Researchers from Tel Aviv University have demonstrated an attack against the GnuPG encryption software that enables them to retrieve decryption keys by touching exposed metal parts of laptop computers. <\/p>\n
There are several ways of attacking encryption systems. At one end of the spectrum, there are flaws and weaknesses in the algorithms themselves that make it easier than it should be to figure out the key to decrypt something. At the other end, there are flaws and weaknesses in human flesh and bones that make it easier than it should be to force someone to offer up the key to decrypt something. <\/p>\n
In the middle are a range of attacks that don't depend on flaws on the encryption algorithms but rather in the way they've been implemented. Encryption systems, both software and hardware, can leak information about the keys being used in all sorts of indirect ways, such as the performance of the system's cache, or the time taken to perform encryption and decryption operations. Attacks using these indirect information leaks are known collectively as side channel attacks. <\/p>\n
This research is a side-channel attack. The metal parts of a laptop, such as the shielding around USB ports, and heatsink fins, are notionally all at a common ground level. However, this level undergoes tiny fluctuations due to the electric fields within the laptop. These variations can be measured, and this can be used to leak information about encryption keys. <\/p>\n
The measurements can be done by directly attaching a digitizer to a metal part of the laptop, but they don't have to be this obvious. The researchers showed that they could retrieve information with connections at the far end of shielded USB, VGA, and Ethernet connections. They also used human touch: a person in contact with metal parts of the laptop can in turn be connected to a digitizer, and the voltage fluctuations can be measured. <\/p>\n
The researchers note that this works better in hot weather, due to the lower resistance of sweaty fingers. <\/p>\n
While the information retrieval was better when used with high-end lab equipment, the researchers also experimented with using a smartphone connected to Ethernet shielding via its headphone port, and found that this was sufficient to perform some attacks. <\/p>\n
The major importance source of the voltage variations is the processor. The simplest thing to detect is probably whether the processor is active or sleeping, with the researchers saying that on almost all machines, the difference between an active processor and a processor suspended with the \"HLT\" instruction could be detected. On many machines, finer grained information was visible. The research recorded the fluctuations with a sample rate of between a few tens of kilohertz, and a few megahertz. These sample rates are far lower than the several gigahertz that processors operate, and so these measurements can't give insight into individual instructionsbut this wasn't actually necessary. <\/p>\n
During encryption and decryption operations, the processor has to perform certain long-running operations (for example, exponentiation of various large numbers), and these operations caused a consistent, characteristic set of voltage fluctuations. When sampling the voltages at a rate of a few MHz, keys for the RSA and ElGamal encryption algorithms could be extracted in a few seconds. <\/p>\n
This attack required a single piece of encrypted data to be decrypted a few times. <\/p>\n
<\/p>\n