No hacking required, as these Israeli researchers demonstrate how to steal data through PC components
A series of side-channel-attacks that can steal encryption keys by watching acoustic, electric, and electromagnetic signals generated by a PC have been developed by a team of computer science researchers from the Israel Institute of Technology (also known as the Technion).
According to a research paper contributed to the Association for Computing Machinery, a professional association, researchers claimed to have used economical and easily available equipment in order to carry out the attacks on numerous public-key encryption schemes and digital-signature schemes. However, the attacks are possible even though they are improbable and tough to pull off, said industry experts.
In one of the attacks, the researchers were able to steal encryption keys by keeping a watch over the acoustics of the “coil whine” or vibrations caused by electronic components inside a PC fluctuating as voltages and currents pass through. According to the paper, during cryptographic operations, the coil whines leak keys because the noise is interlinked with the continuing computation about what applications are running and what data is being processed.
“By recording such noise while a target is using the RSA algorithm to decrypt ciphertexts (sent to it by the attacker), the RSA secret key can be extracted within one hour for a high-grade 4,096-bit RSA key,” researchers said in the paper.
By using a parabolic microphone, the attack can be carried out from as far as 10 meters away or from 30cm away through a plain mobile phone placed next to the computer.
The researchers were able to steal RSA and ElGamal keys in another attack, after determining how the electric potential energy of a laptop’s chassis varies. This can be done directly through a plain wire connected to a conductive part of the laptop, or indirectly through any cable with a conductive shield attached to a port on the laptop, said the researchers in the post.
Using an appropriate electromagnetic probe antenna or even a plain consumer-grade AM radio receiver, an attacker could also steal RSA and ElGamal keys by watching the electromagnetic field emitted by the computer, researchers said.
In order to protect against these attacks, hardware countermeasures can be taken, such as, Faraday cages against electromagnetic attacks, the use of sound-absorbing enclosures to protect against the acoustic attacks, and insulating enclosures against chassis and touch attacks. However, these countermeasures are expensive and cumbersome, the researchers confessed.
Software countermeasures include the use of algorithms and other software implementations that are designed so that leakage through the given channel will not deliver useful information, researchers said.
On the other hand, Mark Nunnikhoven, Trend Micro Vice President of Cloud Research told SCMagazine.com via emailed comments that average person doesn’t have to be concerned about these types of attacks and most users can safely disregard the risks they bring.
“The manner in which hardware processes data has always exposed some vulnerabilities,” he said. “There are things that manufacturers can do to reduce these possibilities, and they should protect their products when the solutions (increased insulation, shielding, etc.) are reasonable…that’s just good, secure design.”
The attacks are nonetheless real and can be carried out, said Nunnikhoven. However, it needs specific equipment and knowledge, and needs the attacker and their tools to be physically near the system in question for an prolonged period of time.
“Unlike average cybercrime campaigns and hackings, these attacks simply don’t scale and aren’t worth the attacker’s investment,” he said.
The attacks may be worthy investment for an attacker who is looking to aim at governments and sensitive industries and that these entities should invest in counter measures such as physically securing systems in their data centers, cable isolation, said Nunnikhoven.