It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
page: 10
share:
I've just learned that this was already reported:
previous link
RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
I thought this maybe highly relevant for all the GnuPG ATS users.
The most relevant part:
Meaning that an attacker can hear your secret key.
also:
There is already an Ubuntu Security Notice dealing with this, namely USN-2059-1
previous link
Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations. In a preliminary presentation, we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was that the acoustic side channel has a very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.
RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
Note: these are recent results, first published on 18 December 2013. Preliminary results were announced in the Eurocrypt 2004 rump session presentation titled "Acoustic cryptanalysis: on nosy people and noisy machines", and are now archived. The progress since the preliminary results is summarized in Q16 below.
I thought this maybe highly relevant for all the GnuPG ATS users.
The most relevant part:
The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts.
Meaning that an attacker can hear your secret key.
also:
Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.
There is already an Ubuntu Security Notice dealing with this, namely USN-2059-1
edit on 19-12-2013 by Torbu because: added USN-2059-1 link
edit on 19-12-2013 by Torbu because: (no reason
given)
edit on 19-12-2013 by Torbu because: (no reason given)
There's a thread here about it: www.abovetopsecret.com...
It's very interesting but according to the paper GnuPG has already been patched for version 2.x so the hole is plugged. For now.
It's very interesting but according to the paper GnuPG has already been patched for version 2.x so the hole is plugged. For now.
new topics
-
When an Angel gets his or her wings
Conspiracies in Religions: 10 minutes ago -
Comparing the theology of Paul and Hebrews
Religion, Faith, And Theology: 57 minutes ago -
Pentagon acknowledges secret UFO project, the Kona Blue program | Vargas Reports
Aliens and UFOs: 1 hours ago -
Boston Dynamics say Farewell to Atlas
Science & Technology: 2 hours ago -
I hate dreaming
Rant: 2 hours ago -
Man sets himself on fire outside Donald Trump trial
Mainstream News: 4 hours ago -
Biden says little kids flip him the bird all the time.
2024 Elections: 4 hours ago -
The Democrats Take Control the House - Look what happened while you were sleeping
US Political Madness: 5 hours ago -
Sheetz facing racial discrimination lawsuit for considering criminal history in hiring
Social Issues and Civil Unrest: 5 hours ago -
In an Historic First, In N Out Burger Permanently Closes a Location
Mainstream News: 7 hours ago
0