RSA Conference is underway in San Francisco. A theme among the opening speakers is that the attackers are winning, and even well-funded organizations like NASDAQ can't secure their networks reliably. The show floor is lively, but dominated by the typical firewalls and 'compliance solutions.' One interesting exception is a scary side-channel analysis demo in the Cryptography Research booth using GNU Radio to capture secret keys from various smartphones from about 10 feet away. (The method is related to early computer music using AM radio interference.)"
Re:why on earth... (Score:4, Informative)
Some background (Score:5, Informative)
I'm sorry that there's no direct article for this submission, and I'm not certain who submitted it, but as an employee of CRI and one of the designers of the demo, I'd like to give you some details about what's going on.
At CRI we have a lab full of what I consider to be cool equipment, and what's more, some spare time to look at things. We specialize in side-channel analysis and we asked ourselves: what sort of side-channel leaks might be present in consumer PDAs? We took a USRP(1) interface that we had lying around and started investigating the RF emanations of a few of the devices we had easily on hand. We coded some simple cryptographic applications and were surprised at how quickly we were able to find ways to demodulate the various signals in the device in a way that revealed the bits of the secret keys being used.
We are indeed using GNURadio for the demo. It's been very helpful because it makes rapid prototyping very easy. We use gnuradio-companion to set up the signal processing blocks (mostly AM demodulation) and to set up a simple UI that helps us tune into the right carrier frequencies in real-time during the demo. The rest of the demo involves using our own custom waveform viewer to look at the demodulated signal and show visitors how we can analyze the signal on the screen and extract the key bits that were used during the encryption/decryption process on the device.