Monday, 15 February 2016

Crypto Key Recovery: Through Walls In Seconds

A group of researchers from the Department of Computer Science at Tel Aviv University have had increasing success in revisiting an old technique but with a new twist.  They have been using electromagnetic radiation from laptops to recover encryption keys.  The hardware required (software defined radio: SDR) is very cheap - you can buy a SDR dongle for less than £30.  The knowledge of how to exploit it has been published in a series of papers, the latest of which has just been issued and is due to be presented at cryptographers track at the RSA conference on 3rd March.

Without wishing to seem facetious, many years ago governments recognised that computers contains electrons that were accelerating around the equipment, and basic physics tells you that any time an electron moves it radiates electromagnetic waves.  When this was first mooted as a possible way to recover information remotely from computers many thought those discussing it were, frankly, bonkers.  Imagine their surprise when it was demonstrated that the contents of an old-style cathode ray tube (CRT) screen could be displayed some distance away.  It was at that point that NATO countries developed a standard called TEMPEST.  And even that wasn't completely new as Bell Labs had noted in World War II that 75% of plaintext could be recovered from teleprinters from over 20 metres away.

The TEMPEST standards are still used today.  It has continued to evolve, no longer simply looking at electromagnetic emanations from equipment but also increasingly considering other forms of side channel attack such as sensors in smartphones being used to infer keystrokes.



It has been some time since any of us have had a bulky CRT screen on our desks but researchers such as those at Tel Aviv have realised that the electronic emissions are a mine of data that can be used to recovery encryption keys.  Originally they applied the technique to recovering keys from RSA and ElGamal encryption.  This they have now extended to include Elliptic Curve encryption.  In other words they have demonstrated that they can reover the keys from the major types of public key encryption in use today simply by picking up the radio waves emanating from your laptop.

The good news is that these experiments were done using a particular implementation of these forms of encryption.  The bad news is that the experiments were done using GnuPG which is a very popular implementation of OpenPGP. I have no reason to believe that similar techniques wouldn't work on some other implementations of these forms of public key encryption.

The first paper on using this technique to steal keys was widely reported.  I suspect it caught the imagination because the researchers showed how a standalone device could be created, small enough to fit inside a pitta bread:



The pitta bread was not a frivolous notion as it was a way of demonstrating that such devices can be placed in plain site near a device.  This initial technique needed to be within 50cm even with the vast expense of a 50dB antenna costing all of $175.

The latest work has an even more impressive demonstration.  It was shown working not just on another form of encryption but also through a wall:


Picture of key capture equipment from paper by Eran Tromer et al

The equipment used to capture the emanations was not the only thing of interest in these experiments.  The algorithms used in recovering the keys were of significant note also. There are examples of literature dating back many years on recovering keys from, for example, RSA cryptosystems.  However, because of the access to data being worked upon by the CPU itself, and using a carefully constructed piece if ciphertext, these researchers were able to recover the key in a little over 3 seconds!

With that kind of recovery rate just think of the possibilities for drive by hacking.

Maybe it's time for commercial operations to take a few lessons out of the military's book, and start to stop their laptops from radiating all that useful data.  Walls might not have ears but there could very well be an antenna on the other side.