back to article Stealing secret crypto-keys from PCs using leaked radio emissions

Your encryption keys can accidentally leak from your PC via radio waves, computer scientists have reminded us this week. This is a well-understood risk, but as these guys have demonstrated, it can be done cheaply with consumer-grade kit, rather than expensive lab equipment. Tel Aviv University researchers Daniel Genkin, Lev …

  1. Anonymous Coward
    Anonymous Coward

    ...since the 1980's

    PCs on U.S. military bases had RF shields to counter this attack in the late 1980's, maybe before. My father bought an electric screwdriver just to work on the ZDS machines because their RF shield, inside the case, was attached with more then a dozen screws.

    1. John Smith 19 Gold badge
      Boffin

      Re: ...since the 1980's

      "My father bought an electric screwdriver just to work on the ZDS machines because their RF shield, inside the case, was attached with more then a dozen screws."

      Maintaining a solid RF join between the parts of the casing tends to need a lot of connectors.

      1. Anonymous Coward
        Anonymous Coward

        Re: ...since the 1980's

        Or Duct Tape.

        Had to use lots of it to get a 120Mb disk past FCC testing 30+ years ago. IT was all on the inside othewise it wouldn't have passed.

        Still got the scars from dozens of little spring clips that were used on the service panels.

        Bothered about your crypto key leaking? Play some porn at the same time then the snoopers will have 'boobed'

    2. Anonymous Coward
      Anonymous Coward

      Re: ...since the 1980's

      Shouldn't be that hard to shield against this in a laptop, especially if the whole thing is sealed so you don't need to worry about making the shielding removable for end user maintenance. While anything that adds unnecessary cost (or weight, or cooling issues) wouldn't be added to a mainstream product, you'd think there might be a specialty market for this, like there is for durable laptops like the Toughbook.

      Us ordinary folks don't need to worry about such a personally targeted attack, but high ranking government officials or CEOs might, so there's a market for this. Not a big one, granted. Apple's laptops are already sealed in metal cases, they might not need that much extra shielding and they're already popular with CEOs. Would Apple be willing to make the Macbook Pro weigh a quarter ounce more to secure it from such attacks? If such an attack ever made the news against a public figure, possibly...

    3. Anonymous Coward
      Anonymous Coward

      GHz processor vice MHz receiver with kHz BW

      It's self evident that the receiver is essentially sub-sampling and thus detecting variations in processing time over some slow outer loop. This is inherently obvious from the ratio of the ns clock time of the CPU to the kHz bandwidth of the MHz AM receiver.

      One of the basics of cryptography, known to anyone that pays even the slightest attention to the subject, is that it's now considered best practice to adjust your code so that 0s and 1s are processed in precisely the same number of clock cycles. Optionally, add in some PRN variability, if you're a fan of Sun Tzu.

      I recommend the conference presentations of the Chaos Computer Club. Videos are online.

      1. Michael Wojcik Silver badge

        Re: GHz processor vice MHz receiver with kHz BW

        One of the basics of cryptography, known to anyone that pays even the slightest attention to the subject, is that it's now considered best practice to adjust your code so that 0s and 1s are processed in precisely the same number of clock cycles.

        And everyone does. Look at the implementation in crypto/rsa/*.c in OpenSSL 1.0.1, for example, and note all the calls to constant-time implementations of various bignum operations.

        Constant-time implementations, whitening, and other blinding attacks are only partial mitigations. The article quoted a sentence from the paper noting that the m-ary algorithm for modular exponentiation, used specifically for additional side-channel resistance, doesn't defeat this attack. Similar results have been obtained using e.g. ChipWhisperer to attack embedded crypto devices that employ various side-channel mitigation strategies.

        See e.g. Chris Edwards, "Secure-System Designers Strive to Stem Data Leaks", CACM 58.4 (2015) 18-20. He quotes Chris Woods: "Side-channel attacks can break any countermeasure, given enough time; the countermeasure can only delay the process".

        1. Anonymous Coward
          Anonymous Coward

          Re: GHz processor vice MHz receiver with kHz BW

          With the greatest respect for the experts... do these folk (or their target audience) know what goes on in a modern multi-tasking cache-based multi-core system?

          I can see that in a 1960s/70s/80s system with a few MB of memory and zero or negligible cache there may have been merit in timing-based attacks and maybe power-based attacks.

          From a pragmatic real world (rather than theoretical) point of view, I'm struggling to see their relevance when the algorithm in question (and the code based on it/them) is being executed on a multi-tasking OS on a multi-core processor whose timing performance at any given point of program execution is dependent on factors outwith the control of the code/algorithm in question.

          On an embedded processor running nothing but the algorithm in question, then yes there may be a plausible side channel attack using e.g. timing-related effects. Maybe.

          But on a typical modern real-world system, why can't I blind the timing-based (and/or power-based) attacks simply by ensuring that the code in question is not scheduled predictably, and/or that the code in question competes unpredictably with other code and data for cache access (thereby ensuring that program execution is not predictable, and thus ensuring that side effects of program execution are not predictable)?

          Suggestions, pointers to previous discussion, etc, welcome.

          1. Anonymous Coward
            Anonymous Coward

            Re: GHz processor vice MHz receiver with kHz BW

            When the boys were hacking into Smartcards for satellite TV, they'd have their gadget apply a hard reset and then count clock cycles before glitching the PS.

            Using vaguely similar concepts, hackers can rein in the 'noise' so the 'signal' has an opportunity to emerge.

  2. Steve 114
    WTF?

    If the transistor kit fits 'in pitta bread', should we fear a valve version in any nearby farmhouse loaf?

    1. Dan 55 Silver badge
      Black Helicopters

      It's when they shrink the technology down to Bourbon biscuits that you've really got to worry. No corporate meeting will be safe.

      1. Message From A Self-Destructing Turnip
        Holmes

        Presumably the pita bread attack vector can be thwarted by a strategically placed tub of hummus.

        1. David 132 Silver badge
          Coat

          Presumably the pita bread attack vector can be thwarted by a strategically placed tub of hummus.

          Epic Falafel.

    2. PNGuinn
      Stop

      re pitta bread / farmhouse loaf @ Steve

      ARRRGH! My teeth!

    3. TeeCee Gold badge
      Coat

      This is proof that there is no such thing as a free lunch!

      That sandwich that your co-worker just put on your desk? Be worried......

      1. TRT Silver badge

        It's why hiding it in a Bourbon would be the best bet. No-one eats the biscuit of chocolate deceit.

        However I fear that this technology will be used by terrorist affiliated political organisations. Yes, PITA is at risk of succumbing to Hummas.

    4. Michael Wojcik Silver badge

      Sadly, the "side-channel key-extractor hidden in pita bread" scenario is still orders of magnitude more plausible than the vast majority of "computer hacks" portrayed on television.

  3. frank ly

    Versa Vice

    “Any device close to a computer can pick up RF signals – put your phone close to the car radio and listen to it chatting,”

    Does the phone pick up RF signals from the digital circuitry in the car radio, or does the car radio pick up RF signals from the digital circuitry in the phone?

    1. Anonymous Coward
      Anonymous Coward

      Re: Versa Vice

      The radio's circuitry picks up RF signals from the phone's surprisingly powerful RF circuitry. (Unsurprisingly!)

  4. John Smith 19 Gold badge
    Unhappy

    Note the *low* frequencies they are talking about.

    The processor may be clocked at GHz, but they are looking at signals in the low MHz range.

    And note once you've got someone's private key you've got their whole secure email back catalogue as well.

    1. Tromos

      Re: Note the *low* frequencies they are talking about.

      "And note once you've got someone's private key you've got their whole secure email back catalogue as well."

      Sorry, I don't note that at all. I could give you my private key right now and you would have none of my email back catalogue at all. It is one thing to have the key and quite another to have access to the data to use that key on.

      1. Anonymous Coward
        Anonymous Coward

        Re: Note the *low* frequencies they are talking about.

        I assumed that the clandestine acquisition of the key, from your memory via RF snooping, would allow attackers to decrypt the data that they already copied from your system.

        1. Anonymous Coward
          Anonymous Coward

          Re: Note the *low* frequencies they are talking about.

          Never ever ass-u-me with crypto; It will bight you in the ass. If they have my eMail repository, obtaining my keys is no effort on any computer even with rudimentary tooling. Access to one immediately implies access to all; that device is suspect.

    2. Anonymous Coward
      Anonymous Coward

      Re: Note the *low* frequencies they are talking about.

      Ohhhhh... So it's kind of like logging on to other sites with your LinkedIn Id?

  5. This post has been deleted by its author

    1. Tomato42
      Headmaster

      technically speaking it is news

      it's certainly not newsworthy, I'll give you that

    2. Dave 126 Silver badge

      >. It's also NOT interesting to hobbyists who are already aware of it all.

      From the very first paragraph of the article:

      "This is a well-understood risk, but as these guys have demonstrated, it can be done cheaply with consumer-grade kit, rather than expensive lab equipment."

      I would have thought that the low cost of the equipment would make it of more interest to hobbyists

      1. AlbertH

        I would have thought that the low cost of the equipment would make it of more interest to hobbyists

        Not at all. We demonstrated the "TEMPEST" type of attacks nearly 20 years ago using a cheap(ish) Sony 7600 portable radio and a laptop. If you built a small resonant loop aerial (like often used for long distance Medium Wave reception) you could get it to work over some tens of metres. However, if there was more than one computer in the target area, decryption became almost impossible because of the interference from the adjacent machine. If you want to secure yourself from this type of exploit, just run a few machines in the same room!

        1. Michael Wojcik Silver badge

          If you want to secure yourself from this type of exploit, just run a few machines in the same room!

          Awesomely naive.

          Take a look at that CACM article I mentioned above. While it's trivial to reduce the s/n ratio sufficiently to defeat simple homebrew equipment with poor discrimination, it's extremely difficult (some say axiomatically impossible) to prevent all side-channel attacks.

          1. Anonymous Coward
            Anonymous Coward

            Re: computation that the system does at a given time

            From the article:

            "They are all related to the computation that the >>>system<<< does at a given time. Using that information, picked up outside the application, you can infer something about the secret it contains.""

            Note my emphasis: the >>>system<<<'s workload.

            Now suppose your >>>system<<< in question isn't single tasking, maybe has cache, and might even have more than one core. Y'know, like most mainstream computer systems since 2000 or so (maybe even the 1990s).

            Point me to something that explains how the side channel attack is of any meaningful value in such a real world setup. Enlighten me.

      2. Bob Dole (tm)
        Coffee/keyboard

        >>"I would have thought that the low cost of the equipment would make it of more interest to hobbyists"

        Clue Bat: Anything that could be accomplished with tech 20 years ago, can be done using "low cost equipment" today. That should be pretty obvious.

        As the poster said, this isn't newsworthy. A couple kids figured out how to do something their parents did. Great. Maybe for their next trick they can show us how to change the channels on a TV *remotely*.

      3. JeffyPoooh
        Pint

        "low cost" vice "lab equipment"

        Detecting RF signals around 1.6 MHz was never rocket science. Well, okay, not since 1920.

      4. Michael Wojcik Silver badge

        I would have thought that the low cost of the equipment would make it of more interest to hobbyists

        Certainly ChipWhisperer is of interest to some hobbyists. Whether it's "cheap" depends on which hardware options you use, and whether you build it yourself. The prebuilt "complete kit" from NewAE is $1500, but one of the built-it-yourself options is under $100.

        Basically you have the "James Bond" and "Captain Crunch" options.

    3. Anonymous Coward
      Anonymous Coward

      Thus spoketh the bearded man

      > Most of us who have been in the industry for any length of time knew this twenty years ago.

      Cool. Could you please post a link (or library reference) to the working exploits you have actually produced during all these years? Thanks in advance.

      1. Anonymous Coward
        Happy

        Re: Thus spoketh the bearded man

        >Cool. Could you please post a link (or library reference) to the working exploits you have actually produced during all these years? Thanks in advance.

        Wim van Eck's 30 year old paper "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?" http://cryptome.org/emr.pdf

        1. Michael Wojcik Silver badge

          Re: Thus spoketh the bearded man

          Cool. Could you please post a link (or library reference) to the working exploits you have actually produced during all these years? Thanks in advance.

          Wim van Eck's 30 year old paper "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?"

          "1980s_coder" is actually Wim van Eck? Huh. You'd think he would have mentioned that in his rant.

    4. Six_Degrees

      What's news is the cheapness and compactness of the equipment needed to pull this off, compared to the past. You could stuff this detector into a coat pocket if you chose.

      A more cogent criticism, also true of past exploits, is the near-impossibility of separating the wheat from the chaff even when only a single computer is involved, due to multitasking. It's unthinkably difficult to separate the decryption signal from all the other tasks the computer is performing at any given time. And that's well before our incredibly noisy, real-world EM environment is taken into account.

      I'm not going to go out and buy a Faraday cage for any of my computing equipment just yet, portable or otherwise.

      Now, if someone could please get to work on a personal EMP weapon with, say, a 10 foot range (prefereably directional) that would be worthwhile. Even a trunk-mounted version for use against tailgaters would be welcome.

      1. Michael Wojcik Silver badge

        It's unthinkably difficult to separate the decryption signal from all the other tasks the computer is performing at any given time

        Sigh. No, it isn't. Please familiarize yourself with current research in the field.

        There are plenty of plausible attack scenarios under which general-purpose systems are coaxed into executing mostly the vulnerable code, over a sufficient number of iterations that the attacker can extract enough information and model the behavior sufficiently to narrow the keyspace down into something feasible to attack. That shouldn't be surprising for anyone who's paid attention to information security for the past couple of decades, since attackers have been using those sorts of techniques for various purposes (such as exploiting TOCTOU vulnerabilities).

        Of course, GP systems are not the primary target for this sort of EMF side-channel attack on cryptographic operations anyway. The real profit is attacking embedded systems, such as digital satellite TV boxes, to derive master keys, which can then be used to generate user keys for the black market.

        Man, any time anything crypto- or security-related comes up, the Reg Genius Brigade really swings into action.

        1. Anonymous Coward
          Anonymous Coward

          Re: the primary target for this sort of EMF side-channel attack

          "GP systems are not the primary target for this sort of EMF side-channel attack on cryptographic operations anyway. The real profit is attacking embedded systems, such as digital satellite TV boxes, to derive master keys, which can then be used to generate user keys for the black market."

          Exactly. And where, until you pointed it out, had that been mentioned?

    5. Michael Wojcik Silver badge

      Most of us who have been in the industry for any length of time knew this twenty years ago.

      Sigh.

      There's been extensive research in, and improvements of, side-channel attacks over the past two decades (and longer1). Claiming that it's not newsworthy just demonstrates your ignorance of the field.

      Many - though by no means all - side-channel attacks require proximity. Few require physical access, which is not at all the same thing.

      I know. You're in the running for the coveted title of Most Brilliant Reg Reader and can't miss any opportunity to demonstrate you know more than everyone else.

      1Try at least thirty years, not twenty. Van Eck's first public disclosure of EMF snooping on CRTs was published in '85. TEMPEST started in the late '50s; it was classified for a long time, but the Feds launched the Industry TEMPEST Program in '74. Of course, some classes of side-channel attacks only really became prominent with Kocher's presentation at CRYPTO '96.

  6. Will Godfrey Silver badge

    @ 1980s_coder

    Can't imagine why you were downvoted - this is exactly what I was thinking, and, looking at the other posts, so were a lot of others!

    1. Mage Silver badge
      Devil

      Re: @ 1980s_coder

      Some people like to downvote certain posters or criticism of particular companies and organisations. He criticised the Holy El Reg!

      Anyone that only gets upvotes all the time is suspicious!

    2. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Re: @ 1980s_coder

        > As for somebody's comment to provide evidence, there are numerous patent applications

        I believe the comment asks for evidence of your work in this area, since you used the first person plural.

        It is one thing to "know" something, it is quite another to prove it, confirm it, or reproduce it, by experimental means.

      2. JeffyPoooh
        Pint

        Re: @ 1980s_coder

        "...even a book on ZX81 programming that mentions playing music on a nearby AM radio..."

        This was commercialized. There was at least one commercial game (Alien Defense?, likely several others...) for the TRS-80 Z80 based Model 1, 3, 4 line that included an entertaining musical melody that was radiated and the player was instructed to use an AM radio to listen to it. Back in the very early 1980s I was doing exactly that.

        A fully commercialized game.

      3. Michael Wojcik Silver badge

        Re: @ 1980s_coder

        there are numerous patent applications for RF capture devices

        There are numerous patent applications for computing equipment; thus nothing about computer hardware is newsworthy.

        Hell, there are any number of posts from Reg readers explaining why a given story is not newsworthy. Thus such posts are themselves no longer worth writing.

    3. Michael Wojcik Silver badge

      Re: @ 1980s_coder

      Can't imagine why you were downvoted

      Rather than trying to imagine it, why not do a little research?

  7. grumpyoldeyore
    FAIL

    I guess it will work...

    ,,, up to the point that the mark breaks a tooth munching on the pita bread.

    1. Mage Silver badge

      Re: I guess it will work...

      False bottom on basket for bread or biscuits or chocolates.

  8. jake Silver badge

    See my post from 6 years ago:

    http://forums.theregister.co.uk/forum/containing/443984

    1. Michael Wojcik Silver badge

      Re: See my post from 6 years ago:

      Sure. But that was in '77, so three years after the US government had gone public with TEMPEST (via the Industry TEMPEST Program). So doing something with EMF emissions from computers was already old hat at that point - though the music-playing trick probably was still pretty fresh.

      The problem with all of these posts is that they ignore the tremendous progress made in side-channel attacks, both in theory and practice.

  9. Anonymous Coward
    Anonymous Coward

    How about a simple non-Tempest prevention measure?

    A Homeplug or three in the vicinity nattering pointlessly to each other?

    So much wideband RF splatter so much of the time from the homeplugs that they'll never reliably detect the emissions from the target computer. The logical opposite of the Tempest approach.

    Btw, Tempest wasn't just about emissions suppression, though certainly it was useful for that.

    The hint is in the name: tEMPest.

    1. John Brown (no body) Silver badge

      Re: How about a simple non-Tempest prevention measure?

      "A Homeplug or three in the vicinity nattering pointlessly to each other?"

      ISTR being inside laptops in the past and seeing the inner case coated with a copper-like substance, probably achieved by some sort of vapour deposition and assuming it was a shielding method to meet the regulations on RF emissions.

      Is it safe to assume that either this screening only reduces RF emissions or simply doesn't work? Or are modern laptops splurting out RF all over the place because of manufacturers cost cutting and regulators not caring enough to enforce the rules?

      1. Anonymous Coward
        Anonymous Coward

        Re: How about a simple non-Tempest prevention measure?

        "assuming it was a shielding method to meet the regulations on RF emissions."

        Good assumption.

        "this screening only reduces RF emissions "

        Correct. Total elimination is quite tricky. TEMPEST kit gets pretty close to stopping stuff getting out (or getting in). But as you'll have read here, it makes stuff complicated and expensive.

        "modern laptops splurting out RF all over the place because of manufacturers cost cutting"

        Shouldn't be. Most countries have rules about these things (FCC regulations in the US, the EU EMC regs/CE mark, etc). But you're ahead of me already...

        "regulators not caring enough to enforce the rules?"

        I'm not sure it's "not caring". It may be more like not having sufficient power and influence to take on the big boys even where there are clear breaches of the rules. The result is the same though.

  10. JeffyPoooh
    Pint

    My workaround is as follows...

    I use my arm to sweep away any mysterious, nearby, Internet-connected AM radios.

    It takes but a few seconds.

    1. Adam 1

      Re: My workaround is as follows...

      and I never sign into my bank accounts when there is nearby pita bread. That is just asking for trouble.

  11. choleric
    Coat

    annoying

    This vulnerability sounds like a real PITA.

    Ah, my coat! Thank you. I was just leaving.

  12. Anonymous Coward
    Anonymous Coward

    Without getting into too many details...

    It's sadly amusing, in a Shannon-Hartley sort of way, when the government Subject Matter Experts ask questions that are similar to this...

    "How can we be certain that the 1 Gbps Ethernet data will not somehow couple onto the headset wiring, thence get into the microphone audio circuits, and thus be unintentionally transmitted out on the HF radio to be intercepted by the enemy hundreds of miles away?"

  13. ckm5
    Coat

    Quick, download some new fonts....

    http://www.cl.cam.ac.uk/~mgk25/emsec/softtempest-faq.html

  14. John Brown (no body) Silver badge
    Coat

    So, are we about to see...

    ...the superseding of spamming with kababbing?

  15. Hardrada

    Not quite on topic, but...

    I saw some of the posts above, and thought someone here might have experience with this:

    I have a project that involves using capacative displacement indicators for measurements with uncertainties of less than a nanometer, and resolution of around 10 picometers. Even when we shut down adjacent parts of the building and use a Faraday cage, it doesn't get the noise as low as it needs to be, so we do the tests at night.

    Not everyone likes that, so I've thought of replacing some of the control electronics with something that's easier to shield (maybe something like this: http://www.logicsupply.com/ml100g-10/). I think that even the display would be a problem, though. There are transparent films designed to block at least some radio frequencies, but that wouldn't shield the enclosure. One idea was to use a board with an internal LCD connector, and make a custom case. (We have all of the necessary tools, including punches for the back panel ports.)

    Here's where I got hung up: It wouldn't work if there are magnetic transformers on any of the boards. (I'm already assuming that the AC/DC converter would be very far away.) Some LCDs use piezo transformers, and that should be fine, so I'm wondering if there are boards that either use them or could be modified to do so. De-soldering the magnetic transformers and replacing them shouldn't be a problem.

    Any thoughts?

    Cheers :)

    1. John Smith 19 Gold badge
      Boffin

      @Hadrada

      "Any thoughts?

      Cheers :)"

      Yes.

      RV Jones "Instruments and Experiences"

      He spent a substantial part of his career doing this. It's also called "Capacitance micrometry."

      1. Hardrada

        Re: @Hadrada - Thanks

        That looks quite useful. I have a couple of books that cover a subset that - Wayne R. Moore's Foundations of Mechanical Accuracy for microelasticity, and Eric Marsh's Precision Spindle Metrology for capacitance micrometry in that setting - but I would probably be interested in what Mr. Jones has to say either way. I'll have to go book hunting...

        1. John Smith 19 Gold badge

          Re: @Hadrada - Thanks

          " have a couple of books that cover a subset that - Wayne R. Moore's Foundations of Mechanical Accuracy for microelasticity, and Eric Marsh's Precision Spindle Metrology for capacitance micrometry in that setting - "

          The book is a retrospective of his work. Key features of his approach were the use of unbalencing sensors driving null reading bridges. The first makes one output bigger as the other side gets smaller while the second keeps the scale quite short as all you need to know is wheather or not the reading is at zero.The system output is the error signal needed to cancel the sensor output.

          Today such sensors can measure a 2000 tonne tank or powder silo to within 1Kg (1 parts in 2^21). They are also quite beautiful, being laser cut from a single piece of steel.

          It's also good on the design of various flexure bearings that eliminate the sudden "jerk" when applied force overcomes static friction for the first time and an object starts to move.

          This is stuff that's used in the design of semiconductor mfg equipment but a lot of Jones work comes from the 1950's. Being able to generated nm displacements by hand is very tricky, but his papers show how it's done.

          Jones was active in WWII in what today would be called electronic warfare and ECM, which is a rather tenuous link the original topic.

  16. John Smith 19 Gold badge
    Unhappy

    Hackers Handbook, 1st edition??

    ISTR a dumb version of this.

    While you could capture a signal it was never quite clear what you could do with it.

  17. cortland

    Those who've worked

    Those who've worked in the TEMPEST field, as I did quite a few years ago, may as the phrase goes, "neither confirm nor deny". However... in an amusing aside, I once worked as an Electromagnetic Compatibility engineer at a Fort Worth (Texas) computer maker now in bankruptcy.

    One day, the board of directors was touring the lab where I was testing a vendor-supplied CD drive in a new product. Explaining why testing was needed, I let them hear music playing on a computer CD drive by turning on the loudspeaker of a spectrum analyzer outside the shielded chamber. Since we are talking TEMPEST, then, "As they smelt music: so I charm'd their ears"; the signal was from a cord and headset plugged into the drive's front panel jack, and at a level more that the FCC Rules (also see see EN 55022) allowed.

    The drive vendor having refused to accept return as unsuitable, we shipped all of that model with a plastic rivet glued into the drive's headphone connector.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021