Paper 2013/857

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

Daniel Genkin, Adi Shamir, and Eran Tromer

Abstract

Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations. In a preliminary presentation (Eurocrypt'04 rump session), we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was that the acoustic side channel has a very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers. In this paper we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away. Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.

Note: Related website with Q&A: http://www.cs.tau.ac.il/~tromer/acoustic

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
side channel cryptanalysis
Contact author(s)
tromer @ cs tau ac il
History
2013-12-29: received
Short URL
https://ia.cr/2013/857
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/857,
      author = {Daniel Genkin and Adi Shamir and Eran Tromer},
      title = {RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis},
      howpublished = {Cryptology ePrint Archive, Paper 2013/857},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/857}},
      url = {https://eprint.iacr.org/2013/857}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.