I found this summary of the paper disappointing. The paper that this is reporting on is at<p><a href="http://users.ece.gatech.edu/~az30/Downloads/Micro14.pdf" rel="nofollow">http://users.ece.gatech.edu/~az30/Downloads/Micro14.pdf</a><p>and describes a framework for measuring <i>how bad</i> side channel risks are (using custom software that tries to create a worst-case scenario by intentionally signaling to the outside world). They then turn out to be pretty bad, in the intentional case, but a big part of the researchers' contribution is that perhaps this is quantifiable, for each particular kind of side channel that one wants to examine.<p>This paper did not introduce any new kind of side channel, and extensively cites literature in which other people introduced (and often demonstrated) the side channel and emanations risks. These risks are often very bad, governments have studied them intensively since at least the 1960s, and it's a great thing that academic researchers are now helping make the public familiar with them. Hopefully that will lead to some techniques for mitigating them in practice other than living and working in a SCIF.<p>Indeed, for timing-channel attacks there are lots of important mitigations that software developers are now learning about (having to do with performing operations in constant-time). Maybe this research can point to ways of making some operations (approximately) constant-power, so power and RF-related information leakages will be attenuated.
Most of these attacks can be mitigated through physical separation; the official standards specify allowable signal strengths at perimeter for spurious emanations. (Obviously attackers can use directional/high gain antennas, but there are RF limitations.) The stuff Cryptography Research does vs. Android phones to extract keys from tens of feet is pretty terrifying. <a href="http://www.cryptography.com/technology/dpa/dpa-qa.html" rel="nofollow">http://www.cryptography.com/technology/dpa/dpa-qa.html</a><p>One interesting extension beyond the classical 1960s TEMPEST/Van Eck stuff is: If you can run malware on the target computer, you can obviously increase the effective gain through a variety of techniques.<p>What I'd be super interested in would be active RF attacks -- similar to the NSA toolkit with the passive external-RF-powered transmitter for implants, but ideally without modifications. Either causing specific errors or something else. Forcing resets might be enough. It'd be sort of a crossover between EMP and TEMPEST. Knowing, for instance, that the target security system controller is the only device connected to an 18.2m long wire within a facility might make it profitable to do a targeted attack on a certain frequency.
This type of attack is often mitigated by making the entire room a faraday cage. I know that many SCIF[1] facilities where top secret information is kept have more or less faraday cages as part of the walls to conform with the TEMPEST standards.<p>[1] <a href="http://en.wikipedia.org/wiki/Sensitive_Compartmented_Information_Facility" rel="nofollow">http://en.wikipedia.org/wiki/Sensitive_Compartmented_Informa...</a><p>[2] <a href="http://en.wikipedia.org/wiki/Tempest_%28codename%29" rel="nofollow">http://en.wikipedia.org/wiki/Tempest_%28codename%29</a>
A year or so ago there was a security researcher who claimed that he had machines which were being compromised through some sort of side-channel attack like this. It was reported on a couple times on Ars Technica I know, and there was debate in the security community whether he was on to something or whether he had simply snapped and was being paranoid. As I understood it he was a well-respected guy in the field. What ever happened to him? After reading a couple reports, and that he was going to be sending hard drives to some colleagues to get a second opinion, I never saw any followup. Anybody know?
You have to have a program running on the computer under attack for this to work, because it has to execute specific instruction patterns. It can only send blind; it can't receive. The main situation in which this would be useful is when attack software has been placed on a laptop, then used by then target.<p>RF attacks on serial connections (which includes not just serial ports but USB and Ethernet) are much easier. All the bits you want are right there. Historically, Teletypes generated RF which was easy to monitor, and the Friden Flexowriter could be monitored from half a mile away.
This sure seems like a problem for servers that are hosted in a Colocation facility where all of the hardware belongs to datacenter customers. You could easily outfit your server with equipment to pick up signals from nearby servers. Makes me wonder if any spy agencies have used this technique.
This is also called Van Eck phreaking and is a long-understood concept: <a href="http://en.wikipedia.org/wiki/Van_Eck_phreaking" rel="nofollow">http://en.wikipedia.org/wiki/Van_Eck_phreaking</a>
This explains how malware might get information out of an air-gapped computer, but how do you infect the machine in the first place? That would seem to be the harder problem.
Self-synchronous logic does not have this kind of RF patterns. Or, at least, has it in a much more smoother way.<p>Self-synchronous logic does not have global clock and operations have different timings.<p>As an example, in a synchronous logic one has to use carry-ahead variant of adder to get <i>worst case time</i> to O(logN). In a self-synchronous logic regular ripple-carry adder will suffice and produce result in O(logN) time in average case (yes, O(N) in worst case, which will met with probability p=1/2^N). Even more, adding small integers of K bits will result in O(logK) operations.<p>This means that each operation will have different completion time in self-synchronous logic. This is due to variance in inputs and/or temperature variance.<p>This, in turn, means that radio emission from operation completion in self-synchronous CPU will be much more smooth than for regular CPU.
I prefer this one: "RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis"<p>"The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away."<p><a href="http://www.tau.ac.il/~tromer/acoustic/" rel="nofollow">http://www.tau.ac.il/~tromer/acoustic/</a><p>Video: <a href="http://youtu.be/DU-HruI7Q30" rel="nofollow">http://youtu.be/DU-HruI7Q30</a><p>I'm pretty sure there's a better video of the attack being performed somewhere, but I can't find it right now.
Welcome to (at least) 2004?<p><a href="http://eckbox.sourceforge.net/" rel="nofollow">http://eckbox.sourceforge.net/</a><p>EDIT: Should have just linked to the paper instead. It looks like their primary contribution was an ability to measure the susceptibility of a device to these kinds of attacks.