Cheap Electromagnetic Attacks on Windowed Exponentiation

This web page contains an overview of, and Q&A about, our recent results published in a technical paper (PDF, 2.1MB), archived as IACR ePrint 2015/170. It will be presented at the Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2015 in September 2015.

This research was conducted at the Laboratory for Experimental Information Security (LEISec).

Overview

We demonstrate the extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Common laptops, and popular implementations of RSA and ElGamal encryptions, are vulnerable to this attack, including those that implement the decryption using modern exponentiation algorithms such as sliding-window, or even its side-channel resistant variant, fixed-window (m-ary) exponentiation.

We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis.

The attack can be mounted using various experimental setups:

Software Defined Radio (SDR) attack. We constructed a simple shielded loop antenna (15 cm in diameter) using a coaxial cable. We then recorded the signal produced by the probe using an SDR receiver. The electromagnetic field, thus measured, is affected by ongoing computation, and our attacks exploit this to extract RSA and ElGamal keys, within a few seconds….

Read Full Article:

Recent Posts

N1MM Free Logger – Version 1.0.6059 [ UPDATE ]

February 09, 2017 No comments

N1MM Version 1.0.6059 (February 8, 2017) Contest Logging Software Free Software for Phone, CW, and Digital Mode Fixed bug with AppInfo UDP packets bei... Read more

ISS HamTV now transmitting on 2395 MHz

May 04, 2015 No comments

Friday, May 1, 2015 the Ham Video transmitter on board the Columbus module of the International Space Station was powered on and started transmitting... Read more

How to Read Crossed-Needle SWR/Watt Meters

November 02, 2020 No comments

How to Read Crossed-Needle SWR/Watt Meters Read more

Maritime Mobile Service Net Relays Distress Call; Crew and Vessel Safe

May 17, 2017 No comments

The Maritime Mobile Service Network (MMSN) recently served as a critical communication link after the sport fishing vessel Free Spirit put out a “mayd... Read more

QSO Today PodCast – Lance Collister W7GJ

September 22, 2015 No comments

Lance Collister, W7GJ, has had a fascination with VHF, six and two meters, for over fifty years, when he had a Heathkit Twoer and a three ele... Read more

DRM Monitoring Receiver RF-SE

April 09, 2020 No comments

RF-SE is a professional DRM30/AM/SSB monitoring and measurement receiver, which is available in different models depending on the desired application.... Read more

Warning: file_get_contents(https://plusone.google.com/_/+1/fastbutton?url=https%3A%2F%2Fqrznow.com%2Fstealing-keys-from-pcs-using-a-radio%2F): failed to open stream: HTTP request failed! HTTP/1.0 404 Not Found in /home/qrznow/public_html/wp-content/themes/goodnews5/framework/functions/posts_share.php on line 151