Scientists Extract RSA Key From GnuPG Using Sound of CPU

kthreadd writes "In their research paper titled RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, Daniel Genkin, Adi Shamir and Eran Tromer et al. present a method for extracting decryption keys from the GnuPG security suite using an interesting side-channel attack. By analysing the acoustic sound made by the CPU they were able to extract a 4096-bit RSA key in about an hour (PDF). A modern mobile phone placed next to the computer is sufficient to carry out the attack, but up to four meters have been successfully tested using specially designed microphones."

Re:Remember TEMPEST?

[Hatta]

Seems like GPG could defeat this pretty easily by putting in some random HLTs.

NSA wants to access microphone. Allow/disallow?

[sideslash]

This makes me re-think the push toward quiet, fanless computers. Now I am thinking that I want a white[/some other color] noise generator to add privacy to my personal computing.

Re:Remember TEMPEST?

[Opportunist]

Well, think of it like trying to hear an opera singer in between a lot of traffic noise. Even your ear can do that to some degree, but for software it is fairly trivial to separate the song from the other noises, especially if you know what opera is being sung. The singer might not be singing in the key you know or he might have a bit of variety in the way he interprets the song, but you know in general what it should sound like so you know what to look for, and then you work from there.

Re:Remember TEMPEST?

[Bruce Perens]

The "audio" in question is most likely all below 24 kHz, that being the Nyquist limit for the 48 kHz sampling hardware, unless it happens that some phones can actually sample faster, and have microphones that can respond to higher frequencies.

The instruction rate of the CPUs in question is many times that frequency.

It doesn't sound likely.

Re:Remember TEMPEST?

[Anonymous Coward]

Using multiple cores turns out to help the attack (by shifting down the signal frequencies).

Say what? Through what mechanism would multiple cores shift down the frequency? And what about parallel instruction streams contributing to noise?

It is not the cores specifically but a mathematical property commonly used in radio communication.
sin(a)*sin(b) = 1/2 * (cos(a-b) - cos(a+b))
A transistor working in the non-linear section will have an exponential function. This will give a function similar to (a+b)^2 = a^2 + 2ab + b^2 (Not really, but close, the important part is that you get the product of the signals. The rest will be high frequency noise.)

This means that if you have two frequencies that are cos to each other, like 3000000kHz and and 3000001kHz the interaction between them will create a component at 6000001kHz and one a 1kHz.
Pretty much all audio equipment you can find will gladly filter out the higher frequencies and let the 1kHz component through.
The frequency variations in the ~1kHz component will give you information about the runtimes of the instructions.

Re:Remember TEMPEST?

[sonamchauhan]

Also, it's Bruce Perens. Hi!

Also, while we are still in 'appeal to authority' mode, the coauthor of the paper is Adi Shamir, the 'S' in RSA.