Stealing crypto-keys from PCs using leaked radio emissions

A group of researchers demonstrated that encryption keys can accidentally leak from a PC via radio waves by using a cheap consumer-grade kit.

In the past we have already spoken about the possibility to steal sensitive data from a computer by analyzing radio waves and electromagnetic emissions.

The researchers Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer from Tel Aviv University started from the work done by Genkin that with his colleagues demonstrated how to break 4096-bit RSA analyzing CPU sound emitted during a decryption routine.

The group demonstrated that encryption keys can accidentally leak from a PC via radio waves, the team demonstrated that this is possible by using a cheap consumer-grade kit.

At the time of the research, the experts demonstrated how to extract private decryption keys from GnuPG on laptops within seconds by analyzing the electromagnetic emanations during the decryption of a chosen cipher text.

The researchers this time measured emissions within 1.6 and 1.75 MHz by using the Funcube Dongle Pro+ connected to a the Android embedded computer Rikomagic MK802 IV.

The group of researchers published the paper titled “Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation,” to describe their experiment that could be conducted by using a standard AM radio with the output audio recorded by an Android mobile device.

“We demonstrate the extraction of secret decryption keys from laptop computers, by non-intrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Common laptops, and popular implementations of RSA and ElGamal encryptions, are vulnerable to this attack, including those that implement the decryption using modern exponentiation algorithms such as sliding-window, or even its side-channel resistant variant, fixed-window (m-ary) exponentiation.” states the paper.

The experts confirmed to have successfully extracted keys from laptops of several models running GnuPG within a few seconds:

“We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis.”

The possibility to steal secret crypto-keys from PCs using leaked radio emissions is possible for years:

“Any device close to a computer can pick up RF signals – put your phone close to the car radio and listen to it chatting,” Armstrong explained. “The key thing of this attack will the required proximity. If they can do it at 10 metres in a different room, I would be impressed; if the device needs to be within 20cm, I am not.” explained Steve Armstrong, managing director of Logically Secure Ltd, to The Register.

Despite the technique is consolidated, the attack demonstrated by the researchers may be difficult to realize because computers are usually elaborate multiple tasks at the same time making impossible to analyze the emissions related to a specific activity such as the execution of the decryption routine.

The Israeli researchers will present their study at the Workshop on Cryptographic Hardware and Embedded Systems (CHES) conference in France in September 2015.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Radio, encryption keys)