The single coolest thing in the paper (other than Shamir's name): "On many laptops (e.g., most Lenovo ThinkPad models), the chassis potential can be easily reached by a
human hand, through metal connectors and conductive coating on metal surfaces. Thus, an attacker can
measure the chassis potential by merely touching the laptop chassis with his hand. Surreptitiously,
the attacker can simultaneously measure his own body potential relative to the room’s ground potential,
e.g., by having a concealed differential probe touching both his body and some nearby conductive
grounded surface in the room. Perhaps surprisingly, even this circuitous measurement offers sufficient
signal-to-noise ratio for the key extraction attack."
Playing loud music when encrypting/decrypting/typing in your password will defend against acoustic attacks, right?<p>This other type of attack, however, isn't so easily guarded against:<p><i>Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.</i><p>This serves as a reminder that it's pretty much impossible to defend against an attacker that has physical access to your box.
Important stuff:<p>> Q9 How vulnerable is GnuPG now?
We have disclosed our attack to GnuPG developers under CVE-2013-4576, suggested suitable countermeasures, and worked with the developers to test them. New versions of GnuPG 1.x and of libgcrypt (which underlies GnuPG 2.x), containing these countermeasures and resisting our current key-extraction attack, were released concurrently with the first public posting of these results. Some of the effects we found (including RSA key distinguishability) remain present.
This is really impressive work. After skimming through the detailed paper it looks as if they are not picking up sound emitted from the CPU itself, but from the switching power supply circuit.<p>The frequency variation is caused by load differences. So they are in fact doing an indirect power analysis. A switching power supply will always change frequency as a reaction to variations in supply current, this is inherent to its design. I also believe that it will be very difficult to "muffle" all the inductors and capacitors as they are subjected to very high pulse loads. Magnetics will always find a way to emit sound...<p>It's interesting to note that the biggest difference seems to be between register and memory instructions. This seems reasonable as memory instruction may, in the worst case, require powering the external bus, which is very power hungry. This will only get worse in future CPUs, as more and more clock gating is introduced.<p>So, I guess some countermeasures could be:<p>- If the CPU supports SMT or HT, load the other cores with a thread accessing random memory positions.<p>- Optimize the RSA code so that it's memory access and runtime pattern does not depend on the key or clean text.<p>- Try to localize the RSA code as much as possible to reduce memory accesses. If memory access is required, do it all at once, for example by swapping entire cache pages.<p>Some of these are highly CPU dependent.
This is the patch they used to mitigate it afaict.<p><a href="http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=dec048b2ec79271a2f4405be5b87b1e768b3f1a9" rel="nofollow">http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=co...</a>
Nobody mentioned TEMPEST yet in this comment thread. It's old (60s) but very interesting stuff. <a href="https://en.wikipedia.org/wiki/Tempest_%28codename%29" rel="nofollow">https://en.wikipedia.org/wiki/Tempest_%28codename%29</a> It includes acoustical leaks as one side channel.
Also see: <a href="http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf" rel="nofollow">http://www.nsa.gov/public_info/_files/cryptologic_spectrum/t...</a>
It's cool that they were able to demonstrate it that well.
<i>Using multiple cores turns out to help the attack (by shifting down the signal frequencies).</i><p>I don't understand how this would be, maybe because I don't understand what they mean by "using multiple cores."<p>You'd think that running a decoy thread on another core would mask things pretty effectively.
What's interesting are old school spy acounstic methods. <a href="http://en.wikipedia.org/wiki/Laser_microphone" rel="nofollow">http://en.wikipedia.org/wiki/Laser_microphone</a> <-- great primer. This played out in micro surface vibration in a cup of coffee in the movie Eagle Eye (terrible movie btw). Either way, kind of a neat way to spy on embassy windows from a far w/o even having to be in the room. A little off topic was the KGB's bugging a government office with passive radio transmission - virtually undetectable <a href="http://en.wikipedia.org/wiki/Thing_(listening_device)" rel="nofollow">http://en.wikipedia.org/wiki/Thing_(listening_device)</a> This stuff is so damn cool. :)
I've read the linked document, but this feels like magic to me. Is the general idea something like : i can hear the CPU is doing 10 additions, then 20 substractions, twenty times in a row, so i can tell by knowing the algorithm used that the CPU is computing a public key and that it must be between 1 billion and 1.5 billion ?
Without taking party, I am deeply impressed at an increasing rate and with honest respect to the ingenuity of the research that's coming from Tel Aviv, Israel and from Switzerland. There is no other country except the USA which makes such leaps in technological progress. That's my honest image of the research. I'm personally reading many of their publications and from various other journals too.
If three academic types can come up with this, just imagine what the NSA or other foreign intelligence groups can find with a budget like they have.<p>Interesting for sure.
If that attack is available for us to know, I wonder what can possibly be happening inside NSA?<p>I even wonder how these big guys/heroes like Julian and Snowden feel when they find out about it. I mean, maybe they just don't care about the stuff they have being accessed without their consent, it is supposed to be released anyways, but what about their conversations that are supposed to be highly confidential?
When I started reading I thought this must be a joke. As a dev with what I like to think is a solid understanding of computer hardware I don't often think of new tech as spooky/sci-fi-esque, but this is so unbelievably cool. I have no words.
A good enough solution might be using appliances designed with older cpus with little to no power management features but it is only practical for high stakes stuff like military comms I guess.
I really want to call B.S. on most of their claims, but I withhold any judgement until there is a live demo performed. Have they announced a timetable for a live demo?
This is a really well written fake.<p>Use some common sense.<p>Are you only doing one thing on your computer? No.<p>Does your Memory vibrate when the data is stored? No.<p>Can data be transferred via acoustics over a 2 conductor 16 gauge wire at the speeds memory is accessed or is sent to the CPU? No.<p>Think of something you have heard "hum". Is the noise pattern of your Amp and another the same if the "hum is anything other than 60hz? No. Because manufacturing tolerances are not such that the flaws are the same.<p>This is really great FUD. Likely designed to get People to think that they are constantly at risk, and have the CIA and FBI spend billions buying acoustic shields for their computers.<p>If this is real. And does work, fine, just run a background task that puts multiple random RSA's through the paces in alternate threads so the extraction can't take place because of garbled data.<p>EDIT:
Apparently I forgot that HackerNews You get downvoted if you present common sense in face of a fallacy that those with limited understanding want to hold true, as seen by the mass of links to wikipedia made by those with out the foggiest about audio, capacitance, RSA, or Electrical engineering.<p>-Brandon Wirtz
SMPTE