Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

37 comments

Stealing FIRST POST (-1)

Anonymous Coward | more than 2 years ago | (#38849937)

Suck on it

Gives me hope.. (1)

Anonymous Coward | more than 2 years ago | (#38849975)

Breaking crypto with all these newer and newer tricks. So long as it's within the realm of possibility that my TPM can be broken, fear of DRM hath no hold on me.

Abandon it, silly. (0)

Anonymous Coward | more than 2 years ago | (#38850105)

Your TPM's private key may be potentially breakable, but this doesn't mean it will be broken. *Your* private key, however, *will* be broken.

Re:Gives me hope.. (0)

Anonymous Coward | more than 2 years ago | (#38850109)

This is not new, read something about this before... Electronics leak different "waves" depending on what they are doing at the moment, if you read the "waves" of when you're using the key, you can deduce it to a certain degree of certainty. You can try and avoid it by producing interference (randomly placed dummy operations, for example) or simply by shielding your electronics really well.

Re:Gives me hope.. (2)

betterunixthanunix (980855) | more than 2 years ago | (#38850329)

The TPM can always be broken. It stores a secret key right there for you to take and use for your own purposes -- you just need to find a way to extract it from the device. Attacking the TPM is not really a crypto problem as much as it is a security engineering problem: how do you prevent people from reading data that is stored on a computer they control, while still allowing them to use that data.

Re:Gives me hope.. (1)

rhook (943951) | more than 2 years ago | (#38852061)

This is why you password protect your keys.

Re:Gives me hope.. (1)

betterunixthanunix (980855) | about 2 years ago | (#38857287)

Which is irrelevant in the case of DRM, because nobody will be standing there to enter the password.

Re:Gives me hope.. (1)

IamTheRealMike (537420) | more than 2 years ago | (#38855921)

The TPM is just an inert chip. It's off by default on many machines, controlled by the BIOS. So, lose the paranoia.

Van Eck side channel (-1)

Anonymous Coward | more than 2 years ago | (#38849991)

Applause.

Re:Van Eck side channel (4, Informative)

Anonymous Coward | more than 2 years ago | (#38850063)

This is not a new attack. It's been known for decades - this is the attack the NSA codenamed HIJACK, I believe (or it may possibly be NONSTOP, I always get the two confused). I know GCHQ's CESG were aware of it too.

Putting a radio transmitter next to something which may produce key-dependent interference (depending on, say, whether it's squaring (1) or multiplying (0) each bit of an RSA key) will yield a measurable interference pattern which leaks information about the keys.

Countermeasures are surprisingly similar to acoustic emissions attacks and timing attacks: blinding; routines/hardware circuits which don't exhibit key-dependent behaviour; better shielding, particularly of the ground and Vcc planes for the TX circuit.

Works for keyboards, too.

Clever. I like it. (5, Informative)

Anonymous Coward | more than 2 years ago | (#38850167)

So the CPU doesn't have a strong enough EM signal (note that all electronic processing generates EM waves) to send out the key processing details over any reasonable distance (tiny starting signal plus 1/r^2) . But it is a smartphone, and the CPU EM signal is strong enough to interfere with the (very!) nearby phone transmitter. And by examining that signal, you can tempest monitor the CPU from a much greater distance. Cool. The smartphone in effect has its own built in CPU EM signal amplifier.

The hard bit is the details. You need the right equipment, and the right algorithms to extract the signal and then reconstruct the key.

Re:Van Eck side channel (1)

KZigurs (638781) | about 2 years ago | (#38860099)

Actually TEMPEST.

GOD HAS COMMANDED THEE, THOU SHALL NOT STEAL !! (0)

Anonymous Coward | more than 2 years ago | (#38850009)

So don't do it !!

New Phone Case. (5, Funny)

Anonymous Coward | more than 2 years ago | (#38850013)

Great. Now I need a tin foil case for my phone too.

Re:New Phone Case. (-1)

Anonymous Coward | more than 2 years ago | (#38850159)

Hahaha.

Suck my fat dick, motherfucker.

Electromagnetic Where Exactly? (4, Interesting)

GreenTech11 (1471589) | more than 2 years ago | (#38850019)

TFA says that

The radio-based device will pick up electromagnetic waves occurring when the crypto libraries inside the smartphone are used,

, but I can't see how it could actually be detecting anything inside the smartphone as the waves emitted by the little electrons zipping around are hardly going to be detected, not to mention identifying those particular disturbances amongst everything else would be impossible. Is it actually detecting the stuff as the cellphone transmits/receives if then? I'm far from an expert in this, so any explanation would be great.

Re:Electromagnetic Where Exactly? (0)

Anonymous Coward | more than 2 years ago | (#38850041)

Yeah, article writers get it wrong often, and i'm going to wait until the demo to see if it is true

Re:Electromagnetic Where Exactly? (3, Informative)

russotto (537200) | more than 2 years ago | (#38850049)

It's a pretty typical side-channel attack. It's detecting the RFI emitted during computation, and using that to determine the key. So, yes, it's detecting the waves emitted by the little electrons zipping around inside the smartphone.

Re:Electromagnetic Where Exactly? (1)

Gordonjcp (186804) | more than 2 years ago | (#38850495)

I'll believe it when I see it. Even then, I'll only believe it when I see it working outside a perfectly shielded Faraday cage, more than once.

Re:Electromagnetic Where Exactly? (1)

betterunixthanunix (980855) | more than 2 years ago | (#38850569)

You could set up an experiment on your own using about $20 worth of components (having access to an oscilloscope is helpful but not strictly necessary). When I was in high school, I tried to build a radio using some spare parts from my electronics class; I was not able to pick up anything intelligible, but I did pick up lots of emissions from the computer sitting on my desk. If I ran a program with a tight loop, I could actually hear the difference coming out of the speak.

This, of course, is not quite the same thing as determining bits of a secret key, but the concept is the same -- it is just a little less sophisticated. All my "radio" was was a high gain amplifier and an PLL; anyone could build such a thing. Reliably extracting crypto keys is a matter of understanding how the algorithm interacts with the hardware, and then forcing it to process plaintext or ciphertext of your choosing (e.g. by using a TLS connection to a website that you control).

Re:Electromagnetic Where Exactly? (1)

Gordonjcp (186804) | more than 2 years ago | (#38855585)

Oh, I'm painfully aware that computer equipment throws off all sorts of hash, well up into the hundreds of MHz range. I can hear my ADSL modem a good quarter of a mile away on 145.6875MHz - in the house its emissions are strong enough to blot out the local repeater.

I don't believe it's possible to recover the encryption key by listening to these pulses. There's so much else going on, and it's not like each little wave is labelled "this is part of the encryption key".

Re:Electromagnetic Where Exactly? (1)

betterunixthanunix (980855) | about 2 years ago | (#38857275)

I don't believe it's possible to recover the encryption key by listening to these pulses. There's so much else going on, and it's not like each little wave is labelled "this is part of the encryption key".

No, but you can set things up so that if a particular key bit is a "1," the system will work harder than if it is a "0" by selecting particular plaintext or ciphertext to be encrypted or decrypted. It may be a small difference buried in noise, but if you repeat the experiment enough times it will become detectable. Worse still, it may be the case that you do not have to choose the plaintext/ciphertext at all, but simply know what is being encrypted/decrypted: maybe you can intercept the ciphertext, or you know that a JPEG image is being encrypted (and thus the first few bits will be common to all JPEGs), etc.

The point is that what you measure from the RF emissions are not key bits, but the pattern of work being done by the target system, and that pattern of work will be correlated to the secret key.

Re:Electromagnetic Where Exactly? (1)

deadlydiscs (1505207) | more than 2 years ago | (#38850069)

TFA also says Paul Kocher is one of the world's foremost crypto experts who will explain it to you at an upcoming RSA conference in SF next month.

Re:Electromagnetic Where Exactly? (1)

Anonymous Coward | more than 2 years ago | (#38850073)

Dude, they're using RADIO WAVES! That shit's like magic. It's a freakin' INVISIBLE LIGHT ELEMENTAL. No one understands how that stuff works. There is no defense from it.

Scariest thing I've ever read. Totally ruined my "Data Privacy Day" party.

Actually, this is well known... (2)

betterunixthanunix (980855) | more than 2 years ago | (#38850303)

This is a well known side channel attack; it is usually pretty hard to pull off for all the reasons you said, but apparently these researchers have overcome those obstacles. Usually these sorts of attacks are chosen plaintext or chosen ciphertext attacks, and you will look for particular changes in the EMI that comes out of the phone which can be correlated with the secret key. You will probably need to choose many plaintexts/ciphertexts for this attack to work, but a typical TLS session will probably be enough.

Re:Actually, this is well known... (1)

AmiMoJo (196126) | more than 2 years ago | (#38850797)

On Android you could write an app that runs in the background and randomly interrupts the foreground app or does useless bits of crypto while it is active to foil these attacks.

Re:Electromagnetic Where Exactly? (4, Interesting)

sjames (1099) | more than 2 years ago | (#38851253)

No, actually it IS radio waves from the little electrons zipping around in the phone being detected. Of course, little electrons zipping around are always involved in radio waves.

You'd be amazed what signal processing can do, especially if you can also see in a video when the function your looking for was triggered.

This is another example of Van Eck phreaking [wikipedia.org] . It's so easy in some cases, it can be accidental. Back in the early '80s, I noticed the interference on channel 5 of the TV had a repeating pattern to it. As I studied it carefully, I realized it was the screensaver from my PC in the next room.

Mod parent down (4, Interesting)

Prune (557140) | more than 2 years ago | (#38851703)

If you've ever designed a circuit board where you had to worry about isolation of interference between sections and using groundplanes and filtering correctly, you'd know the trivial answer as to what is going on here and why your post is totally wrong: interference from the processor will cause some small modulation in the phone's radio circuits. Despite any shielding, there are multiple channels through which such interference is coupled inside a cellphone.

TEMPEST (1)

whoisisis (1225718) | more than 2 years ago | (#38850053)

Looks like they need some TEMPEST [wikipedia.org] shielding.

Re:TEMPEST (1)

Anonymous Coward | more than 2 years ago | (#38850505)

That's the hard way of dealing with this problem. The real reason CRI is showing this is to sell their patented solution that statistically decorrelates the side channel info being transmitted, thereby rendering such emissions meaningless. They did something similar with differential power analysis on ISO7816 smart cards, especially the clockless asynchronous logic used by N X P smart cards.

TEMPEST (0)

Anonymous Coward | more than 2 years ago | (#38850055)

Its probably inferred from clock sources within the chip. Its pretty easy with the right equipment.

load of crap (1)

Anonymous Coward | more than 2 years ago | (#38855189)

My phone has a dual core 1.2ghz cpu. Your telling me that its possible to decode the signals flowing through the phones circuits remotely ? whats the energy level of the RF radiating from the phone, NOT including the WIFI / bluetooth / LTE cdma / spurious LCD emissions ? assuming you did shut these off, you would need to stick the thing in a RF shielded room with a yagi up the phones behind to get enough signal strength to decode electrical impulses operating at 1.2GHZ!

Re:load of crap (1)

Jamel Toms (2541304) | more than 2 years ago | (#38866353)

Anything that is assembled can be disassembled.

Re:load of crap (0)

Anonymous Coward | more than 2 years ago | (#38866395)

Yes, it can be done. There have been many articles in the past about people doing such things. I'm surprised how you and others here feel they can claim it's impossible. All sort of radio waves radiate from the CPU, RAM, and especially the wires between them. You only need to find the right one to start cracking the encryption. Think about it the other direction. Can you imagine a phone that can guaranty no information about the encryption is leaking? That's where you need your Faraday cage.

TEMPEST (0)

Anonymous Coward | more than 2 years ago | (#38855197)

Tiny
Electro
Magnetic
Particles
Emitting
Secret
Things

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...