[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

acoustic side channel attacks against TEMPEST shielded equipment

On Sat, Dec 7, 2013 at 3:24 AM, John Young <[email protected]> wrote:
> Contact mics for acquiring vibration and resonance emanations
> are among the still classified TEMPEST offensive and defensive
> activities,

interesting work on using poor quality sound (like from a phone) for
chosen cipher text attacks with key recovery for GPG.

also note that they use frequencies >10kHz.  as discussed in the high
frequency audio covert channel, this range is fairly contention free
and easily accessible to microphones in consumer electronics of
various types.

Here, we describe a new acoustic cryptanalysis key extraction attack,
applicable to GnuPG's current implementation of RSA. The attack can
extract full 4096-bit RSA decryption keys from laptop computers (of
various models), within an hour, using the sound generated by the
computer during the decryption of some chosen ciphertexts. We
experimentally demonstrate that such attacks can be carried out, using
either a plain mobile phone placed next to the computer, or a more
sensitive microphone placed 4 meters away.

Beyond acoustics, we demonstrate that a similar low-bandwidth attack
can be performed by measuring the electric potential of a computer
chassis. A suitably-equipped attacker need merely touch the target
computer with his bare hand, or get the required leakage information
from the ground wires at the remote end of VGA, USB or Ethernet