Decryption keys can be obtained without the need to control computers using edge channel attacks

Source: Internet
Author: User
Tags gnupg

Decryption keys can be obtained without the need to control computers using edge channel attacks

Not long ago, precision equipment was required for strictly isolated computers to obtain information. In my own column "strictly isolated computers are no longer secure, researchers at the Georgia Institute of Technology explained how easy it is to obtain the key-hitting content from a computer by simply using stray electromagnetic edge channel signals from the attacked computer.

Several researchers at Tel Aviv University: Daniel Genkin, levpachmanov, Itamar Pipman, and Eran Tromer agreed that the process was simple. However, scientists have put forward higher requirements and want to figure out how to use edge channel attack technology to obtain complex encrypted data.

Figure A: Several researchers at the University of Tel Aviv created this independent PITA receiver.

Specific Process

In the article "using a radio to steal keys from a PC: launching low-cost electromagnetic attacks against window power operations, the researchers explained how they obtained information about the secret value through the computation performed on the computer to crack the decryption key of the mathematical security encryption solution.

The team wrote: "We have implemented new edge channel attacks on RSA and ElGamal algorithm schemes that use popular sliding windows or fixed windows (m-ary) modulo algorithm. Even when attacking a GHz-level processor, the attack can use a low-measurement bandwidth (less than 100 kHz of the frequency band near the 2 MHz carrier) to obtain the decryption key ."

If that doesn't mean much, it may be helpful: The researchers can measure the side channel signal sent from a computer and get the key from GnuPG in just a few seconds. The researchers added: "The measurement cost is very low and small, and you can use components that are readily available ." Running this principle, the University's research team designed the following attacks.

Software Defined Radio (SDR) Attacks:This includes shielded annular antennas that capture edge channel signals and then install the SDR program on the laptop to record signals.

Portable tracking and acquisition instrument (PITA) Attacks:Researchers use available electronic products and foods (who says academics do not have a sense of humor ?), The independent receiver shown in Figure A is created. PITA receivers have two modes: online mode and autonomous mode.

• Online mode: PITA connects to nearby observation stations through wireless networks, providing real-time stream transmission of digital signals.

• Autonomous mode: similar to the online mode, PITA first measures the digital signal and then records it on the internal microSD card for later retrieval through physical access or wireless networks.

Consumer radio Attacks:In order to design a cheaper attack method, the Team made full use of this known point: the carrier frequency modulation of edge channel signals near 1.7 MHz, this is within the range of the AM radio band. The author explained: "We used a common consumer-level radio receiver to collect the desired signal, replacing the magnetic probe and the SDR receiver. Then we connect the receiver to the microphone input of the htc evo 4G smartphone to record the signal ."

Password Analysis Method

At this time, the magic scene appeared. I have to admit that it would be helpful to explain the practices of researchers; I think it is best to use their password analysis description:

"Our attacks take advantage of this fact that the values in the ciphertext power table can be partially predicted in a sliding window or fixed window power-obtaining routine. By making an appropriate plaintext, attackers can make the values in a specific table item have a specific structure ."

"This structure, combined with the subtle differences in the control process in the basic multiplication routine of GnuPG, will cause significant changes to the leakage signal if this structured value is multiplied. This allows attackers to understand all the locations in the secret index. In these locations, specific table items are selected by the bit mode in the sliding window. If you repeat all table indexes, the key is disclosed ."

Figure B is a spectral chart that shows that the power is related to time and frequency. By recording GnuPG, the same ciphertext of the RSA key generated randomly is cracked. The research team explained the following:

"It is easy to see that each decryption start position and end position (yellow arrow ). Pay attention to the changes in the middle of each decryption operation, covering several frequency bands. This is because, internally, each GnuPG RSA decryption takes the power modulo secret prime number p first, and then the power modulo secret prime number q, we can see the difference between these stages ."

"Each pair looks different, because each decryption uses a different key. In this example, we can identify different secret keys as long as we observe the electromagnetic signal generated during decryption and use the mechanism in this figure ."

Figure B: spectral Diagram

Is there any way to prevent leakage?

Despite the inaccessibility, one solution is to operate the computer in Faraday cage, which can prevent any stray signal escape. The article mentioned: "The password software can be changed, and the algorithm can be used to make the sent signals less useful to attackers. These methods ensure that the algorithm behavior is irrelevant to the input it receives ."

It is noteworthy that this research article deals with a problem of edge channel attacks: "This is a hardware problem. Why not fix the device ?"

Generally speaking, the researchers mentioned that the signal strength is very weak, so it is impossible to prevent the signal from being impractical because:

• Any residual leakage signals can often be amplified by appropriate operations, as we did in the selection of plaintext attacks;

• In addition, signal leakage is often a necessary mechanism to improve performance, which is unavoidable.

It is also worth noting that the National Institute of Standards and Technology (NIST) believes that the ability to defend against edge channel attacks is an important factor to consider its SHA-3 algorithm.

English: Computer-stored encryption keys are not safe from side-channel attacks

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.