The latest way to snoop on a computer is by measuring subtle changes in electrical potential as data is decrypted. <\/p>\n
Touch sensitive: In a demonstration, a researcher captures cryptographic keys stored on a computer using a sophisticated algorithm that measures ground potential conducted through the skin. <\/p>\n
With enough technical savvy, simply touching a laptop can suffice to extract the cryptographic keys used to secure data stored on it. <\/p>\n
The trick is based on the fact that the ground electrical potential in many computers fluctuates according to the computation that is being performed by its processorincluding the computations that take place when cryptographic software operates to decrypt data using a secret key. <\/p>\n
Measuring the electrical potential leaked to your skin when you touch the metal chassis of such laptops, and analyzing that signal using sophisticated software, can be enough to determine the keys stored within, says Eran Tromer, a computer security expert at Tel Aviv University. <\/p>\n
The remarkable result is described in this paper due to be presented at a conference in South Korea next month, but it was demonstrated Tuesday at a cryptography conference in Santa Barbara, California. <\/p>\n
A signal can be picked up by touching exposed metal on a computer chassis with a plain wire. Or that wire can make contact anywhere on the body of an attacker touching the computer with a bare hand (sweaty hands work best). The ground signal can also be measured by fastening an alligator clip at the far end of an Ethernet, VGA, or USB cable attached to the computer, or even wirelessly with sensitive voltage-detection equipment. The catch is that contact must be made as data is unlocked with a keyduring decryption of a folder or an e-mail message, for instance. <\/p>\n
Tromer says his research team has used all those methods to extract encryption keys based on widely used, high-security standards4,096-bit RSA keys and 3,072-bit ElGamal keys. <\/p>\n
The work contributes to a growing body of evidence that regardless of the software protections people place on computers, there are indirect ways to extract dataso-called side channel attacks. <\/p>\n
Previous research efforts have found, for example, that analyzing the power consumption of a computer can reveal cryptographic keys. The good news is that analyzing subtle trends in power usage can also reveal whether a computer is being attacked (see Tiny Changes in Energy Use Could Mean Your Computer Is Under Attack). <\/p>\n
<\/p>\n