

Breaking RSA Keys by Listening to Your Computer 186
An anonymous reader writes "Adi Shamir and crew gave a talk on preliminary results in extracting a private RSA key
just by listening to the computer!. Similar to power analysis and LED leakage, this is a non-invasive, side channel attack that may have applications to tamper-resistant systems. It appears to be related to noisy capacitors on the motherboard, an effect which has been observed when CPU power saving is enabled on laptops."
That's it... screw the enviroment (Score:5, Funny)
Re:That's it... screw the enviroment (Score:2)
Quite didn't get it!!! (Score:1, Insightful)
Does it mean that people can get my private key by actually "listening" to my box? It would be great if anyone can provide more information regarding this. It's kinda freaky!!!
No (Score:5, Informative)
So, in all, this paper is not insignificant, but it's also not a reason to completely give up on security or to install a cone of silence around your computer.
Re:No (Score:3, Funny)
I'm not sure that I could fit this [cinerhama.com] around a computer in the first place.
Re:No (Score:2)
No no (Re:No) (Score:5, Informative)
Uh, no. Your analysis runs contrary to cryptanalytic principles and the history of these sorts of attacks.
If you spot me 1 bit of key information, you have by definition halved the work for an attack. In this specific analysis, I need only consider those settings of key bits (in this case, bits of p and q) that correspond to observed behavior for an interval of the spectogram. This means that I can potentially crack the key in time almost linear in the size of the key, rather than completely exponential.
The work on timing attacks and power attacks uses very similar sorts of information, and the anlysis used here will likely be similar also. This is why Shamir, who is certainly qualified to evaluate the work at this point, describes it as "proof of concept": it would be surprising if the observed information fails to extend to a practical attack. It's just that in science, you publish when you have anything interesting to report, so that folks know you got there first.
Re:No no (Re:No) (Score:2, Interesting)
Re:No no (Re:No) (Score:2)
Well in the post I responded to you made mention of spotting you one bit, I responded that the /. article really isn't discussing the possibility of hearing bits.
Timing attacks aren't really relevent either, it's a diffrent type of attack then what we're talking about. They would certainly be more effective when used in tandem, but they are seperate topics.
Me, you, and
Re:Quite didn't get it!!! (Score:2, Interesting)
It seems that this is a more reliable method for finding a key than using a microphone, but, of course, it does require physical access to the computer.
Re:Quite didn't get it!!! (Score:2)
At work we need to by the Dell power adapter with two prongs (no ground) or in a pinch clip the ground off of a standard one. We do audio video display in court rooms, noone wants to here the whining of a computer.
It is only on dells we have noticed this which is why I ask.
Re:Quite didn't get it!!! (Score:2, Funny)
Don't you mean 'phreaky'?
I can attest to this... (Score:1)
Re:I can attest to this... (Score:3, Interesting)
I'm thinking that it's the little critters getting just abit too hot, I found that increasing the airflow and cooling everything down by a couple of degrees seems to make the noise go away. Unless...it's in the winter...in which case...the house is more then cool enough and you don't have to worry ab
Re:I can attest to this... (Score:1)
I don't think the capacitor problem has to do with heat. I just think that the speed of the processor is too great for such an old mobo. The recommended range for the board is 1.4ghz-2.4ghz. I'm on the high end of that spectrum unfortunately. I hear the caps going all the time when there is any load on the processor. I don't know if you would be abl
Re:I can attest to this... (Score:2)
If you do hear the caps going all the time, then there is a chance that the board may have sat fo
Re:I can attest to this... (Score:2)
Pun Intended?
Re:I can attest to this... (Score:2)
Re:I can attest to this... (Score:2, Funny)
time to fit more fans and drown out the noise.
Re:I can attest to this... (Score:2)
BiggyP: "...time to fit more fans and drown out the noise."
Read the article. Fans won't drown out the noise because signals are typically in the range above 10kHz, so the lower frequency sounds, like fans, can be filtered out.
Lucky for me... (Score:5, Funny)
not so lucky (Score:4, Insightful)
taken from the article.
you'd need background noise in the same frequency area (dummy CPU ?)
Re:not so lucky (Score:1)
Re:not so lucky (Score:2)
Re:not so lucky (Score:2)
i don't know, the whooshing and other noises my fan makes are more like white noise - it certainly covers a much broader spectrum than a simple hum, and it's loud enough to be more than background noise
of course, i don't know what i'm talking about, so take my comment for whatever you think it's worthIf you have phsysical access (Score:4, Insightful)
I guess you could always "bug" a place, but if you were significantly paranoid about security(to the point where someone would try to listen your key away from you) wouldn't you have a copper cage around your building?
Re:If you have phsysical access (Score:4, Funny)
Btw, if you meet a woman with a donkey, don't forget that great opening line:
"Hey babe, nice ass!"
Sorry.
Re:If you have phsysical access (Score:1)
Re:If you have phsysical access (Score:2)
Not if we are talking about anyplace that wants security. The article says that this is about attacking systems that are otherwise well secured. Secured against tempest attacks, and probably secured against incompotent users.
Incidentally, a password won't do, the idea is to steal a private key.
Some places do have electromagnetic sheilding, but few
Extracting the Actual Numbers? (Score:5, Insightful)
My $0.02.
artlu [artlu.net]
Some guy was investigated for excercising the FOIA (Score:2, Interesting)
By encrypting your data, you are bringing unnecessary suspicion upon yourself. I wouldn't be surprised if the FBI's powers are enhanced to include surveillance of you and your data.
Re:Some guy was investigated for excercising the F (Score:4, Informative)
That discovery encrypted data can still be used as evidence in justifying further warrants... while discovering 20 GB of Britney Spears music in readable form would most likely cause the investigation to give up on worrying about the contents of that hard drive.
Re:Some guy was investigated for excercising the F (Score:2)
As long as you never accidentally press "Play" that is.
Re:Some guy was investigated for excercising the F (Score:2, Insightful)
I odn't think any government who has reason to believe you to be hiding something would fail to check if it was in plain view or not.
Otherwise criminals would all be using those ghost markers kids use
Re:Some guy was investigated for excercising the F (Score:2)
That discovery encrypted data can still be used as evidence in justifying further warrants... while discovering 20 GB of Britney Spears music in readable form would most likely cause the investigation to give up on worrying about the contents of that hard drive.
If you r
Re:Some guy was investigated for excercising the F (Score:2)
One of the nice features of crypto on Linux is that you preseed the partition with random data dd-ed from
I wonder if there's a way to see whether or not the disk has has a crypto filesystem on it, or if it was just being prepared for that purpose?
Re:Some guy was investigated for excercising the F (Score:1)
Encryption is part of checks and balances. (Score:5, Insightful)
Encryption inhibits surveillance by ANYONE. That the government falls under the category of anyone is secondary to most encryption desires and uses.
If someone was attempting avoidence/prevention of potential government investigation, then the act of encrypting wouldn't make it more or less likely. They make use of encryption because they have some information they don't want the government to know. It's not because they use encryption but due to any relevant knowledge they have, that a person should ellicit investigation by their government. And then knowledge pertaining only to those things that governments should worry about (murder, fraud, and other criminal acts).
So by encrypting the code on my laptop as a security precaution, you're saying I bring unnecessary suspicion upon myself? Noone but my company and its business competitors has an interest in the trade secrets I manage and create during the course of my business. Therefore I use encryption as a means of self-defense. I inhibit investigation by those not authorized by me or my company. The act of investigation could very well be illegal. I would not give my government blanket access to my trade secrets, when I have no control over what they do with them. They should have no interest in them. in fact, by wanting to enhance surveillance of those things which they declare to not have an interest in and would normally have no involvement in is suspicious in itself. Encryption is a tool and is about as dangerous as a screwdriver.
Re:Encryption is part of checks and balances. (Score:2)
Re:Some guy was investigated for excercising the F (Score:2)
Re:I beg to differ (Score:2)
I consult for a very small company with a database of information that is worth >$100k US. It is by far the most complete listing of it's type and there a few people that would love to have it. The owner once turned down $100k for it. Is it encrypted? Of course it is. It would be irresponsible of me as the admin not to encrypt. I personally have a few encrypted files tha
Re:I beg to differ (Score:2)
This is true. Depending on where you live in the US certain conditions can proclued one from purchasing a long arm. Federal law has additional restrictions on short arms (aka hand guns). If your record is "clean" then you may buy and own a firearm without the guilt of being suspected of committing a crime. The root comment says encryption should be hel
Does anyone... (Score:5, Interesting)
Re:Does anyone... (Score:2)
Think about WiFi. Your standard access point and and laptop card will work for about 300 feet. However, somebody 1000 feet away could interact with that network using a simple pringles can attenna.
The same theory basically can be applied to sound, the more directional microphone and the better it is at filtering unwanted sound, the better the signal-to-noise ratio will get. So, putting walls and other background noises into the probl
Re:Does anyone... (Score:2)
mod parent down, -1 stupid (Score:2, Informative)
Maybe you should just get modded down yourself... (Score:2)
found a way to stop it (Score:3, Funny)
Re:found a way to stop it (Score:2)
Re:found a way to stop it (Score:2)
(I used to sleep in the same room as one of those. Talk about nightmares of getting blasted from afterburners and such.)
Re:found a way to stop it (Score:2, Funny)
reminds me of the old days (Score:5, Interesting)
Twenty years ago at Bell Labs one of the speech machines (an SEL with homebrew audio i/o) had output to loudspeakers that went through unshielded speaker wires that ran past the CPU, so if you weren't playing anything back the speakers played back CPU noise. We could tell what stage a compilation was at by the noise that came over the speakers.
Re:reminds me of the old days (Score:5, Interesting)
If i turn my speakers wayyyyyyyyyyyyy up and start working, I can here the data being moved around. Scares the crap out of me when something plays a sample, but fun all the same.
Its happened on my 2 most recent boards, and I just put it down to the integrated sound cards vs the Sound blasters I used to use.
Re:reminds me of the old days (Score:2, Informative)
One day when I had the case open and was moving stuff around, I noticed it made noise whenever I bumped the cable for said jacks. Once removed, the noise went away.... probably not the same thing in your case, but gotta love unshielded cables.
Re:reminds me of the old days (Score:3, Informative)
Keeping the cpu busy fixed it for me. (Score:2, Informative)
Strange thing is that high cpu usage actually dampens the noise, so my solution was to run a distributed computing client (THINK, in my case, but others will do as well) to keep the cpu busy. Works perfectly, and I even forgot I had the problem until I read this post.
I do think it's pretty lame that so many on-board audio chips have this problem.
Re:reminds me of the old days (Score:2)
I do notice it on long webpages, and recently, we swapped out my wifes psu with a really dodgy one, we could here the fans themselves physically changing speed as the cpu/gpu usage increased.
Re:reminds me of the old days (Score:2)
Re:reminds me of the old days (Score:2)
Re:reminds me of the old days (Score:3, Interesting)
reminiscences of musical interference (Score:2)
*The MicroAce was a build it yourself clone of the Timex/Sinclair that was cheap. After all, the Timex/Sinclair was almost $100 at the time.
Even fu
Re:reminds me of the old days (Score:3, Interesting)
Re:reminds me of the old days (Score:2)
Aha! (Score:5, Funny)
no disrespect to Adi Shamir, but... (Score:2, Insightful)
This attack came to show how to attack the key, which is why it interests these folks, I suppose, but it would be much easier to use TEMPEST if you get access to actually install some tool to hear && (record || trasmit) the audio.
I would suggest TEMPEST would also be more reliable, but some
Odd article to have Shamir's name on it (Score:1, Insightful)
All this article "proves" is that a CPU'
Patenting. (Score:3, Interesting)
Kinda like that CPU speed crack (Score:5, Informative)
Is this actually possible? (Score:5, Interesting)
Re:Is this actually possible? (Score:5, Insightful)
> the CPU's instruction throughput is many times that?
The few bits you're trying to extract may have an observable influence on global statistics, especially when you can affect the value of some other bits. See for example Boneh and Brumley's timing attack on OpenSSL [stanford.edu].
Re:Is this actually possible? (Score:5, Informative)
Remember though with their 96,000 Hz sampling rate, a 1 Ghz CPU performs over 10,000 instructions per sample.
Air does not vibrate fast enough, and there are no microphones with frequency response high enough to let you look at individual operations.
So I guess, if you knew the characteristics well enough, you could record the sound of the capacitors and say 'Hey, this guy is running GnuPG' on it. I don't see a concievable way to figure out the keys and this article doesn't suggest one.
Re:Is this actually possible? (Score:4, Interesting)
Re:Is this actually possible? (Score:3, Interesting)
I've tried this... (Score:5, Funny)
Hmm, maybe I should put away the screwdriver.
Relevant to chipcards? (Score:2)
Re:Relevant to chipcards? (Score:2)
While it's true this requires you to have had physical access to the machine at some point, it's the time and level of access that are the issue.
For instance while it is fairly rare to get the level of physical access you need to employ other attacks on a bank terminal, it's a breeze to get the level of access you need to do this.
You don't need to login, you don't need to open the case/bypass locks on it/damage
What was once old is new again? (Score:2)
My computer tells me... (Score:1, Funny)
I listen to my computer... (Score:4, Funny)
I'm starting to think it doesn't have my best interests at heart...
Re:I listen to my computer... (Score:2)
Noise from HLT state etc.. (Score:2)
Re:Noise from HLT state etc.. (Score:4, Interesting)
It's really amazing how dirty a computer power supply is -- I also picked up a headphone preamp that fits inside a 5.25" drive bay, and can optionally run off the computer power supply. If it's running off the power supply, I get a *very* noisy signal that is affected by things like hard drive access.
The other shoe dropping (Score:5, Informative)
The particular pattern of CPU operations executed while an RSA private key is executed varies depending on that RSA private key. Given a rough estimate of the pattern of CPU operations executed, the set of possible RSA private keys is greatly reduced. So it becomes much, much easier -- possibly trivial, particularly if you have a chosen plaintext scenario -- to extract a private key from an otherwise secure system. Consider an e-voting machine with an audio system for handicapped access -- with nothing but a very sensitive microphone in the booth, you might be able to determine the private key used to sign votes (and thus gain the capability to spoof votes elsewhere).
And of course, this would be a very, very successful attack against an RSA private key embedded within a trusted computing environment. Processors -- even those encased in epoxy -- still need power, and variable amounts depending on what they're doing. The brilliance here is that rather than needing some very expensive analog energy drain measurement equipment, you just need a sound card. It's a side channel attack for the masses.
Very very cool work. Wow.
--Dan
Re:The other shoe dropping (Score:3, Interesting)
We do have more data than just time, too -- we have instruction profiles. If it's possible to absolutely know the input to the RSA signing function, and it's possible to alter that input whi
Forget capacitors, listen to the keyboard. (Score:5, Interesting)
If you really want to do some acoustic evesdropping, listen to the keyboard. It's got a much larger signal to begin with (from across the room, instead of having to paste your ear to the computer case.) Since there are always slight mechanical differences between keys on any given keyboard, I would think that the sound spectrum would also be slightly different. Being able to always listen in on the same user would also help, since most people are somewhat consistent regarding which finger they use on which key. (Evesdropping on people who were smart enough to take a touch-typing class in high school is also a big plus.)
Assuming you could discern between the acoustic fingerprint of 100 different keys, then it's just a matter of figuring out which sound goes with which key. It's a simple substitution cypher, which are almost trivial to break.
Sneak your cell phone into your boss's office, set it to silent mode and plug in a headset so that you can set it to auto-answer when a call comes in. Then, while your boss is busy typing dirty notes to his mistress, you call your cell phone, start recording it, and presto, you've got a keylogger without ever having touch his computer or the software on it. Then, at your next performance review, you convince him to give you a hefty raise.
Re:Forget capacitors, listen to the keyboard. (Score:2)
Sound vs. electromagnetic emanations (Score:2, Informative)
CMU (Score:2)
pfft
Interesting... (Score:5, Interesting)
R = Ron Rivest
S = Adi Shamir
A = Len Adleman
Sounds, Electronics, and the Hound :) (Score:3, Interesting)
Playing TI-99/4 games by ear (Score:3, Interesting)
While my experience is no where near that in-depth, I do remember that the computer made distinct sounds when performing certain tasks, such as reading GROM, initializing, running BASIC programs (I recall that some statements also have distinct sounds as well.)
Since then I have been able to detect certain sounds from my machines which indicate normal operations; to some extent I think we all do, just as we do with cars to "know" that something isn't right. And it's been pretty consistent through all of my computers: Commodore 64, 128D, Atari 800XL, various Amigas (amazing things heard by holding your ear to the A500 power supply,) many desktop PCs and notebooks. Even some console systems generate sounds under operation (an old NES on my shelf with a bad filter cap is good for this.)
I'm curious to know what correlations between design type, grounding, processor architecture, and other factors exist for this. Might be worth investigating like this chap did, should I find the time to do so.
I'm running Seti@home. Listen all you want. (Score:2, Interesting)
Well... (Score:2, Informative)
Typical CPU HLT execution either by the O/S (linux and w2k or so i thought... w2k didn't do it too good when I tried it) or by an external program (on ring 0) e.g CpuIDLE will cause several things, from what I've experienced:
Variable fan speed: Typical cheap comes-with-case power supplies regulate +5V whiwh surprise! gets a greater power draw when CPU is busy. Result,
Next generation of tin foil hats (Score:2, Funny)
Man, that is real geek stuff.
Take off the tinfoil hat (Score:2)
A microphone will pick up frequencies from just shy of DC, to a few tens of kilohertz. Let's be really generous and suppose that the microphone can follow a vibration of 100kHz. A 2GHz signal will have changed 20 000 times in the same amount of time the microphone's diaphragm could have moved back and forth once. Need I say more?
It's like the myth about hard d
FAQ (Score:5, Informative)
The web page [weizmann.ac.il] was extended to include a FAQ discussing the issues brought up here.
Fuuuuuck! (Score:2)
it's like Van Eck, only scarier.
makes me wonder though...
Seems to open the door for a true broadcastable computer virus.
I mean, if you can can get sound out, and it means something, why not put instruction-filled sound in, overriding currently queued instructions...
I've finally figured out how Cobra Commander is able to appear on ALL televisions at once before revealing his plans to take over the world!
Where in the World is Carmen Sandiago? (Score:2, Informative)
The only things he had for it was WordPerfect and "Where in the World is Carmen Sandiago?" Based on the sound of the spinning drive, I could decipher which of the multiple choice answers was correct to move to the next stage while the current stage was loading. After a while, I started plugging my ears while a stage was loading so the game didn't suc
Re:This just in ..... (Score:2, Funny)
Dude, atleast use the proper syntax.
Re:RSA sucks anyway (Score:5, Insightful)
That wouldn't change anything. RSA as well as DSS is based on modulus exponentiation with a secret exponent. If you can get the exponent you have broken the system, it is as simple as that.
Why do I trust it? Because it was developed by the NSA, not a bunch left leaning MIT eggheads.
That kind of logic is useless in the security business. Basing your trust upon who designed the algorithm is stupid. How many (and who) tried to break the algorithm and failed at that is a better meassure on the security. A good rationale behind the design is another good meassure on the security. And finally mathematical proofs.