Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Key To Extracting Your Encryption Key


  • Please log in to reply
3 replies to this topic

#1 buddy215

buddy215

  • Moderator
  • 13,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:48 AM

Posted 20 December 2013 - 05:58 AM

Hey, is that a parabolic antenna in your pocket or are you just happy to see my laptop?

 

This is some scary stuff....for all of us. It is now possible to extract your encryption keys using a cellphone, antenna and some

other ways like simply touching your machine or attaching a cable. The sounds eminating from your computer gives away

your encrytion while your computer is decrypting data.

 

See how it's done: RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysisdt@infootnoteThe authors thank Lev Pachmanov for programming and experiment support during the course of this research.dt@infootnote - acoustic-20131218.pdf

Abstract
Many computers emit a high-pitched noise during operation, due to vibration in some of their
electronic components. These acoustic emanations are more than a nuisance: they can convey
information about the software running on the computer, and in particular leak sensitive information
about security-related computations. In a preliminary presentation (Eurocrypt’04 rump session), we
have shown that different RSA keys induce different sound patterns, but it was not clear how to
extract individual key bits. The main problem was that the acoustic side channel has a very low
bandwidth (under 20kHz using common microphones, and a few hundred kHz using ultrasound
microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.
In this paper we describe a new
acoustic cryptanalysis
key extraction attack, applicable to
GnuPG’s current implementation of RSA. The attack can extract full 4096-bit RSA decryption
keys from laptop computers (of various models), within an hour, using the sound generated by the
computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that
such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a
more sensitive microphone placed 4 meters away.
Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by
measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely
touch the target computer with his bare hand, or get the required leakage information from the
ground wires at the remote end of VGA, USB or Ethernet cables.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

............the paper’s authors demonstrated an “attack” running in a lecture hall, and suggested other plausible scenarios:

  • Install an attack app on your phone. Set up a meeting with your victim, and during the meeting, place your phone on the desk next to the the victim’s laptop.
  • Break into your victim’s phone, install your attack app, and wait until the victim inadvertently places his phone next to the target laptop.
  • Construct a webpage, and use the microphone of the computer running the browser using Flash or another method. When the user permits the microphone access, use it to steal the user’s secret key.
  • Put your stash of eavesdropping bugs and laser microphones to a new use.
  • Send your server to a colocation facility, with a good microphone inside the box. Then acoustically extract keys from all nearby servers.
  • Get near a protected machine, place a microphone next to its ventilation holes, and extract the secrets

The techniques the authors describe can be countered by sound dampening, but the white noise of a PC’s fan can be pretty easily filtered out. The researchers said that they supplied their attack vector to GnuPG developers before publication, let them develop revised code, and yet it was still vulnerable. The answer may lie in using software to try and obfuscate the audible sound emanations, they said...................

 

Wonder if this could be used somehow to end the ransomware malware attacks.....

 


Edited by buddy215, 20 December 2013 - 07:30 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:48 PM

Posted 20 December 2013 - 07:29 AM

WOW. This is both good and bad.

 

Good: This can be use to resolve the cryptolocker in some way.

Bad: This may break whole RSA encryption method.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 mr.meyer

mr.meyer

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palm Bay, FL
  • Local time:02:48 AM

Posted 20 December 2013 - 04:12 PM

Do you now, or have you ever, worked for the NSA?      LOL



#4 hellcry

hellcry

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 30 December 2013 - 09:11 AM

And if not, do you want to? :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users