0

Crack RSA Encryption by Listening to Sound

Read about this scary side channel attack on RSA encryption, the paper is written partly by Adi Shamir, who is the co-inventor of the RSA algorithm. It describes how RSA encryption can be broken by listening and analyzing the sounds that a CPU can make, using equipment as simple as a cellphone.

resized_mobile-attack[1]

Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer and, in particular, leak sensitive information about security-related computations. In a preliminary presentation, we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was the very low bandwidth of the acoustic side channel (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.

Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG‘s current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.

What is making the noise?

The acoustic signal of interest is generated by vibration of electronic components (capacitors and coils) in the voltage regulation circuit, as it struggles to supply constant voltage to the CPU despite the large fluctuations in power consumption caused by different patterns of CPU operations.


Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, or even use Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for MakeCode, CircuitPython, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.

Join 12,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

CircuitPython 2019!

Have an amazing project to share? The Electronics Show and Tell with Google Hangouts On-Air is every Wednesday at 7:30pm ET! To join, head over to YouTube and check out the show’s live chat – we’ll post the link there.

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Follow Adafruit on Instagram for top secret new products, behinds the scenes and more https://www.instagram.com/adafruit/


Maker Business — SiFive is a startup to pay attention to. RISC-5 is here to stay.

Wearables — Swatch it up

Electronics — Code like everyone’s watching

Biohacking — Stroboscopic Visual Training

Python for Microcontrollers — CircuitPython takes flight! All aboard with datum, Bluefruit CPX, and more! #Python #Adafruit #CircuitPython #PythonHardware @circuitpython @micropython @ThePSF @Adafruit

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !



1 Comment

  1. Makes me wonder what you could do with RF instead of audio…

Sorry, the comment form is closed at this time.