The ability to intercept unintended transmissions from an electronic device has been well known for many years. Signals Intelligence and the military take many precautions to prevent or reduce such emanations and this is known by the codename TEMPEST. However, a team from Tel Aviv University have demonstrated a rather worrying ability in a small number of cases to actually identify the GPG keys in use by a computer in a matter of seconds. There are limitations to this capability, in particular the receiver must be very close to the target device, and it is very dependent on the design and shielding of the target, but as the equipment used is relatively small then it can easily be hidden inside an innocent-looking device which doesn't look out of place in the target environment. The receiver is a consumer grade Software Designed Radio (SDR) controlled by a micro-controller. The receiver is small enough that it can be hidden inside a pita bread which resulted in the equipment being given the name PITA - Portable Instrument for Trace Acquisition.
Many in the business have long known that unauthorised access to a computer means that it must be considered compromised, but advancements in technology have raised the risk to the next level for computers that were previously unlikely to be targeted for emission intelligence. For instance, in the workplace having someone place their modified laptop near to your own could result in compromise of your data or encryption keys.
http://www.cs.tau.ac.il/~tromer/radioexp/ Overview:
We demonstrate the extraction of secret decryption keys from laptop computers, by non-intrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Common laptops, and popular implementations of RSA and ElGamal encryptions, are vulnerable to this attack, including those that implement the decryption using modern exponentiation algorithms such as sliding-window, or even its side-channel resistant variant, fixed-window (m-ary) exponentiation.
We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted cipher texts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis."
http://eprint.iacr.org/2015/170 Cryptology ePrint Archive: Report 2015/170
"Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation"
Abstract:
We present new side-channel attacks on RSA and ElGamal implementations that use the popular sliding-window or fixed-window (m-ary) modular exponentiation algorithms. The attacks can extract decryption keys using a very low measurement bandwidth (a frequency band of less than 100 kHz around a carrier under 2 MHz) even when attacking multi-GHz CPUs.
We demonstrate the attacks' feasibility by extracting keys from GnuPG, in a few seconds, using a nonintrusive measurement of electromagnetic emanations from laptop computers. The measurement equipment is cheap and compact, uses readily-available components (a Software Defined Radio USB dongle or a consumer-grade radio receiver), and can operate untethered while concealed, e.g., inside pita bread.
The attacks use a few non-adaptive chosen ciphertexts, crafted so that whenever the decryption routine encounters particular bit patterns in the secret key, intermediate values occur with a special structure that causes observable fluctuations in the electromagnetic field. Through suitable signal processing and cryptanalysis, the bit patterns and eventually the whole secret key are recovered.
(Score: 4, Insightful) by GeorgeScuttles on Friday March 06 2015, @03:55PM
From TFA:
"The attack sends a few carefully-crafted ciphertexts,"
It seems to me that the article left out the fact that this is really a two-party attack. It requires the host machine to be already processing something from the nefarious host, in addition to local hardware that is also listening. At that point, I would say, the EFI vulnerability is probably redundant. Case in point, if an un-trusted source hands you some ciphers that are essentially large eigen-spaces of primes *and* you're dumb enough to encrypt it even though the message is gibberish, then the biggest problem is between the seat and the keyboard.
(Score: 3, Interesting) by WillR on Friday March 06 2015, @06:32PM
carefully-crafted ciphertexts
You don't know the message decrypts to gibberish until you actually decrypt it, and then your secret key has already leaked.
Now, decrypting a message that's not signed by a key you already trust may still be a PEBKAC error, but it's one I bet a lot of people would make. "Oooh, an encrypted message! This must be important, let's see what it is!"
(Score: 5, Informative) by MichaelDavidCrawford on Friday March 06 2015, @04:16PM
My father was a civil service EE at Mare Island Naval Shipyard in Vallejo, California. He wrote test plans by hand, which someone else typed up.
I once asked him why he didn't just use a computer. He replied "Whenever we get a new computer, we have to wait six months for someone to fly out from Washington, who takes a whole month to bless it".
He didn't come right out and say but I imagine he was referring to a tempest technician from the NSA.
Fast forward to the recent practice of using windows PCs on supposedly secure networks. Bradley Manning downloaded Easy CD Creator from the Roxio website, then downloaded all those diplomatic cables from servers at the state department.
Yes I Have No Bananas. [gofundme.com]
(Score: 4, Insightful) by Geezer on Friday March 06 2015, @06:23PM
Your dad must have been up on Spook Hill with the twidgets at Mare Island (Combat Systems Technical Schools Command maybe?). I was in Code 2340 Nuclear Test Engineering fixing submarines, and our equipment blessings came from the Lord our God Almighty Himself, Hyman Rickover, NavSea Code 08.
(Score: 3, Informative) by MichaelDavidCrawford on Saturday March 07 2015, @11:20AM
-cal system test plans. I don't clearly remember when he retired, 1992 or so.
when he was on active duty at mare island in 67 and 68, he was an instructor at the missile school. I've been puzzling over this; MINSY was a submarine shipyard but Dad, as far as I know, only worked with ship-based antiaircraft missiles.
He said to me once, very quietly, "Aboard submarines, there are some black boxes. And there are some quiet men who tend to those black boxes."
He only mentioned that, just once.
Yes I Have No Bananas. [gofundme.com]
(Score: 4, Interesting) by mechanicjay on Friday March 06 2015, @04:52PM
I've sort of been following this since these guys did the sound emanation bit a while back. I've read some of the research. I guess I'm just not smart enough, because it *still* sounds like BS to me.
My VMS box beat up your Windows box.
(Score: 2) by mechanicjay on Friday March 06 2015, @04:55PM
Rather, the conditions under which these guys are extracting keys is so controlled and contrived, that the real world threat seems almost non-existent. Again though, I'm completely open to being too dumb to understand here
My VMS box beat up your Windows box.
(Score: 5, Insightful) by melikamp on Friday March 06 2015, @06:38PM
No, I think you are right on the money. GnuPG is the software leaking info, but GnuPG is not a daemon. A sensible configuration for a laptop (in most use cases) is no remote access of any kind, so there is no practical way to force GnuPG to run, let alone perform a specific action. A far-fetched scenario would involve something like sending a series of encrypted emails, but then it would have to be assumed that the target laptop checks & decrypts all email periodically and automatically, which is simply not the case in all but very special circumstances.
This is still a very interesting result, imho, showing that without proper electro-magnetic shielding, computers leak the internal state at a scary rate.
(Score: 0) by Anonymous Coward on Friday March 06 2015, @07:27PM
When it was posted here [soylentnews.org].
I'm going to assume that the AC who originally posted it at the link above was unfamiliar with submissions here on SN. Apparently they figured it out. Hopefully that AC wasn't the author of the paper. If it was, perhaps some the paper's conclusions may have similar problems as his posting choices.
Just sayin'.
(Score: 3, Touché) by SlimmPickens on Friday March 06 2015, @07:27PM
IT's 6 am and the coffee machine hasn't heated up yet, but I'd hazard a guess there's a little mistake with the software designed radio
(Score: 2) by kaszz on Friday March 06 2015, @09:07PM
Time to wrap your house in wire mesh to keep the "insects" outside and transmit wideband garbage.
(Score: 1) by TK-421 on Saturday March 07 2015, @01:35AM
I was thinking something more like this. http://www.lessemf.com/paint.html/ [lessemf.com]
(Score: 2) by kaszz on Saturday March 07 2015, @08:46AM
I think this link works better ;)
http://www.lessemf.com/paint.html [lessemf.com]
Lazy specification for those that want real units:
* Safe for air or ground shipping any time of year.
* Cover with latex paint, wallpaper, etc. to achieve desired aesthetics.
* Color: black
* Attenuation: typically 30 dB per layer
* Resistivity: ~10 Ohm per "sq"
* Minimum application temperature: +1 °C
* Weight: 1.5 kg / liter
* Typical coverage: ~ 5-10 m² per liter
* Shelf Life: 15 months, unopended
* RoHS compliant
* VOC content 0,2 gram / liter
* 65 US$ / liter
Address: Less EMF Inc, 809 Madison Ave, Albany NY 12008 USA, +1 518 432 1550
Address: YSHIELD EMR-Protection, Gewerbering 6, 94060 Pocking GERMANY, +49-8531-31713-8, contact@yshield.com
The paint seems to be quite toxic however, even for brief skin contact.