Research trio crack RSA encryption keys by listening to computer noise

Dec 19, 2013 by Bob Yirka report
Physical setup of a key recovery attack. A mobile phone (Samsung Note II) is placed 30 cm from a target laptop. The phone’s internal microphone points towards the laptop’s fan vents. Full key extraction is possible in this configuration and distance. Credit: Daniel Genkin et al.

(Phys.org) —A trio of researchers in Israel has discovered that it is possible to crack 4096-bit RSA encryption keys using a microphone to listen to high-pitch noises generated by internal computer components. Adi Shamir (co-inventor of RSA), Daniel Genkin and Eran Tromer have published a research paper describing the technique on a Tel Aviv University server.

Computers make noises, the researchers explain, far beyond the whirring of the fan. The CPU, for example, emits a high pitched noise as it operates, fluctuating depending on which operations it is performing—other components do likewise. Suspecting that they might be able to exploit this characteristic of computers, the researchers set about creating software to interpret noise data obtained using simple microphones and very little other equipment. They also focused exclusively on trying to achieve one single feat: deciphering an RSA encryption key. After much trial and effort, the researchers found it could be done without much effort.

Listening and detecting the noise made by a computer as it processes a single character in an encryption key would be impossible, of course, so the researchers devised a method that causes the noise to be repeated enough times in a row to enable capture of its signal. And that can only happen if the attacker is able to send a cyphertext to the machine that is to be attacked and have it processed. The cyphertext contains code that causes looping. By listening to how the computer processes the cyphertext, the researchers can map the noises made by the computer as it crunches different characters, thereby allowing encryption keys sent by others to be cracked.

What's perhaps most frightening about this method is how easily it can be ported to various machines. The researchers found, for example, that by using a laptop and simple hardware and software they were able to crack encryption keys on a second laptop. Next, they did the same thing using a cell phone as the listening device. They suggest it could also be packaged completely in software and sent out as malware, hacking on infected devices and sending them back to the hacker.

As a side-note, the researchers also found that low-bandwidth attacks on computers are also possible by measuring the electrical potential of a computer's chassis while the circuitry is busy doing its work.

Explore further: Explaining perfect forward secrecy

More information: RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis: www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf

Related Stories

Next question: can the NSA crack Tor keys?

Sep 09, 2013

(Phys.org) —"After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH [DH refers ...

Team Prosecco dismantles security tokens

Jun 27, 2012

(Phys.org) -- As password systems alone prove inadequate to protect information on computers against hackers, security customers have taken the advice of vendors to step up to tokens, those online security ...

Recommended for you

Forging a photo is easy, but how do you spot a fake?

Nov 21, 2014

Faking photographs is not a new phenomenon. The Cottingley Fairies seemed convincing to some in 1917, just as the images recently broadcast on Russian television, purporting to be satellite images showin ...

Algorithm, not live committee, performs author ranking

Nov 21, 2014

Thousands of authors' works enter the public domain each year, but only a small number of them end up being widely available. So how to choose the ones taking center-stage? And how well can a machine-learning ...

Professor proposes alternative to 'Turing Test'

Nov 19, 2014

(Phys.org) —A Georgia Tech professor is offering an alternative to the celebrated "Turing Test" to determine whether a machine or computer program exhibits human-level intelligence. The Turing Test - originally ...

Image descriptions from computers show gains

Nov 18, 2014

"Man in black shirt is playing guitar." "Man in blue wetsuit is surfing on wave." "Black and white dog jumps over bar." The picture captions were not written by humans but through software capable of accurately ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

RadiantThoughts
not rated yet Dec 19, 2013
just remember if it comes to it we just pull mains/battery and hacking ends lol.
drebb
1 / 5 (1) Dec 19, 2013
"After much trial and effort, the researchers found it could be done without much effort."

... Well, one of those things is not true.
cees_timmerman
not rated yet Dec 20, 2013
It's like trying to build a toaster when roasting bread near open fire works, too, drebb.

GnuPG 1.4.16 already patched this exploit: http://lists.gnup...337.html

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.