[Cryptography] RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
Phillip Hallam-Baker
hallam at gmail.com
Wed Dec 18 19:50:11 EST 2013
On Wed, Dec 18, 2013 at 7:19 PM, Alexandre Anzala-Yamajako <
anzalaya at gmail.com> wrote:
> As a student I was fortunate enough to attend one of Adi Shamir's lectures
> at the university of Waterloo where he talked specifically about this
> problem. It stuck with me and I'm glad to see that an actual key recovery
> attack came out of it.
> Have you trief this out against openssl ? How succesful do you think it
> would be ?
>
I would expect it to work against any crypto code that has not been
designed to avoid power or RF analysis.
Although the vector is acoustic here the acoustic signal is effectively
parasitic to the electrical signals going through the wires. So any code
that does not have code level protection against power analysis etc is
going to be vulnerable to this attack (and vice versa).
Randomizing the process so that there is no correlation between each run
seems to be the best available defense right now. But check the Kocher
patents, RAMBUS paid a fair bit for them so they are probably keen on
getting a return on their investment.
Some high end crypto devices have had acoustic shielding for quite a while.
It is not unusual to find that they are potted in some sort of expoxy gunk
inside. Nico Van Sommeren at n-Cipher was excited about acoustic as a side
channel at one point. I remember acoustic being raised as a possible vector
when Kocher published his power analysis paper in 1998 (possibly even by
Adi Shamir who was at MIT frequently while I was there).
What has changed here is that someone has found a way to exploit this
channel. We definitely need to check with the vendors to see if their
current products are vulnerable. But they should not have needed someone to
demonstrate the exploit before taking action.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131218/6be572a8/attachment.html>
More information about the cryptography
mailing list