Cheap Electromagnetic Attacks on Windowed Exponentiation
This web page contains an overview of, and Q&A about, our recent results published in a technical paper (PDF, 2.1MB), archived as IACR ePrint 2015/170. It will be presented at the Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2015 in September 2015.
This research was conducted at the Laboratory for Experimental Information Security (LEISec).
Overview
We demonstrate the extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Common laptops, and popular implementations of RSA and ElGamal encryptions, are vulnerable to this attack, including those that implement the decryption using modern exponentiation algorithms such as sliding-window, or even its side-channel resistant variant, fixed-window (m-ary) exponentiation.
We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis.
The attack can be mounted using various experimental setups:
- Software Defined Radio (SDR) attack. We constructed a simple shielded loop antenna (15 cm in diameter) using a coaxial cable. We then recorded the signal produced by the probe using an SDR receiver. The electromagnetic field, thus measured, is affected by ongoing computation, and our attacks exploit this to extract RSA and ElGamal keys, within a few seconds….
Read Full Article:
Recent Posts
ARRL White Paper Provides Context for Recommended Governance Changes
ARRL has released a “white paper” that provides some context to explain proposed alterations to the Articles Of Association and By Laws that the Execu... Read more
New UK CubeSat Regulations Proposed
The UK Space Agency has conducted a review to evaluate how its regulatory approach might be tailored for CubeSat systems, they require responses to th... Read more
Large Plasma Tubes Confirmed to Exist Above The Earth’s Atmosphere
For over six decades, scientists have speculated about the existence of plasma structures that reside in the magnetosphere’s inner layers. Researchers... Read more
Katrina 10th Anniversary Special Memorial Event
August 26 through September 2nd A memorial for the 235+ that did not survive Katrina’s fury on the Mississippi Gulf Coast and points north August 29,... Read more
Everybody’s Trying the New FT8!
“FT8 is the newest weak-signal mode from Joe Taylor, K1JT, and friends. It operates very much like JT65 but is four times faster and more automa... Read more
FCC Fines Amateur Radio Licensee $25,000
FCC Fines Amateur Radio In an FCC Enforcement Bureau case going back to early 2015, a Paterson, New Jersey, Amateur Radio licensee has been pen... Read more
Warning: file_get_contents(https://plusone.google.com/_/+1/fastbutton?url=https%3A%2F%2Fqrznow.com%2Fstealing-keys-from-pcs-using-a-radio%2F): failed to open stream: HTTP request failed! HTTP/1.0 404 Not Found in /home/qrznow/public_html/wp-content/themes/goodnews5/framework/functions/posts_share.php on line 151
