Journal of Cryptology

, Volume 30, Issue 2, pp 392–443 | Cite as

Acoustic Cryptanalysis

Article

Abstract

Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: They can convey information about the software running on the computer and, in particular, leak sensitive information about security-related computations. In a preliminary presentation (Eurocrypt’04 rump session), we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was the very low bandwidth of the acoustic side channel (under 20  kHz using common microphones, and a few hundred kHz using ultrasound microphones), and several orders of magnitude below the GHz-scale clock rates of the attacked computers. In this paper, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG’s implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate such attacks, using a plain mobile phone placed next to the computer, or a more sensitive microphone placed 10 meters away.

Keywords

Side channel attacks Acoustic emanations RSA Cryptanalysis 

References

  1. 1.
    D. Asonov, R. Agrawal, Keyboard acoustic emanations, in IEEE Symposium on Security and Privacy 2004 (IEEE Computer Society, 2004), pp. 3–11Google Scholar
  2. 2.
    D. Agrawal, B. Archambeault, J.R. Rao, P. Rohatgi, The EM side-channel(s), in Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2002 (Springer, 2002), pp. 29–45Google Scholar
  3. 3.
    R.J. Anderson, Security Engineering—A Guide to Building Dependable Distributed Systems (2nd ed.) (Wiley, 2008)Google Scholar
  4. 4.
    D. Brumley, D. Boneh. Remote timing attacks are practical. Comput. Netw. 48(5), 701–716 (2005)Google Scholar
  5. 5.
    E. Barker, W. Barker, W. Burr, W. Polk, M. Smid, NIST SP 800-57: Recommendation for Key Management—Part 1: General (2012)Google Scholar
  6. 6.
    M. Backes, M. Dürmuth, S. Gerling, M. Pinkal, C. Sporleder. Acoustic side-channel attacks on printers, in USENIX Security Symposium 2010 (USENIX Association, 2010), pp. 307–322.Google Scholar
  7. 7.
    N. Borisov, I. Goldberg, D. Wagner, Intercepting mobile communications: the insecurity of 802.11, in International Conference on Mobile computing and Networking MOBICOM 2011 (2001), pp. 180–189Google Scholar
  8. 8.
    A. Bittau, M. Handley, J. Lackey, The final nail in WEP’s coffin, in IEEE Symposium on Security and Privacy 2006 (IEEE Computer Society, 2006), pp. 386–400.Google Scholar
  9. 9.
    H.E. Bass, R.G. Keeton, Ultrasonic absorption in air at elevated temperatures. J. Acoust. Soc. Am. 58(1), 110–112 (1975)Google Scholar
  10. 10.
    Brüel & Kjær, Technical Documentation—Microphone Handbook, vol. 1 (1996)Google Scholar
  11. 11.
    B.B. Brumley, N. Tuveri, Remote timing attacks are still practical, in ESORICS 2011 (Springer, 2011), pp. 355–371.Google Scholar
  12. 12.
    Y. Berger, A. Wool, A. Yeredor, Dictionary attacks using keyboard acoustic emanations, in ACM Conference on Computer and Communications Security (ACM, 2006), pp. 245–254Google Scholar
  13. 13.
    J. Callas, L. Donnerhacke, H. Finney, D. Shaw, R. Thayer, OpenPGP message format. RFC 4880 (November 2007).Google Scholar
  14. 14.
    O. Choudary, M.G. Kuhn, Efficient template attacks, in Smart Card Research and Advanced Applications (CARDIS) 2013 (Springer, 2013), pp. 253–270Google Scholar
  15. 15.
    S.S. Clark, H.A. Mustafa, B. Ransford, J. Sorber, K. Fu, W. Xu, Current events: identifying webpages by tapping the electrical outlet, in ESORICS 2013 (Springer, 2013), pp. 700–717.Google Scholar
  16. 16.
    Committee on National Security Systems, Index of national security systems issuances. https://www.cnss.gov/CNSS/issuances/Issuances.cfm (September 2013)
  17. 17.
    D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)Google Scholar
  18. 18.
    S. Chari, J.R. Rao, P. Rohatgi, Template attacks, in Cryptographic Hardware and Embedded Systems (CHES) 2002 (Springer, 2002), pp. 13–28Google Scholar
  19. 19.
    S.S. Clark, B. Ransford, A. Rahmati, S. Guineau, J. Sorber, W. Xu, K. Fu, WattsUpDoc: power side channels to nonintrusively discover untargeted malware on embedded medical devices, in USENIX Workshop on Health Information Technologies (HealthTech) 2013 (USENIX Association, 2013)Google Scholar
  20. 20.
    L.B. Evans, H.E. Bass, Tables of absorption and velocity of sound in still air at \(68^\circ \) F, in Report WR72-2 (Wyle Laboratories, 1972)Google Scholar
  21. 21.
    T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)Google Scholar
  22. 22.
    The Enigmail Project, Enigmail: A simple interface for OpenPGP email security. https://www.enigmail.net
  23. 23.
    M. Elkins, D. Del Torto, R. Levien, T. Roessler. MIME security with OpenPGP (RFC 3156, 2001). http://www.ietf.org/rfc/rfc3156.txt
  24. 24.
    Genesis 27:5Google Scholar
  25. 25.
    K. Gandolfi, C. Mourtel, F. Olivier. Electromagnetic analysis: concrete results, in Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2001 (Springer, 2001), pp. 251–261Google Scholar
  26. 26.
    GNU multiple precision arithmetic library. http://gmplib.org/
  27. 27.
    GNU Privacy Guard. https://www.gnupg.org
  28. 28.
    D. Genkin, L. Pachmanov, I. Pipman, E. Tromer, Stealing keys from PCs using a radio: cheap electromagnetic attacks on windowed exponentiation, in Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2015. To appear. Extended version: Cryptology ePrint Archive, Report 2015/170 (2015), pp. 207–228.Google Scholar
  29. 29.
    D. Genkin, I. Pipman, E. Tromer, Get your hands off my laptop: physical side-channel key-extraction attacks on PCs, in Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2014. See [30] for an extended version (Springer, 2014), pp. 242–260Google Scholar
  30. 30.
    D. Genkin, I. Pipman, E. Tromer, Get your hands off my laptop: physical side-channel key-extraction attacks on PCs (extended version). J. Cryptogr. Eng. 5(2), 95–112 (2015). Extended version of [29]Google Scholar
  31. 31.
    D. Genkin, A. Shamir, E. Tromer, RSA key extraction via low-bandwidth acoustic cryptanalysis, in CRYPTO 2014, vol. 1 (Springer, 2014), pp. 444–461Google Scholar
  32. 32.
    T. Halevi, N. Saxena, On pairing constrained wireless devices based on secrecy of auxiliary channels: the case of acoustic eavesdropping, in ACM Conference on Computer and Communications Security CCS 2010 (ACM, 2010), pp. 97–108Google Scholar
  33. 33.
    P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in CRYPTO 1999 (Springer, 1999), pp. 388–397Google Scholar
  34. 34.
    P. Kocher, J. Jaffe, B. Jun, P. Rohatgi, Introduction to differential power analysis. J. Cryptogr. Eng. 1(1), 5–27 (2011)Google Scholar
  35. 35.
    A. Karatsuba, Y. Ofman, Multiplication of many-digital numbers by automatic computers. Proc. USSR Acad. Sci. 145, 293–294 (1962)Google Scholar
  36. 36.
    P.C. Kocher, Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems, in CRYPTO 1996 (Springer, 1996), pp. 104–113Google Scholar
  37. 37.
    M. LeMay, J. Tan, Acoustic surveillance of physically unmodified PCs, in Security and Management 2006 (CSREA Press, 2006), pp. 328–334Google Scholar
  38. 38.
    X. Lurton, An Introduction to Underwater Acoustics: Principles and Applications. Geophysical Sciences Series (Springer, 2002)Google Scholar
  39. 39.
    MITRE. Common vulnerabilities and exposures list, entry CVE-2013-4576, 2013. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576
  40. 40.
    P.L. Montgomery, Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)Google Scholar
  41. 41.
    S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks—Revealing the Secrets of Smart Cards (Springer, 2007)Google Scholar
  42. 42.
    National Security Agency, NACSIM 5000: TEMPEST Fundamentals, February 1982. http://cryptome.org/jya/nacsim-5000/nacsim-5000.htm
  43. 43.
    National Institute of Standards and Technology, FIPS 140-3: Draft Security Requirements for Cryptographic Modules (Revised Draft) (2009)Google Scholar
  44. 44.
  45. 45.
    J.-J. Quisquater, D. Samyde. Electromagnetic analysis (EMA): measures and counter-measures for smart cards, in E-smart 2001 (2001), pp. 200–210Google Scholar
  46. 46.
    R.L. Rivest, A. Shamir, Efficient factoring based on partial information, in Eurocrypt 1985 (Springer, 1985), pp. 31–34Google Scholar
  47. 47.
    R.L. Rivest, A. Shamir, L.M. Adleman, A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)Google Scholar
  48. 48.
    A. Shamir, E. Tromer, Acoustic cryptanalysis: on nosy people and noisy machines, 2004. Eurocrypt rump session. http://cs.tau.ac.il/~tromer/acoustic/ec04rump
  49. 49.
    D.X. Song, D. Wagner, X. Tian, Timing analysis of keystrokes and timing attacks on SSH, in USENIX Security Symposium 2001 (USENIX Association, 2001)Google Scholar
  50. 50.
    P. Wright. Spycatcher (Viking Penguin, 1987)Google Scholar
  51. 51.
    Y. Yarom, K. Falkner, FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack, in USENIX Security Symposium 2014 (USENIX Association, 2014), pp. 719–732Google Scholar
  52. 52.
    L. Zhuang, F. Zhou, J.D. Tygar, Keyboard acoustic emanations revisited, in ACM Conference on Computer and Communications Security (ACM, 2005), pp. 373–382Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.TechnionHaifaIsrael
  2. 2.Tel Aviv UniversityTel AvivIsrael
  3. 3.Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations