In this paper we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.Category / Keywords: implementation / side channel cryptanalysis Date: received 18 Dec 2013 Contact author: tromer at cs tau ac il Available format(s): PDF | BibTeX Citation Note: Related website with Q&A: http://www.cs.tau.ac.il/~tromer/acoustic Version: 20131229:112906 (All versions of this report) Discussion forum: Show discussion | Start new discussion