It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Researchers crack world’s toughest encryption by listening to tiny sounds made by your comps cpu

page: 1
13

log in

join
share:

posted on Dec, 18 2013 @ 08:19 PM
link   
I found out this information after making another post today about cracking encryption.


Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening – yes, with a microphone — to a computer as it decrypts some encrypted data. The attack is fairly simple and can be carried out with rudimentary hardware. The repercussions for the average computer user are minimal, but if you’re a secret agent, power user, or some other kind of encryption-using miscreant, you may want to reach for the Rammstein when decrypting your data.


An for a more technical explanation:

Without going into too much detail, the researchers focused on a very specific encryption implementation: The GnuPG (an open/free version of PGP) 1.x implementation of the RSA cryptosystem. With some very clever cryptanalysis, the researchers were able to listen for telltale signs that the CPU was decrypting some data, and then listening to the following stream of sounds to divine the decryption key. The same attack would not work on different cryptosystems or different encryption software — they’d have to start back at the beginning and work out all of the tell-tale sounds from scratch.

source

It just seem that people are coming up with more and more inventive ways to break encryption every day. It make me wonder if they already know whats in things like Julian Assange's insurance file before it gets released.


edit on 18-12-2013 by PhoenixOD because: (no reason given)




posted on Dec, 18 2013 @ 09:07 PM
link   
reply to post by PhoenixOD
 


Hmm, I managed to miss your other thread today. Would you mind linking to it here.
Thanks,
D.

Never mind. Found it on your profile.
www.abovetopsecret.com...

edit on 18-12-2013 by dainoyfb because: Self evident.



posted on Dec, 18 2013 @ 09:14 PM
link   
reply to post by PhoenixOD
 

Cool find, S&F. Another interesting bit from that article:


The researchers successfully extracted decryption keys over a distance of four meters (13 feet) with a high-quality parabolic microphone. Perhaps more intriguingly, though, they also managed to pull of this attack with a smartphone placed 30 centimeters (12 inches) away from the target laptop. The researchers performed the attack on different laptops and desktops, with varying levels of success


I am really surprised that the mics on a smartphone would be suitable for something like this. Most people are completely oblivious of EMSEC (or TEMPTEST). From Wikipedia:


Tempest (often spelled TEMPEST) is a codename referring to investigations and studies of compromising emanations (CE). Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any information-processing equipment.
Compromising emanations consist of electrical, mechanical, or acoustical energy intentionally or by mishap unintentionally emitted by any number of sources within equipment/systems which process national security information. This energy may relate to the original pre- or non-encrypted message, or information being processed, in such a way that it can lead to recovery of the plaintext. Laboratory and field tests have established that such CE can be propagated through space and along nearby conductors. The interception/propagation ranges and analysis of such emanations are affected by a variety of factors, e.g., the functional design of the information processing equipment; system/equipment installation; and, environmental conditions related to physical security and ambient noise. The term "compromising emanations" rather than "radiation" is used because the compromising signals can, and do, exist in several forms such as magnetic- and/or electric field radiation, line conduction, or acoustic emissions.[1]


I remember when I first became aware of the field as teen after reading in some text file about how a computer screen could be reconstituted by observing emissions from a CRT through a wall.



posted on Dec, 18 2013 @ 10:32 PM
link   
reply to post by theantediluvian
 




I remember when I first became aware of the field as teen after reading in some text file about how a computer screen could be reconstituted by observing emissions from a CRT through a wall.


Ive heard of reading sound from the vibrations on a window pane but that's a new one on me



edit on 18-12-2013 by PhoenixOD because: (no reason given)



posted on Dec, 19 2013 @ 07:03 AM
link   
reply to post by theantediluvian
 


Having had access to govt SIPRNet, I can tell you that the tempest safeguards are not used today.

Most siprnet computers are not shielded, grounded, isolated like they should be.

But this encryption hack - wonder if it would work on secure phones. Wouldn't seem hard to encode a STU/STE key using this. 'Going secure' was the only way we could trust the other end...



posted on Dec, 19 2013 @ 07:25 AM
link   
reply to post by PhoenixOD
 

If you've got good hearing, you can hear the sounds the CPU makes, at least the bottom end of the frequency spectrum they looked at which is down to 10 kHz, well within the range of human hearing. I've heard CPU sounds but I think not everyone can hear them. So, on the one hand, I'm not surprised they are able to pick up these computing sounds with a microphone.

On the other hand, what does surprise me is that they were able to use these sounds to decrypt an encryption key. I'm usually not surprised too much at news or discoveries, so this is a rare discovery that actually surprises me. But when I see how they did it, now I just have to admit they are more clever than I was because I didn't think this hack would work.

However what this also teaches us is that smart phone microphones are far more capable that many people (perhaps including myself) imagined, and that another thread on ATS about what could be communicated wirelessly using sound vastly underestimated the true capabilities of smart phones, as demonstrated in this experiment.

Regarding the CRT remote screen hack, yes that's well known, but CRTs use something on the order of 20,000 volts so of course that high a voltage is bound to create a robust electromagnetic signature which is easy to pick up at a distance if it's not shielded and usually it's not. I haven't really looked into whether or not the same type of CRT hack can be used on LCD screens, but I can say that LCDs don't use 20,000 volts so the external EM signature is not as strong, meaning if the same hack can be done, you'd probably need to be a lot closer to the LCD screen? Maybe I'll look into this when I have time.



posted on Dec, 19 2013 @ 07:30 AM
link   
I wonder if having something like burn in running during decryption would create enough white noise to mask the process.



posted on Dec, 19 2013 @ 07:57 AM
link   
reply to post by thisguyrighthere
 

Your question relates to the concept called "signal to noise ratio".

Introduce enough noise and at some point the signal becomes a smaller and smaller part of the total and eventually the signal is not as detectable. They have already found such limits probably with the cell phone technology because they said they had varying degrees of success using cell phone microphones.

But exactly how much noise you would need to add would probably need to be experimentally verified. I've got some loud cooling fans in an external drive bay, and they might be enough to prevent the CPU's sounds from being readable over the fan noise.


edit on 19-12-2013 by Arbitrageur because: clarification



posted on Dec, 19 2013 @ 09:12 AM
link   
reply to post by Arbitrageur
 


Looks like that is a viable countermeasure:

Conversely, a sufficiently strong wide-band noise source can mask the informative signals, though ergonomic concerns may render this unattractive.
link

According to the paper summary GnuPG has already been updated with countermeasures as of 2.x unless I'm reading it wrong.



posted on Dec, 19 2013 @ 10:33 AM
link   
reply to post by PhoenixOD
 

So - "safe-crackers" are back in business.
Thanks for the heads-up...



posted on Dec, 19 2013 @ 10:58 AM
link   
From www.cs.tau.ac.il...:




Q12: Won't the attack be foiled by loud fan noise, or by multitasking, or by several computers in the same room?

Usually not. The interesting acoustic signals are mostly above 10KHz, whereas typical computer fan noise and normal room noise are concentrated at lower frequencies and can thus be filtered out. In task-switching systems, different tasks can be distinguished by their different acoustic spectral signatures. Using multiple cores turns out to help the attack (by shifting down the signal frequencies). When several computers are present, they can be told apart by spatial localization, or by their different acoustic signatures (which vary with the hardware, the component temperatures, and other environmental conditions).



posted on Dec, 19 2013 @ 08:31 PM
link   
So the real question is... how long has the NSA had access to this?



posted on Dec, 20 2013 @ 03:12 PM
link   
This is awesome.



posted on Dec, 20 2013 @ 09:40 PM
link   

PhoenixOD
reply to post by theantediluvian
 




I remember when I first became aware of the field as teen after reading in some text file about how a computer screen could be reconstituted by observing emissions from a CRT through a wall.


Ive heard of reading sound from the vibrations on a window pane but that's a new one on me



edit on 18-12-2013 by PhoenixOD because: (no reason given)


It was doable with old crt monitors in a really obscure way, but as with all things people get a hint of something and it turns into super secret cia operatives able to see you watching porn on your computer from their offices somewhere...

en.wikipedia.org...


In a CRT the image is generated by an electron beam that sweeps back and forth across the screen. The electron beam excites the phosphor coating on the glass and causes it to glow. The strength of the beam determines the brightness of individual pixels (see CRT for a detailed description). The electric signal which drives the electron beam is amplified to hundreds of volts from TTL circuitry. This high frequency, high voltage signal creates electromagnetic radiation that has, according to Van Eck, "a remarkable resemblance to a broadcast TV signal".[1] The signal leaks out from displays and may be captured by an antenna, and once synchronization pulses are recreated and mixed in, an ordinary analog television receiver can display the result. The sync can be recreated either through manual adjustment or by processing the signals emitted by electromagnetic coils as they deflect the CRT's electron beam back and forth.[1]
In the paper, Van Eck reports that in February 1985 a successful test of this concept was carried out with the cooperation of the BBC. Using a van filled with electronic equipment and equipped with a VHF antenna array, they were able to eavesdrop from a "large distance".
Van Eck phreaking and protecting a CRT display from it was demonstrated on an episode of Tech TV's The Screen Savers on December 18, 2003.[5][6]


1010.co.uk...

has info and purported images similar to what they would expect to see.



posted on Dec, 22 2013 @ 09:36 PM
link   
Easily countered against.

CPUs do not make noise themselves. The supporting components can.

So the solution is to stop coil whine (which is annoying anyway) via e.g. solid state chokes, and also make the CPU usage and thus VRM load vary in a similar but random way, indistinguishable from the actual signal.

www.trio-tw.com.tw...
edit on 22/12/13 by C0bzz because: (no reason given)



posted on Dec, 28 2013 @ 07:03 AM
link   

Arbitrageur
reply to post by PhoenixOD
 

If you've got good hearing, you can hear the sounds the CPU makes, at least the bottom end of the frequency spectrum they looked at which is down to 10 kHz, well within the range of human hearing. I've heard CPU sounds but I think not everyone can hear them. So, on the one hand, I'm not surprised they are able to pick up these computing sounds with a microphone.

On the other hand, what does surprise me is that they were able to use these sounds to decrypt an encryption key. I'm usually not surprised too much at news or discoveries, so this is a rare discovery that actually surprises me. But when I see how they did it, now I just have to admit they are more clever than I was because I didn't think this hack would work.

However what this also teaches us is that smart phone microphones are far more capable that many people (perhaps including myself) imagined, and that another thread on ATS about what could be communicated wirelessly using sound vastly underestimated the true capabilities of smart phones, as demonstrated in this experiment.

Regarding the CRT remote screen hack, yes that's well known, but CRTs use something on the order of 20,000 volts so of course that high a voltage is bound to create a robust electromagnetic signature which is easy to pick up at a distance if it's not shielded and usually it's not. I haven't really looked into whether or not the same type of CRT hack can be used on LCD screens, but I can say that LCDs don't use 20,000 volts so the external EM signature is not as strong, meaning if the same hack can be done, you'd probably need to be a lot closer to the LCD screen? Maybe I'll look into this when I have time.



this is a hoax.you have all been had.mikes can't hear cpu sounds.i mean they are bad enough with loud human voices let alone so levels so faint they merge with the back ground noise.

cpu do NOT make sounds.

it is tiny electrons moving about.

trillions of them at the same time.

cpu are solid state.not mechanical devices.they don't make sounds.this is an elaborate hoax just like that digital dust hoax few years back.



new topics

top topics



 
13

log in

join