Tempest sidechannel attacks now cheaper

Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation

We demonstrate the extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. [...]

We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis.

Previously, previously.

Tags: , , ,

5 Responses:

  1. Rick C says:

    The counter: playing music. "Why did you guys have to have GnuPGP play 'Daisy, Daisy' when decrypting ciphertext? Isn't that a little creepy?"

  2. Chas. Owens says:

    This seems bogus given the following piece from the summary:

    Using GnuPG as our study case, we can, on some machines: [perform the attack]

    A quick scan of the actual paper reveals: "our examples use Lenovo 3000 N200 laptops, which exhibit a particularly clear signal." It appears as if this is not a general attack, but rather a flaw in specific pieces of hardware that should be addressed (possibly with some software mitigation).

    • Nate says:

      It's feasible for many types of computer. It just sounds like they chose the strongest signal to establish a lower bound on how many samples are needed.

  3. JL says:

    I was disappointed after realizing this article did not announce the resurrection of your Tempest arcade game.

  4. alex4pt says:

    PITMITM: a PITA in the man in the middle attack.

  • Previously