Security event to learn about side-channel attacks on PCs

Aug 21, 2014 by Nancy Owano weblog
Credit: Daniel Genkin et al.

A paper to be presented at next month's Workshop on Cryptographic Hardware and Embedded Systems (CHES) in Busan, South Korea, will discuss physical side-channel attacks on laptop computers, in findings from a team from the Technion and Tel Aviv University. "We demonstrated physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers," they said, using novel side channels. They said their attacks were based on the observation that the ground electric potential in many computers fluctuates in a computation-dependent way. An attacker can measure the signal by touching exposed metal on the computer chassis with a plain wire or even with a bare hand. The signal can also be measured at the remote end of Ethernet, VGA or USB cables They noted "non-negligible" impedance between the grounding point(s) and other points in the chassis. "Due to currents and electromagnetic fields inside the computer, voltages of large magnitude develop across this impedance (often 10mV RMS or more, after filtering out the 50 or 60 Hz mains frequency). This is the voltage we measure."

Does this sort of effort require special sophisticated gear? The authors said that while professional lab equipment yields the most effective attack, a mobile phone can sometimes do. They used a mobile phone to measure the key-dependent chassis potential from the far side of a 10m Ethernet cable, they added.

One key concern would be what kind of information could be obtained from such an attack. They tested numerous laptops and they found the following in almost all the machines: it is possible to distinguish an idle CPU from a busy CPU, and it is possible to note the different patterns of CPU operations and different programs.

Also, "Using GnuPG as our study case, we can, on some machines distinguish between the spectral signatures of different RSA secret keys (signing or decryption), and fully extract decryption keys, by measuring the 's chassis potential during decryption of a chosen
ciphertext."

Two other attacks they discussed do not require physically touching the laptop, just being near the laptop, via antenna or sound. Electromagnetic emanations, measured via an antenna, convey essentially the same leakage and can be used for key extraction; acoustic emanations measured via microphone can be used to extract keys also.

Mitigation techniques include Faraday cages, insulating enclosures against chassis and touch attacks, and photoelectric decoupling or fiberoptic connections against end of cable . However, they said, inexpensive protection of consumer-grade PCs appears difficult. "Alternatively, the cryptographic software can be changed, and algorithmic techniques employed to render the emanations less useful to the attacker."

The title of their paper is "Get Your Hands Off My Laptop: Physical Side-Channel Key Extraction Attacks On PCs," by Daniel Genkin, Itamar Pipman and Eran Tromer. According to a report about their work in MIT Technology Review, Tromer notified cryptography software makers. What is more, developers of one cryptographic software package, GnuPG, incorporated a patch into the latest version of their software.

Explore further: Research trio crack RSA encryption keys by listening to computer noise

More information:www.cs.tau.ac.il/~tromer/handsoff/

www.technologyreview.com/news/… with-your-bare-hands

add to favorites email to friend print save as pdf

Related Stories

Unexpected information leakage from side channel

Mar 21, 2014

In this high-technology age, finding ways to prevent information leakage via device hacking is increasingly important. In order to pre-empt attacks, researchers carry out false attacks on encrypted devices ...

Beefing up public-key encryption

Feb 18, 2013

Most financial transactions on the Internet are safeguarded by a cryptographic technique called public-key encryption. Where traditional encryption relies on a single secret key, shared by both sender and ...

Thwarting the cleverest attackers

May 01, 2012

In the last 10 years, cryptography researchers have demonstrated that even the most secure-seeming computer is shockingly vulnerable to attack. The time it takes a computer to store data in memory, fluctuations in its power ...

Recommended for you

China blocks 'privacy' search engine DuckDuckGo

23 hours ago

China has begun blocking the privacy-protecting search engine DuckDuckGo, which avoids storing user data or tracking online activity, according to the company and security researchers.

FBI widens probe of naked celebrity photos

23 hours ago

The FBI vowed Monday to widen a probe into the massive hacking of naked celebrity photos if necessary, after new reported leaks including nude shots of Kim Kardashian.

New ZEBRA bracelet strengthens computer security

Sep 22, 2014

In a big step for securing critical information systems, such as medical records in clinical settings, Dartmouth College researchers have created a new approach to computer security that authenticates users ...

CloudFlare tackles lost SSL key risk with Keyless SSL

Sep 19, 2014

Organizations looking for and concerned about optimal security protection are the targets of a new service announced by San Francisco-based CloudFlare. The offering is called Keyless SSL. CloudFlare explained ...

When does Google hand over your data to governments?

Sep 19, 2014

Governments around the world want to know a lot about who we are and what we're doing online and they want communications companies to help them find it. We don't know a lot about when companies hand over ...

User comments : 0