Paper 2015/170
Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation
Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer
Abstract
We present new side-channel attacks on RSA and ElGamal implementations that use the popular sliding-window or fixed-window (m-ary) modular exponentiation algorithms. The attacks can extract decryption keys using a very low measurement bandwidth (a frequency band of less than 100 kHz around a carrier under 2 MHz) even when attacking multi-GHz CPUs. We demonstrate the attacks' feasibility by extracting keys from GnuPG, in a few seconds, using a nonintrusive measurement of electromagnetic emanations from laptop computers. The measurement equipment is cheap and compact, uses readily-available components (a Software Defined Radio USB dongle or a consumer-grade radio receiver), and can operate untethered while concealed, e.g., inside pita bread. The attacks use a few non-adaptive chosen ciphertexts, crafted so that whenever the decryption routine encounters particular bit patterns in the secret key, intermediate values occur with a special structure that causes observable fluctuations in the electromagnetic field. Through suitable signal processing and cryptanalysis, the bit patterns and eventually the whole secret key are recovered.
Note: Revised March 3, 2015: minor editorial changes.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Keywords
- side channelelectromagnetic analysisRSAElGamal
- Contact author(s)
- tromer @ cs tau ac il
- History
- 2015-03-03: last of 2 revisions
- 2015-02-27: received
- See all versions
- Short URL
- https://ia.cr/2015/170
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/170, author = {Daniel Genkin and Lev Pachmanov and Itamar Pipman and Eran Tromer}, title = {Stealing Keys from {PCs} using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation}, howpublished = {Cryptology {ePrint} Archive, Paper 2015/170}, year = {2015}, url = {https://eprint.iacr.org/2015/170} }