Ars Technica reports Stealing encryption keys through the power of touch "Researchers from Tel Aviv University have demonstrated an attack against the GnuPG encryption software that enables them to retrieve decryption keys by touching exposed metal parts of laptop computers."
This research is a side-channel attack. The metal parts of a laptop, such as the shielding around USB ports, and heatsink fins, are notionally all at a common ground level. However, this level undergoes tiny fluctuations due to the electric fields within the laptop. These variations can be measured, and this can be used to leak information about encryption keys.
The measurements can be done by directly attaching a digitizer to a metal part of the laptop, but they don't have to be this obvious. The researchers showed that they could retrieve information with connections at the far end of shielded USB, VGA, and Ethernet connections. They also used human touch: a person in contact with metal parts of the laptop can in turn be connected to a digitizer, and the voltage fluctuations can be measured.
The researchers note that this works better in hot weather, due to the lower resistance of sweaty fingers.
During encryption and decryption operations, the processor has to perform certain long-running operations (for example, exponentiation of various large numbers), and these operations caused a consistent, characteristic set of voltage fluctuations. When sampling the voltages at a rate of a few MHz, keys for the RSA and ElGamal encryption algorithms could be extracted in a few seconds.
2 comments:
This is the Van Eck phreaking of the 2010's, which I first heard of in the novel Cryptonomicon by Neal Stephenson.
In the early 2000s I had one meeting in a SCIF and wondered what the big deal was :)
Post a Comment