SoylentNews

An Anonymous Coward writes:

The ability to intercept unintended transmissions from an electronic device has been well known for many years. Signals Intelligence and the military take many precautions to prevent or reduce such emanations and this is known by the codename TEMPEST. However, a team from Tel Aviv University have demonstrated a rather worrying ability in a small number of cases to actually identify the GPG keys in use by a computer in a matter of seconds. There are limitations to this capability, in particular the receiver must be very close to the target device, and it is very dependent on the design and shielding of the target, but as the equipment used is relatively small then it can easily be hidden inside an innocent-looking device which doesn't look out of place in the target environment. The receiver is a consumer grade Software Designed Radio (SDR) controlled by a micro-controller. The receiver is small enough that it can be hidden inside a pita bread which resulted in the equipment being given the name PITA - Portable Instrument for Trace Acquisition.

Many in the business have long known that unauthorised access to a computer means that it must be considered compromised, but advancements in technology have raised the risk to the next level for computers that were previously unlikely to be targeted for emission intelligence. For instance, in the workplace having someone place their modified laptop near to your own could result in compromise of your data or encryption keys.

http://www.cs.tau.ac.il/~tromer/radioexp/ Overview:

We demonstrate the extraction of secret decryption keys from laptop computers, by non-intrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Common laptops, and popular implementations of RSA and ElGamal encryptions, are vulnerable to this attack, including those that implement the decryption using modern exponentiation algorithms such as sliding-window, or even its side-channel resistant variant, fixed-window (m-ary) exponentiation.

We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted cipher texts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis."

http://eprint.iacr.org/2015/170 Cryptology ePrint Archive: Report 2015/170

"Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation"

Abstract:

We present new side-channel attacks on RSA and ElGamal implementations that use the popular sliding-window or fixed-window (m-ary) modular exponentiation algorithms. The attacks can extract decryption keys using a very low measurement bandwidth (a frequency band of less than 100 kHz around a carrier under 2 MHz) even when attacking multi-GHz CPUs.

We demonstrate the attacks' feasibility by extracting keys from GnuPG, in a few seconds, using a nonintrusive measurement of electromagnetic emanations from laptop computers. The measurement equipment is cheap and compact, uses readily-available components (a Software Defined Radio USB dongle or a consumer-grade radio receiver), and can operate untethered while concealed, e.g., inside pita bread.

The attacks use a few non-adaptive chosen ciphertexts, crafted so that whenever the decryption routine encounters particular bit patterns in the secret key, intermediate values occur with a special structure that causes observable fluctuations in the electromagnetic field. Through suitable signal processing and cryptanalysis, the bit patterns and eventually the whole secret key are recovered.