Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Breaking RSA Keys by Listening to Your Computer

Hemos posted more than 10 years ago | from the sssh-i'm-hunting-for-wabbits dept.

Security 186

An anonymous reader writes "Adi Shamir and crew gave a talk on preliminary results in extracting a private RSA key just by listening to the computer!. Similar to power analysis and LED leakage, this is a non-invasive, side channel attack that may have applications to tamper-resistant systems. It appears to be related to noisy capacitors on the motherboard, an effect which has been observed when CPU power saving is enabled on laptops."

cancel ×

186 comments

I don't know (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9093893)

An Israeli? Hrm...

Join the GNAA -- To Your Health! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9093905)

GNAA Health Benefits

Recent studies by the New England Journal of Medicine show a definite gain in health upon joining the GNAA.

"We were able to live a more healthy, natural lifestyle after joining the GNAA support group" one member was quoted as saying, "My previous relationship had been quite unhealthy, so I joined the GNAA and was set straight again."

Through their unorthodox methods, they actually "gross" people out at the gay lifestyle, causing them to turn around to a more natural sexual lifestyle. While gay people should have all the same rights, just as smokers should have the same rights as others. However, homosexuality has been shown to dramatically increase the risk for sexually transmitted diseases.

As always, it is recommended to check with your doctor before beginning a new sexual lifestyle. The GNAA support group can be a great resource to help people quit. They have been compared to Alcoholics Anonymous in supporting each other to have straight relationships.

Enclosed below is one of the GNAA's example images for setting people straight through "extreme grossing." The image may be distrubing to some however.

Usually, non homosexuals respond with "uhhhhhhhhhhhh", while homosexuals turn straight 30% of the time. For the remaining 70%, additional theropy may be necessary. Warning, many will find it disturbing, however keep in mind that it is "OK" to look at because it is classified as a Medical Photo®

That's why it is base64'd twice. Once you decode the b64 you'll have to do it again to the resulting file. Then you'll have to unbzip2 it. Then, you'll be looking at one of the most distrubing images in the GNAA's collection. In the name of medicine, of course!

begin-base64 666 gnaa.jpg.bz2.txt
YmVnaW4tYmFzZTY0IDY2NiBiYW5hbmFz a2lkMy5qcGcuYnoyCl FscG9PVEZC
V1NaVFdZNmxyODBBRGlMLy8vLy8vLy8vLy8vLy 8vLy8vLy8vLy 8vLy83Ly8v
Ly8vLy8vLwovLy8vLy8vLzRBOTk0QUFIMGxOTk FBQlZBQklWRT J3QUFBQUtB
QVNUQUFBQUFBQUFBQUFBQUFBQUFBQUEKQUFBQU FBQUFBQUFBQU FBQUFBQUFB
QUNUQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU FBQUFBQUFBQU FBCkFBQUFB
QUNUQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU FBQUFBQUFBQU FBQUFBQUFB
QkVwcW5xZnBUTgpHa2VReW5rSU5vMG1QVk1qYU RTWkRJeWFaTV RUUnBwa01K
dEFUUXdJMHhEVENEVElZSmt5YURFWW1Ka00KZ1 lBbUFtRU1FWk 5NUm95WkFO
TUNBa1VJSWs4aEhwVTlrMEdwNFV3bnFhbnRKcF BVektlTkZQR3 FlazNvCm1u
cVQwbm9FMm1wNm5vMUdqOUthYWZwVDFBMm8yMV I2bjZoQXlQVU FBZTFScG9i
VUFaTkFBOVQxSHFlawpBR21SNlFIcUdqSTlRMD BDVkpCTWdHaE dFeE1CUFFD
TUFqVFNudE1rOFRJRXcwTkdFTWpUSlBJMGFaTk QKSmtEUU1ocG lBbnBNMDBt
SmdUQkhvVEFhVEdVeU1UR1RJVFE5TWswME1hR2 1xRzFzc1UyS0 VGd05BQ0g1
CkNMbGtnUm93TWRUTlFhTUJvZnlNbUVERUhNaD UvWkdVVUVDY0 JJa0JvZEdG
bkN4RUx5MXBtb3RJa1FXNgo2WUdTaG1jMXQzME ptaURITzc2UT FaYXJWOVJX
UjR6RUZMcGU4WkRmcXIxMGhCdEhoRFJ1ZGZ0WT ZuTjAKUlhYbW wxK1p3TjdS
NkdGSkNtZUpGVDd5cVd4ZUZGVXBJbHpJNHJKSk 13Qis4bWtnRm 5ocEVqbDJX
VVVKCjZXTVV0WXdTaC9DQUpmbWFPZHprQ1pvTV pwSC9tWGF0b0 F0T3hFN0JO
empFV3l2Q0FaOG1JSVdJd0lORwpFeFgyZ2tSMU NvaXZLcGdTUz NKZmRBWlNh
WVFRdU43S0hJVXlOZGN0eXZWWTkvT3FXR3BZQi t0ZXZJWUkKei s2YVAzcmlx
Q3VtYXBVUnp6a2N0b1NKaVppYXo1KytoMHoxRX dRZVdXbGpGdH M1RTBMTE8z
cTJmUXpCCm8wek8xWUZkUVVGbENxUVJIZmM0YU hmazA1bmQwVz ZwTldkZWZO
TWVwS3QySnp4dnpXRExNczZZRTdQQgpVWkEyaD AzaEVJdERhSU 1JUllCY1Bh
N0NVUkpzNlVhaHpadVJyTkw0K2tuSjA5SkNFVT FCaWJOa0ZGU1 EKaVRHd2Fj
eEExcENnbnZWTUtkb3BaQnJVakZYWFR4aXU5em ZVeHFyYlE0Rz Joa1drOWFT
cWpPWkduaXdSCmFwekEwVzFKQ0tnckhVeVNsVl RDMklwRmdWU0 NYWUhRR0lj
WTVFeVZVcTE0bFZPT0dvUVRLOVlzMFZ5YQphcG N3QmprcEpyYl pCSmVBUDJC
c1EzdUNmc1pWblNhWU1yRmNaWEdNSm14REdZbF FvREQ3NHV2eS tGOXEKdFFE
QjJXdUs0RmMvenJTNExRcVZqdEMrTzZySldUSz FSNkZWTTBCQT ZRODhwdTBw
K3Nkc2VEVmtUdkZ4CkRpRnlTdEs1WmxvQjNaeH owWmtHU1ZFcT c1UjI1K1Bi
L0pMRnBSb2t4ajZPZ013alJEK3F1SGpRakFLeA pkRWhDczFWNS tCMEhrVjhV
WVJPVGd6S1ZFQ1dRdGdlK0FSRXlINWdac1dVWT kxMlhmbmhiQX FMT0ZCV0kK
bzZJcTlzV1dWamNvR2k1SUNDcWttS2dZR1dHS2 duQjg0VTlkND RyR0tmN044
THRvVTVuQ0VQRVRqd2RsCm1ZRHFHbEZpZERXWF ltRVpBUk9DWU RIbDBNeUZi
cVpoMWlNRmRxaXFLb1RPUWtMNFhYTE9JSmU3d0 dvTAprZ0daNV NkVUpOWTBs
RU1hSjQ3TTVtLzhZMFM2Vk5XVUFLVmx5N1c3TD dtbE9LaFRXcE xRRlR2akk3
Y3cKdVNUTDA4RW1VdWJRcTAvNW4zbTlOdTlNRE 9OQThrc0ZFS1 ZKcSs5YlQ3
a3VDOFh0Q3ZBQ2dIVkdTTkhZCkVTNURJUFkzU2 1zYVRXRjZJb2 pDYnRkNzcx
OWwrMTZKUW5qRENrcERDQWM1Z2s0K0NnRkFIa0 hRQ1RRVgpBVH dSSFk4RW5y
NWFPSytsR0VSZlZWRDk5Z0JVZlRnUVlYNHJnVz RZMGp5dUtVbE JoR0JHRGJU
VG5QTEsKN01XYnhFZDhoWVlRenc3WFJpWmNpVE RIeDM1K25zWk J5YWVreW5Z
T0c5bXBMQ21hQ0ZMVFBYWmFETjhoCjNObXRidE h2OFdlNlpLTS 9RM1hEM25k
WmhZNkJIREVJYkFRKzVMcnFOajVTZjNCZFVrYV dBamh6bU53TA pLb01hWXlP
YlhXTXBoNm5aNU1SZTM0aWd5MlplemVtQk56Mn lEUjhoSmFUY1 hJTk1Qd3V6
bGlvdGZCWUgKMWxpUWExbjBZNUREamhLUkV5cz VoNGpxbmFOaV ZKNm5LNEpl
dC84UFV0VW5QM3d3enBHaXAybXptcVRZCjMwcV JReGtDZlgvaF FjdHFkUkxP
Y3Btd2Q4emdvRjFwMkw2SWF4STZNWjh4TWxYdS tGMnhXM20rK2 szegpsOUJ0
bC8yTldJaUlmY0Roa2Q2TitPTE0vVmlNZVh0Yz JSOVE2elJTVk x3S3QwTjVo
ZTZTR1gzQXdFbjQKVE5LOW85MlI4RDhyTWk5a0 0xcHRHTzlJdk NURXE4K1NR
eG8yUXJoTjBad3ZDdXI0VkdSMG9OeWpyeVlXCl RlM3BUelB4U1 VNUVhzWGwr
TlJ5eEtaRXlnU2V1NmU4V1pRa1YvRkdXRWtNak Q4NVlpeG9JWn hQaU9KVApH
a01YdWtSUm1SaVJIeXcraVpQb3ZNL21TTnNXWT dGVU5xeWNOa0 5wOEc1TXNi
VmNJTXNlb1BNVlQwYUwKamlhTWd4UjlZdzc2cU 5Md0lkOUZ4NG MyUWV5aFZE
ZzhGRmtKSXp3Nm40dkl3SEZYeWN3QzRTQnBERk Y4ClFUNlFQVG tLQzlPN1RD
RXFLTzFqQ3h1QlYxSEF4aTRhZlpxVHFHRUd5Zm JrOW9qa2xBS1 dxRWVkMmI4
egpHbEgweEJabkNKTGpHbDhocVJVT2o0WDhHYU YzYnlNNkVra2 treVFKa3Nq
NHhvd3kxNC9YQ2pBSjNGN1YKR0tPYVI3RnMzbV ZNYURDTkdmeV pMa2lKQzQy
djFFUWdtWDFDZER1anhtQUpHdUlZbVJVWU1uVD ZDNmxUCmh5NW ZoMXJCYm54
TTRKWDR5aDlJcVVDV3NQYVBEWFd0amE0dU9GWE hQUnpZcE91c0 9FV3greDFm
S1FBNwpFc1p5SWlsbDhUUyswbTA2VVFLTlozdn c2UkdsQ2VlUF hzcmh4SjZR
cCtPTUZuVlNucXAySUhlaVJIWFQKenhpWUxVaF NCVmxKNTVQVW 0yNUJzVFBD
c2MwUVBYSHJjamNaU3NLWTRHZ0VpdlF0eko2Rz FKSldFd2RrCk w5YjVTVEVC
Uk1KMTFncjlDMG10aTVpN0NrK1B1b014eGRwa3 pBN1hKMmxONU pReFRzenpm
QnlwMWhPTQpyWVJwenJkemEvTDQ5LzFjT3FXTW pxb0ZjNXRiSn dUVzFQMG0w
eGdsV0d3T0NQU0dvZ2wwNnBsUmVEOEIKaDVsWj JDSUtzL2czaE UwVG9GZjJE
U0duTnBaMUdsenpVM3dlbk1MdUtQVTU0NVlxbU dhaW1ZdWxsaE JYCjcwbytZ
ZXg5b2FIakxRR0hIUTlocWlMT3Rjd2hDR0dLTE dtYXVpck11S1 lRUUhUWFU2
THhlbTVFemMxZQphblRJa0dRSXN5MHlNRWVkRT hjSVo4YWQ0eF NiNUJqNjl0
T0hUT3B4aGVlQk9kNDFmb016MGpPdElyYzgKa2 VlT3A2UWNUT0 dCTkNjTkJG
WHN4d3hqSUxWSjNpNVBjUU9GNU1YS0Q4TUJIak lVeDA1WVh6WF MySlBxCjdp
Qys3ODVVVWYzRG9PZ1lnVlA4N0dISzlTaXZ4M1 BGd0dzOUl2YU JPa3BHcUtN
SXpvcURnOEUxb3pESQoybWhKSVdmV0lpOHdaWW 15cGJUN1RCR0 FMalVCMVQy
RENNUDNFeXZsa20zWXhOaUNkcnkvTWZSR1ljUn cKTCs3RFlRND dVMlFNeVFB
emtRTVkwR21iQ2FQU1g0WnkyR0kwMDJhTEZsa1 M1eHo0bXpQai 9ncE1HUmlM
CnlkdmlFQ29QR2F1K0ZlTFhBeXBuUmp1SVVaRE FDY2x5S09DTX BNRkIzRE1n
SUZCV2kwLzhVdy9JOFpobgo5THhDUzlvQ01uVV ZFUlJ1alA5Nk FZVDhraytn
R0ppa1RuRm1YZ3ZBZFl6SkpuM3pBd0ZRQ0dydz ZSSC8KVmJRVj JXOE9OdVJs
YXV1TXNvUHlLVDVsUDdOUjFYaTBKTkNPUmJKdW NOak9QU0ZaUG trVGYyQ292
czJLCkR4RWtSaG5HMThNUkh4a1VwUXdXRmFjUX lTNFhXNnY4Ql NlWk5BTElE
TmlacGFTdXQyY28xNUxVekdmVwpaSHVtR1lNTW dUaFh3SUVUV1 dSOFk4N3B5
YnNhRGpHRGpjRXU3Q2JyZm45QlVwNWcwcFVXak JKdk5HYUYKZm dEakhiSEV5
b3BLcm9EeGgwY3ZQamRacElHWThsRzJFQWJVYz RCc1VvYmhEdW VBaFJ5SWFZ
VENFT0QwCjd3QzBzaGEyUTRrc1NRUWJRRVVOal dWaFdFR0laaG VZRVZ0ZVFN
RWpMVXlSS2xxWkk0QjNEaE1kbjJ6TQpQRUM4Z2 Rsd2VaaStJVW cvM2xFRUtC
Z0c1b0ZtRk53N28zRU1LVzRYbCtsWlNBSllaWn dheXNUeCtxMU oKQ0tHRkkw
QlNtK3l0LzlJYlQyZ1pTN1BIbW1ETDRZMFh4RW dUa0MxS0RUOD d1enZOOGRY
NHBnQ3RCZGkrCndJcVNYVEtUQVBxVEh5WDRGdz I1QVg0a3lET0 9QeEJEVTRp
OVVqZWVFbWxrRXJCR1ZKTHlCSVMyZk5XcQp2N2 RxZzRYQ0lJbH lmbkdWQTVX
ZjZOQ3Z5ek53YVpUS3dkcmFDV3FsclRCSENSdH V3K2hyWjUwMV N2SlAKd0R0
VG1EcFBxSExsdmt2a21YRFJMU0ZtRWR4bjVsSF JsOEY1STRobW lIWkc4Tk05
a2NNeHljNTgrd0pzCndlOU9XQW9TcE04ZDh2VX V4Q1p5ZUNISk I2R3MyQklR
ZUR3TlRDcEpOK1VYY3BzVTEvRWxzT3dJVG5yTw pTUDkyTCtZST AxaFF0aUc0
aEc4R1FFa0czTlVZSDVobWs1b1RJdjRDQXlLNm YyUFV0NEhnNl pmWEIzU1kK
R1FyaWFRQTRHd3FUdS9PQWNCaFpkV01XdlVZUT ZBbjRoSDFNRk pVTXBtZTdQ
Tll1YlVnbUNFNFhweHpYCkYwYkxHdURpdzFYdm U1SzF1VzQwRj dGaUxCSlJm
d2ZtdzVwUTZrUklrR1Y1blRrRjczWTRpSjQ5Uk xESApsZEtaZX dHc2QxTVpG
aHJDM0xtQUxFWEJodmZteGFoOXhjTW5Rb1RoME ZJVWd5SDhtWE 5tK0MrZW9u
QzcKSkRUeUljeUJuTFNLTlZoWjh3R2c1ZkFONl BYZFB2WFNqUG laV1RQVVZ4
eGlzT2FXNWtqMDBsYVdOU2JCCkl0eXYva2NpSk 8wZnUrUFpVQy s1bnFHc1pq
aUhubVRHSHBNWVRoVFhtcnRvMHdKcERzbmlqaS tqNHFhUgpzTm VVRWFIa1Qz
V2xSaHFBYW9QNEZJZDRkNmd6QTFpWkpkSkl4Tl BiRVVHdDRveV YzSkZTUm5T
L0hUMWIKM2xEVFVacWtWdENlUXFxQVJhRmhuU1 pJNFJSbGdlTF luQy9aWkVJ
SElTM0JKTS96RXVUd1pjOFJVWHphCjBjR09maC 9KbkhuVk5KdG pPbnJIQU9H
UTQ3NjMvYXlrTkNXeHNpMzB5b3RqU2lZMGtTem pWNXpsN3hqYg p5NlRWWnJj
b2Z3ZDQ1d2k5b2Q4T2R3dVRrS2NFSzFIbE1BYn MzWlZGcWF6K3 Y4T0x1elBI
dElVbjZuT20KVjErekIzRkFzNHdsYXhLSElTel JhN1k3Qk1IMk NNZ1doYm5Z
WXlRMlE5RHdVK1BRZHNralJEcUppRlBnCmJKcn dvemhEZmNQQ1 JGZmllMk5u
eStqRmNhSCtUN2VWODVlYmt3SnJyQWNEeGpHVH d1R0FwMHdQSl dlbwo0eEJO
cGh2NU5kaFA5SmhjSkFyZmlOMFNhaHRJNFl4SV lQek9lTXI2ZE VueGNNS1pN
NEE4QzYycWE5OEwKZlgxUlVPUnhkOEwzSmk1Z2 tTOEdXMTkrRH lFWnlqRmpi
dVM0VGtJZG9seGVFNjE1MWNCWUpvMDJYMGlNCm tmb1lvM0IrQm FuWHpsVzBh
NGJuNFJLWHcwSnREUEZ3Z29Tek91ZlI1aDBLak 9FWUtnL0U3eE 5UWldqTwpR
bVpMeVBScnUwZmtXZzRqZjJUVThINlRKbmhQS2 YwWXN5Si9VMG RRcmp6Q1Ex
dW5yNW5TSldMTDBYa24KQ3RQR1N6bFBQRFR6RD hENGQ4eFpvak 41RklFdjRH
eVNseDYrUTZpUVVoUWxxUklYQjVCL0ZoQkdnWm ltClNFbGpXZG N3SjhSZGdE
Y2lIUW9SN1dhMDU1cUJ0RVVSZlRFRjkxQmJpNl JaZGxBZVU4Nk R5OWJpWkU0
NQphSExPb1VwaEQ3aFFIZVIzeWROTkRUQlFtcF pUL1JseEpNQz BmQTRobTNV
ZlJZSkYwTkE1WDA0b3BKb3AKU01HZzNPdU9zWW 5sQzA2bGdaal F0Y2FUdW5M
Ym1HdEpFNDlvUkJnaVFHVThneG05S0FyTSsra0 1UTy9OClFYQn p6T25US2xk
K1NQWTN3d3U4MHY5UWNKZ3g1bWlhR1NtTjBaYU ZHVTBXS2d2T2 NrY2lIRlAx
RmNieApxUEFYeW5FZFk2VGdpaWJDTWhqciswUn NNWlhtd0pVUn NESjZVZ09h
WlBlR25RYXdzbDhOVU4zR0h5c2sKalBrbWNvK3 pwblR4UnRSUE 5FdlQ3Y2RS
Y0wwalduK0NhajFaZXptRmRaNW9WUjArZEE3NW FsZjBTRXY1Ck ludk9sYXpl
U0kxU2JndURSSG9LWDJLamUzUkxMZXRWN2VUTF k1eEVJY0YzNU 1CZzRVZGI2
ZU9lZmF2dwptdjVEZEExSHRQckg4eWFqSklkVH ltS0xZVWQ4Zm R5WWxRVzV6
NEkreVFtenhuY1BjUEI0YmszU2ZsTVMKS2pOYn BwSWN3Z2lmTm 1WSnIzMGRE
OTRIdkdiRXg0QmxJTHVjNFJTSzg2Ung3eU1MWX o1a0NsSWtSWE dmCktjZlRp
SU1FUVA2SEVQZVR4OGpnQ3NveklDZzladnhuUH dtUzJGMStEUE U4Ym8zQVEz
L0VFVUk4WG9tZApZUlcrTGt5U3dZcGovdE80eG o1VWp2Q3dhZz RSZTlHWUoz
L3dQNVdGaEhHbmpSR21pRnBuQ2hKTXdJMkgKWk 50cytrTW5qQm xScHorRHpt
cE5hYkU2SXFXcGFWRkJnQmoxUmd5Z09jdElhMn JEV25odE85Zm pIbklQCnpy
U3RLTFhUNzhJeHhkM1ppVC90NGVrWmg0N3ZaaG pia3VJY0Ywcm lTV3c0L25G
amkrQ09yQ0RDVHd5RQpOWkdOb1Q3MEU0cDJoZm lYUDFmVFdDNl U5c0x2TUR3
RnZ3U3lqdmYvcDRQN05jU295dmg2alBqZ08yTE 4KT2MwZWJ6WX NJejJwVW1F
TXNjMDk1S2l3anJ2OFNkMnVNT3laY2hTUUwxQ0 VJT1ovWmhDMC traXl4SjBi
CjVOR2JPblNGS1V3MkVUcHpQaTZoK01FUXptZX MvSGpIM0VqVG 42Q1IweGZ3
UjZ5eEt3a3pLbmR4NnMyaAorNHFJblJ3VE1aNC 91UVAzYTNJck Q2ck9iZnoz
RHR6N0w3ZmFYSkRDZ2FlTDNQUHp1d1B3YVErMH R5aVAKUjZDT3 czV01lWGtZ
SVVheE1XL1FJalh2a29JalhJTVNlc3I2Z3RETm xxeStRNjR6N1 lTSjZEUzJV
dUl2Ck8rSmE2VHV4VkcxRVNCL3hTRy9IUTJzeV RoODU5bS9tZV FKd3ViTHlq
MGJ3VUhySjhjQitKSWxuUHFtbwpLVWJ0WDZkRH gvMzRSajhPV0 kvd0JRRUhO
WVVaWjcwRURSbjBFdVBCMmpObU9LY2d4aUo0Z0 NvUFp5ek4KRE VZMDZZOWtL
WHN3SjJCeUdQZWwvRmhUdmNPM1JLbUFmWkd2L2 JZYklzWjQ3NT RDdE9YWW1W
SnczWlpuCk5pQnFQTVNyNmZzSFE3bExLbVpnaE UzaWlFOUsxM0 ZMVVM1TkZX
Vnd4WnFQaTIwYzNvais3U3NCMURoOQpnSFl3c0 pBamJub0tVSF NWWXRDYmd1
QS9VdnlMWnE3KzRaSmUyK0NiZmdPNk9ESVhybE lKOEE0bmxwN1 UKQ2NQL2k3
a2luQ2hJUjFMWDVvQT0KPT09PQo=
====

That's it... screw the enviroment (5, Funny)

Anonymous Coward | more than 10 years ago | (#9093907)

No power saving for me! My encrypted porn is far too important.

Whatever (0)

Anonymous Coward | more than 10 years ago | (#9094477)

The attack doesn't work.

Humm (0)

Anonymous Coward | more than 10 years ago | (#9093910)

I wonder if the FBI had a chat with him.

Can this sound be copyrighted? (-1, Troll)

barfarf (544609) | more than 10 years ago | (#9093919)

Bring on the RIAA!

I'm having trouble hearing the computer... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9093920)

...over the dog's voice telling me to kill more prostitutes.

I DON'T THINK THE PARENT WAS A TROLL MODS (0)

Anonymous Coward | more than 10 years ago | (#9094184)

Generic message here.

$

Quite didn't get it!!! (1, Insightful)

KrisCowboy (776288) | more than 10 years ago | (#9093926)

The following demonstrates some preliminary results in the analysis of acoustic emanations from personal computers, showing them to be a surprisingly rich source of information on CPU activity.

Does it mean that people can get my private key by actually "listening" to my box? It would be great if anyone can provide more information regarding this. It's kinda freaky!!!

RTFA (0, Insightful)

Anonymous Coward | more than 10 years ago | (#9093960)

schmuck

No (5, Informative)

Transient0 (175617) | more than 10 years ago | (#9094012)

at best, they have shown that they can detect differences in the types of instructions the processor is executing by listening to the sounds of the capacitors. It is a long way from there to the point where they can extract the key itself from the information. In fact, I would venture that the data is far too noisy (haha) for any significant part of the key to ever be extracted, reagardless of the amount of computational power thrown at the problem. What they might be able to do however is use the information gleaned to eliminate large swaths of the set of possible keys. This could make cracking the key by conventional means a computationally easier task.

So, in all, this paper is not insignificant, but it's also not a reason to completely give up on security or to install a cone of silence around your computer.

Re:No (2, Funny)

lpangelrob2 (721920) | more than 10 years ago | (#9094183)

So, in all, this paper is not insignificant, but it's also not a reason to completely give up on security or to install a cone of silence around your computer.

I'm not sure that I could fit this [cinerhama.com] around a computer in the first place.

No no (Re:No) (4, Informative)

po8 (187055) | more than 10 years ago | (#9094376)

Uh, no. Your analysis runs contrary to cryptanalytic principles and the history of these sorts of attacks.

If you spot me 1 bit of key information, you have by definition halved the work for an attack. In this specific analysis, I need only consider those settings of key bits (in this case, bits of p and q) that correspond to observed behavior for an interval of the spectogram. This means that I can potentially crack the key in time almost linear in the size of the key, rather than completely exponential.

The work on timing attacks and power attacks uses very similar sorts of information, and the anlysis used here will likely be similar also. This is why Shamir, who is certainly qualified to evaluate the work at this point, describes it as "proof of concept": it would be surprising if the observed information fails to extend to a practical attack. It's just that in science, you publish when you have anything interesting to report, so that folks know you got there first.

Re:Quite didn't get it!!! (0)

Anonymous Coward | more than 10 years ago | (#9094269)

Well, I doubt anyone is going to go to the trouble of getting my private key so Im not worried there. In fact I think this is a great thing! Trusted computing can be a good thing as long as each computer owner knows there own key, then MS can not own/control your computer. Of course MS doesnt want owners to know there key. So, knowing that MS has already bought our government I believe there is no avoiding trusted computing, so, that leaves us with our final defense, figuring out what our own key is. This seems like it might be the answer to keeping control of our own property in the years ahead of us.

Re:Quite didn't get it!!! (2, Interesting)

David Horn (772985) | more than 10 years ago | (#9094324)

Is this similar to the noise heard when using an onboard sound card? On my laptop when plugged in to the mains, a distint hiss/buzz/rumble comes out the line-out jack. It changes when moving the mouse or accessing the hard disk, or when the CPU is under load.

It seems that this is a more reliable method for finding a key than using a microphone, but, of course, it does require physical access to the computer.

Re:Quite didn't get it!!! (2, Funny)

bprime (734645) | more than 10 years ago | (#9094541)

It's kinda freaky!!!

Don't you mean 'phreaky'?

I can attest to this... (1)

Seoulstriker (748895) | more than 10 years ago | (#9093930)

I have a 2.4ghz Pentium 4b on an Asus P4B266 motherboard. Hearing my capacitors buzzing and sinking when the processor is under full load is comforting because I can tell if there is some kind of process hogging my load. Unfortunately, it is extremely annoying after a while, but I don't want to spend the money to get a new motherboard. :(

Re:I can attest to this... (2, Interesting)

Mashiki (184564) | more than 10 years ago | (#9094011)

I usually get this on my own setup a P4b-266 w/1.7(oc'd to 1874), but only after a reboot; and only do you hear it on re-init's prior to loading windows(pick a flavor) or BSD. Not when the machine is running.

I'm thinking that it's the little critters getting just abit too hot, I found that increasing the airflow and cooling everything down by a couple of degrees seems to make the noise go away. Unless...it's in the winter...in which case...the house is more then cool enough and you don't have to worry about it. heh.

The boards are good, but my man...were already looking at the operational product end for these boards and it's been two years since they came out. It took intel 6mo to come out with the 533, then the 800's. I kick myself in the ass everytime I think on that...and and buying a AMD next time around; I can get a proc and board twice the speed at half the price for what I paid for this one.

Re:I can attest to this... (1)

Seoulstriker (748895) | more than 10 years ago | (#9094055)

No kidding. I can't believe I bought such an incredibly slow mother board for my new processor. I bought it because it was by Asus and it was only $45.

I don't think the capacitor problem has to do with heat. I just think that the speed of the processor is too great for such an old mobo. The recommended range for the board is 1.4ghz-2.4ghz. I'm on the high end of that spectrum unfortunately. I hear the caps going all the time when there is any load on the processor. I don't know if you would be able to crack encryptions with that. It's certainly worth a try.

Re:I can attest to this... (1)

Mashiki (184564) | more than 10 years ago | (#9094462)

It would be worth something to try anyway, when I picked up the board two years ago it was pushing almost $300. And was top of the line. lol In your case it's abit slow for what you want. There are some good gigabyte boards out now that are around $100, this one here seems to be holding it's own even being OC'd. But I'm just going to wait later in the year to upgrade the rest of this system. No real point.

If you do hear the caps going all the time, then there is a chance that the board may have sat for too long and they have started to crystalize or dryout. You could try to RMA the board to ASUS and see what happens.

Re:I can attest to this... (2, Funny)

BiggyP (466507) | more than 10 years ago | (#9094090)

i've got the wonderful feature of sound effects from my box when performing just about any GUI operation you care to mention, i originally thought that it was a monitor issue, now you tell me my privacy is at risk because of it!

time to fit more fans and drown out the noise.

Smithers (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9093946)

Release the lawyers...

Lucky for me... (5, Funny)

relyter (696205) | more than 10 years ago | (#9093948)

I've got so many fans running in my computer that you can't even hold a conversation in the same room, much less listen for capacitors

not so lucky (4, Insightful)

hatchetman82 (719635) | more than 10 years ago | (#9094004)

"...For example, a high-quality analog equalizer can be used to attenuate strong low-frequency fan hums and background noise..."
taken from the article.
you'd need background noise in the same frequency area (dummy CPU ?)

Re:not so lucky (1)

relyter (696205) | more than 10 years ago | (#9094019)

Perhaps if I just piped in a simple singnal generating circut and filled the local area with white noise of about the same frequency of the northbridge?

This just in ..... (-1, Offtopic)

methangel (191461) | more than 10 years ago | (#9093949)

In Soviet Russia, the computer listens to YOU, in an eternal quest to find information on how to become a unified legion of machines that will rule the earth.

I'm not kidding.

thats GOOD! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9094029)

The world would be better if machines ruled it.

Machines aren't racist, nor greedy, nor power-hungry, nor subject to many other human shortcommings. Therefore, they could make effecient decisions that serve both the greater good and the good of the individual better than any human could hope to.

(provided, of course, that AI technology eventually advances to the point where computers are capeable of the sort of analysis necessary in order to make governmental decisions).

My favorite application of computer-management would be automatic traffic routing. A little nav bouy could be erected at every street intersection, monitoring traffic throughput and reporting it to a central server. Each human just gets into his car, picks out his destination on MapQuest, and the car selects the fastest route based on traffic conditions. This would not only get each individual there in the shortest amount of time, but it would implicitly load-balance all human traffic in real time.....serving both the greater and the individual good.

The possibilites are endles.....

Re:This just in ..... (2, Funny)

Pidder (736678) | more than 10 years ago | (#9094032)

In Soviet Russia, the computer listens to YOU...

Dude, atleast use the proper syntax.

If you have phsysical access (3, Insightful)

foidulus (743482) | more than 10 years ago | (#9093954)

Wouldn't it just be easier to use money/women/men/donkeys to bribe the person to cough up a password?
I guess you could always "bug" a place, but if you were significantly paranoid about security(to the point where someone would try to listen your key away from you) wouldn't you have a copper cage around your building?

Re:If you have phsysical access (4, Funny)

n0rr1s (768407) | more than 10 years ago | (#9094197)

use money/women/men/donkeys

Btw, if you meet a woman with a donkey, don't forget that great opening line:
"Hey babe, nice ass!"

Sorry.

Re:If you have phsysical access (1)

arhca (653190) | more than 10 years ago | (#9094232)

And all you need for Brits is a chocolate bar! (hmmya [slashdot.org] )

Extracting the Actual Numbers? (5, Insightful)

artlu (265391) | more than 10 years ago | (#9093955)

The article does not deal with actually computing the encoding (Pe) and decoding functions (Pd) for q,n,d. Where q,n are unique primes. The only thing their interference spotted is the markings between computing each function for the signature, and this drastically varies based on the machine. They do have a Proof of Conept, but no quantifiable data.
My $0.02.

artlu [artlu.net]

Some guy was investigated for excercising the FOIA (2, Interesting)

ObviousGuy (578567) | more than 10 years ago | (#9093956)

Investigations are an important part of the justice system. Though the tenet is "innocent until proven guilty", it's only possible to prove someone guilty by means of an investigation.

By encrypting your data, you are bringing unnecessary suspicion upon yourself. I wouldn't be surprised if the FBI's powers are enhanced to include surveillance of you and your data.

Re:Some guy was investigated for excercising the F (3, Informative)

LostCluster (625375) | more than 10 years ago | (#9094060)

Even if the FBI/NSA can't manage to decode your data, the fact remains if they get to look at your HD via a warrent and they discover 20 GB of encrypted data rather than anything readable, they know you're hiding something from their view.

That discovery encrypted data can still be used as evidence in justifying further warrants... while discovering 20 GB of Britney Spears music in readable form would most likely cause the investigation to give up on worrying about the contents of that hard drive.

Re:Some guy was investigated for excercising the F (1)

jafiwam (310805) | more than 10 years ago | (#9094258)

So the logical thing to do is make the encrypted files play like MP3s of Britany or MC Hammer and it's perfectly safe.

As long as you never accidentally press "Play" that is.

Re:Some guy was investigated for excercising the F (2, Insightful)

Jane_Dozey (759010) | more than 10 years ago | (#9094475)

Steganography anyone?
I odn't think any government who has reason to believe you to be hiding something would fail to check if it was in plain view or not.
Otherwise criminals would all be using those ghost markers kids use :)

Re:Some guy was investigated for excercising the F (1)

Dolly_Llama (267016) | more than 10 years ago | (#9094579)

Even if the FBI/NSA can't manage to decode your data, the fact remains if they get to look at your HD via a warrent and they discover 20 GB of encrypted data rather than anything readable, they know you're hiding something from their view.

That discovery encrypted data can still be used as evidence in justifying further warrants... while discovering 20 GB of Britney Spears music in readable form would most likely cause the investigation to give up on worrying about the contents of that hard drive.


If you really want to strap on the tin foil hat, that warrant you mentioned 1) Doesn't need to be approved by a judge in done in the name of terrorism 2) They don't have to tell you about it. So if they were interested in the encrypted stuff on your hard drive, they would come in, do a bitwise copy and decypt and their leisure.

Re:Some guy was investigated for excercising the F (1)

GundyRage (611514) | more than 10 years ago | (#9094102)

Small nit-pick: presumed innocent until proven guilty.

Encryption is part of checks and balances. (4, Insightful)

Roman_(ajvvs) (722885) | more than 10 years ago | (#9094134)

By encrypting your data, you are bringing unnecessary suspicion upon yourself

Encryption inhibits surveillance by ANYONE. That the government falls under the category of anyone is secondary to most encryption desires and uses.

If someone was attempting avoidence/prevention of potential government investigation, then the act of encrypting wouldn't make it more or less likely. They make use of encryption because they have some information they don't want the government to know. It's not because they use encryption but due to any relevant knowledge they have, that a person should ellicit investigation by their government. And then knowledge pertaining only to those things that governments should worry about (murder, fraud, and other criminal acts).

So by encrypting the code on my laptop as a security precaution, you're saying I bring unnecessary suspicion upon myself? Noone but my company and its business competitors has an interest in the trade secrets I manage and create during the course of my business. Therefore I use encryption as a means of self-defense. I inhibit investigation by those not authorized by me or my company. The act of investigation could very well be illegal. I would not give my government blanket access to my trade secrets, when I have no control over what they do with them. They should have no interest in them. in fact, by wanting to enhance surveillance of those things which they declare to not have an interest in and would normally have no involvement in is suspicious in itself. Encryption is a tool and is about as dangerous as a screwdriver.

Re:Encryption is part of checks and balances. (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9094306)

Indeed. But it is extremely easy to kill someone with a screwdriver, easier than with most knives, in fact. If you are an average healthy adult male human, you can drive a flat head screwdriver straight through the sternum of another healthy adult male, and that's not even the easy way to kill someone with a screwdriver (neck or eye being the easiest - through the neck is easy but boringh- for psycho points, straight through the eyeball, into the brain, and wiggle it around...).

You're a tyrannical idiot (0)

Anonymous Coward | more than 10 years ago | (#9094292)

Investigations are an important part of the justice system. Though the tenet is "innocent until proven guilty", it's only possible to prove someone guilty by means of an investigation.

By encrypting your data, you are bringing unnecessary suspicion upon yourself. I wouldn't be surprised if the FBI's powers are enhanced to include surveillance of you and your data.

Using your logic you would approve of the old KGB or the FBI's COINTELPRO tactics. On the same vein I guess we should just do a BCS on every airline passenger and stuff'em into an orange jumpsuit to guard against another 9/11 hijacking. What you are advocating is a "prison state". By your words you want to remove the following from the US Constitution:

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Thankfully in 1215 we got the Magna Carta [www.bl.uk] to protect us from tyrants like you.

My great-grandfather, who was killed by Mussolini fighting to save his country, is spinning in his grave.

I beg to differ (0)

Anonymous Coward | more than 10 years ago | (#9094344)

To say that encrypting one's files is automatically suspicious is neither tyrannical nor idiotic. It is absolutely based in reality.

The fact of the matter is that one typically needs a valid reason to use encryption. One also needs a valid reason to buy several hundred pounds of fertilizer. It is the FBI's responsibility to investigate such strange behavior and determine whether the action taken appears legitimate or nefarious.

No one is guilty in an investigation. However, the appearance of guilt is engendered when one acts like a paranoid, anti-government loon.

Does anyone... (4, Interesting)

centralizati0n (714381) | more than 10 years ago | (#9093969)

Does anyone know the range of how far you can be away from the computer to hear the sounds? The proof-of-concept website just seemed to be "look, here are pictures of computer operations... in sound! Yay!" without enlightening us on any details.

Re:Does anyone... (1)

gravyfaucet (759255) | more than 10 years ago | (#9094112)

I happen to know you can listen to computers in the white house from Penn. Ave. The password I decoded was 1,2,3,4,5. Or it could have been Dubya unpacking after a trip to Camp David.

Re:Does anyone... (1)

LostCluster (625375) | more than 10 years ago | (#9094152)

Really, it depends on what equipment is being used to pick up the sounds.

Think about WiFi. Your standard access point and and laptop card will work for about 300 feet. However, somebody 1000 feet away could interact with that network using a simple pringles can attenna.

The same theory basically can be applied to sound, the more directional microphone and the better it is at filtering unwanted sound, the better the signal-to-noise ratio will get. So, putting walls and other background noises into the problem will make it harder to find the signal here... but I don't think there's going to be anything that can make it truely physically impossible from longer distances, just very hard to make it nearly impossible.

Re:Does anyone... (1)

Jim Starx (752545) | more than 10 years ago | (#9094565)

You could put your computer into a soundproof box. They're actually pretty easy to find, used alot in music studio's to kill fan noise and such. Of course, access could still be gained by breaking into the box or anything like that. But as access goes a sound source is alot easyer to control then a WiFi network.

mod parent down, -1 stupid (2, Informative)

Anonymous Coward | more than 10 years ago | (#9094219)

Did you even read the article? This comes from before the pictures of the sounds, even, and I quote:

The recordings below were made under nearly ideal conditions: the microphone was placed 20cm from the recorded computer, the PC case was opened and noisy fans were disconnected (where applicable). Comparable results where achieved under more realistic conditions (i.e., the subject computer is intact and placed 1m to 2m from the microphone) using more expensive audio equipment.

Maybe you should just get modded down yourself... (1)

centralizati0n (714381) | more than 10 years ago | (#9094342)

Well, maybe, just maybe, I wanted info about theories of how far you could actually be away from the laptop to retrieve the sounds, or the type of room the laptop was placed in that would provide the most opportune moment for capturing the sounds. Maybe I wanted to know how degraded the results could be in order to get the info about the processing. Maybe you should just crawl back into your cave, AC.

found a way to stop it (3, Funny)

DrLZRDMN (728996) | more than 10 years ago | (#9093978)

the wont be able to hear it if you've got one of these [newegg.com]

Re:found a way to stop it (1)

Rufus211 (221883) | more than 10 years ago | (#9094198)

Or how about one of these [cluboverclocker.com] ? They're old-school and no one in their right mind uses them anymore, but damn those little things could push air (due to the fact they were going at 8000(!) RPM).

Re:found a way to stop it (1)

Daniel Wood (531906) | more than 10 years ago | (#9094423)

No! Stop! Heeeeelp!!!

(I used to sleep in the same room as one of those. Talk about nightmares of getting blasted from afterburners and such.)

Re:found a way to stop it (2, Funny)

jepaton (662235) | more than 10 years ago | (#9094501)

And the manufacturer will still describe it as "almost silent".

RSA sucks anyway (0)

Anonymous Coward | more than 10 years ago | (#9093989)

I'd never use SHA-1/RSA for digital signature.

Nope, for it's DSA/DSS all the way, and all the noisy capacitors in the world won't help you break it.

Why do I trust it? Because it was developed by the NSA, not a bunch left leaning MIT eggheads.

Re:RSA sucks anyway (0, Insightful)

Anonymous Coward | more than 10 years ago | (#9094094)

You trust that the NSA does not have a back door in, or did not also develop a way to break the encryption? From what I know of them they would not want to give out unbreakable encryption.

Re:RSA sucks anyway (5, Insightful)

kasperd (592156) | more than 10 years ago | (#9094107)

Nope, for it's DSA/DSS all the way, and all the noisy capacitors in the world won't help you break it.
That wouldn't change anything. RSA as well as DSS is based on modulus exponentiation with a secret exponent. If you can get the exponent you have broken the system, it is as simple as that.

Why do I trust it? Because it was developed by the NSA, not a bunch left leaning MIT eggheads.
That kind of logic is useless in the security business. Basing your trust upon who designed the algorithm is stupid. How many (and who) tried to break the algorithm and failed at that is a better meassure on the security. A good rationale behind the design is another good meassure on the security. And finally mathematical proofs.

Re:RSA sucks anyway (0)

Anonymous Coward | more than 10 years ago | (#9094191)

Hey, are you Kasper Dik of Sun Microsystems fame?

Re:RSA sucks anyway (1)

kasperd (592156) | more than 10 years ago | (#9094517)

Hey, are you Kasper Dik of Sun Microsystems fame?

Nope. I'm Kasper Dupont of usenet fame.

Re:RSA sucks anyway (0)

Anonymous Coward | more than 10 years ago | (#9094366)

Ron rivest is a yale man!

It's the CPU dummy! (0, Funny)

pair-a-noyd (594371) | more than 10 years ago | (#9093990)

That damn 666 CPU....

There you have it, the EVIL bit at work....

nVidia is selling a new security device... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9093995)

...called the 6800 that doubles as a graphics card.

reminds me of the old days (5, Interesting)

belmolis (702863) | more than 10 years ago | (#9093996)

Twenty years ago at Bell Labs one of the speech machines (an SEL with homebrew audio i/o) had output to loudspeakers that went through unshielded speaker wires that ran past the CPU, so if you weren't playing anything back the speakers played back CPU noise. We could tell what stage a compilation was at by the noise that came over the speakers.

Re:reminds me of the old days (5, Interesting)

LiquidCoooled (634315) | more than 10 years ago | (#9094082)

I actually still get that.

If i turn my speakers wayyyyyyyyyyyyy up and start working, I can here the data being moved around. Scares the crap out of me when something plays a sample, but fun all the same.

Its happened on my 2 most recent boards, and I just put it down to the integrated sound cards vs the Sound blasters I used to use.

Re:reminds me of the old days (1)

Stalus (646102) | more than 10 years ago | (#9094295)

I generally hear it with my headphones on. I can definitely hear my mouse wheel, and generally other things as well. It's quite annoying.

Re:reminds me of the old days (1)

LiquidCoooled (634315) | more than 10 years ago | (#9094319)

Are you sure its the wheel itself, or the amount of data being blasted around as the entire screen is scrolled vertically?

I do notice it on long webpages, and recently, we swapped out my wifes psu with a really dodgy one, we could here the fans themselves physically changing speed as the cpu/gpu usage increased.

Re:reminds me of the old days (1)

Stalus (646102) | more than 10 years ago | (#9094438)

Yeah, it's the stuff moving on the screen, not the wheel itself. I can hear it when I change firefox tabs as well :P

Re:reminds me of the old days (1)

stephentyrone (664894) | more than 10 years ago | (#9094518)

how close is your sound card to the video? electromagnetic interference is a wonderful thing.

Re:reminds me of the old days (2, Informative)

tricops (635353) | more than 10 years ago | (#9094353)

I used to have that problem. I have an extension jack for the speaker out and mic at the front of my case.

One day when I had the case open and was moving stuff around, I noticed it made noise whenever I bumped the cable for said jacks. Once removed, the noise went away.... probably not the same thing in your case, but gotta love unshielded cables.

Re:reminds me of the old days (2, Interesting)

drinkypoo (153816) | more than 10 years ago | (#9094169)

The Vectrex video game system runs an unshielded audio cable right past the tube and you can hear the system pulling the photons around - as it's a vector scan system, it produces an extremely wide variety of noise on the speaker.

Re:reminds me of the old days (0)

Anonymous Coward | more than 10 years ago | (#9094597)

Indeed, theres actually some software that plays "music" using it (this obviously has confused more than its fair share of emulation enthusiasts over the years).

Re:reminds me of the old days (1)

Gadi Evron (238989) | more than 10 years ago | (#9094382)

Actually, that sounds more like TEMPEST. The magnetic interferance on the unshielded cable sounds exactly that, or am I wrong?

Re:reminds me of the old days (2, Interesting)

Alien Conspiracy (43638) | more than 10 years ago | (#9094409)

My old Atari ST would emit different background hiss via the TV modulator output depending on the CPU load.

Aha! (5, Funny)

dupper (470576) | more than 10 years ago | (#9093998)

Now I have an excuse to play loud music at work: security!

it's no lie (0)

Anonymous Coward | more than 10 years ago | (#9094017)

they're not making this up - on my laptop i can hear the noisy capacitors when the harddrive has spun down and the CPU is in energy-saving mode.

no disrespect to Adi Shamir, but... (2, Insightful)

Gadi Evron (238989) | more than 10 years ago | (#9094023)

As much as this technology is a risk and therefore a potential threat, unless you are of the reaslly paranoid (which would mean this interests you considerably) there are far easier ways of attacking a computer.

This attack came to show how to attack the key, which is why it interests these folks, I suppose, but it would be much easier to use TEMPEST if you get access to actually install some tool to hear && (record || trasmit) the audio.

I would suggest TEMPEST would also be more reliable, but some testing is in order, as well as a lot of research for every CPU you intend to attack.

Cost vs. benfit? I can't really see it.

This is pretty cool though!! :)

(adding another mark on my paranoia list).

Odd article to have Shamir's name on it (1, Insightful)

Anonymous Coward | more than 10 years ago | (#9094036)

What a ridiculous load of bunk. You cannot possibly use audio frequencies to infer any meaningful information about what's happening on a processor running at 1,000 MHz or higher clock speeds. Repetitive sampling techniques would be necessary, and I don't think anyone's key-generation algorithm is going to sit in a tight loop, doing the exact calculations over and over for the weeks of wall-clock time it would take to sample any actual key data by acoustical means.

All this article "proves" is that a CPU's current drain is vaguely correlated to the type of instructions it's executing. In a modern multitasking OS, that's not even a useful basis for traffic analysis.

Adi Shamir ? (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9094045)

Let's get this guy back into the Iraqi prison system, and quick!!!

Patenting. (3, Interesting)

Zangief (461457) | more than 10 years ago | (#9094076)

If you go to the site of the DPA attack [cryptography.com] ,Cryptographic Research, you can see that they have already have patents on Systems to protect against these kind of attacks. So it's not like they have developed anything (I don't know if they have) but you can already pay them to get protection from this kind of attack! yay!

Kinda like that CPU speed crack (4, Informative)

suso (153703) | more than 10 years ago | (#9094101)

This sounds kinda like that crack that the college student found in 1995 dealing with the speed of the CPU determining what random numbers the host would pick. A good reason not to keep your CPU info in the HINFO line of a DNS zone file.

Is this actually possible? (4, Interesting)

idiot900 (166952) | more than 10 years ago | (#9094111)

Even at a 96 kHz sampling rate, the maximum frequency that can be sampled is 44 kHz. How could one hope to extract a certain few bits from a recording when the CPU's instruction throughput is many times that? Most of the information that would need to be examined wouldn't make it onto the recording. Correct me if I'm wrong, but it seems Nyquist leaves this idea dead in the water.

Re:Is this actually possible? (4, Insightful)

Insount (11174) | more than 10 years ago | (#9094168)

> How could one hope to extract a certain few bits from a recording when
> the CPU's instruction throughput is many times that?

The few bits you're trying to extract may have an observable influence on global statistics, especially when you can affect the value of some other bits. See for example Boneh and Brumley's timing attack on OpenSSL [stanford.edu] .

Re:Is this actually possible? (5, Informative)

Doctor Wonky (105398) | more than 10 years ago | (#9094231)

What they did was, create tight loops performing the same operation over and over. And found that different operations tend to result in different sorts of noise on the power supply, resulting in different sounds from the capacitors.

Remember though with their 96,000 Hz sampling rate, a 1 Ghz CPU performs over 10,000 instructions per sample.

Air does not vibrate fast enough, and there are no microphones with frequency response high enough to let you look at individual operations.

So I guess, if you knew the characteristics well enough, you could record the sound of the capacitors and say 'Hey, this guy is running GnuPG' on it. I don't see a concievable way to figure out the keys and this article doesn't suggest one.

Re:Is this actually possible? (3, Interesting)

Welsh Dwarf (743630) | more than 10 years ago | (#9094392)

the key, no, but log(10) of the key, you might well be able to have a fare guess at, and that already eliminates one hell of a lot of the factorization troubles...

I've tried this... (5, Funny)

bhmit1 (2270) | more than 10 years ago | (#9094121)

...but all I heard was "Dave, what are you doing Dave?"
Hmm, maybe I should put away the screwdriver.

Relevant to chipcards? (1)

kasperd (592156) | more than 10 years ago | (#9094154)

Obviously this attack requires physical access to the machine. And with physical access to the machine there are easier ways to extract keys. So this is really only relevant if you want to protect against somebody with physical access, that wouldn't perform a simpler attack, which could involve disassembling the machine. I think some chipcards you would use to protect keys is a case, where you might worry about such attacks. But how much noise does a chipcard produce, I think with those it would make more sense to meassure the power consumption. Where are the other cases, where you really need to worry about this?

Re:Relevant to chipcards? (1)

shaitand (626655) | more than 10 years ago | (#9094515)

"So this is really only relevant if you want to protect against somebody with physical access"

While it's true this requires you to have had physical access to the machine at some point, it's the time and level of access that are the issue.

For instance while it is fairly rare to get the level of physical access you need to employ other attacks on a bank terminal, it's a breeze to get the level of access you need to do this.

You don't need to login, you don't need to open the case/bypass locks on it/damage it/etc. You don't need to be able to move the drives into another system or get boot access. You don't need to depend on any particular device being installed (floppy for instance).

This could successfully be employed on a system with a padlocked case, an armed guard 10ft away, and the latest greatest filesystem encryption/authentication etc.

Just walk by, brush the case with a bug coated in "stick my ass to case"(R) TM 2004. And continue on your way unnoticed.

Physical access and knowledge alone arent a guarantee you'll get into a system, there are levels of physical access (something commonly ignored in statements indicating that if you have physical access you own the system).

For instance, 99.9% of the time, physical access to a terminal is secured to the point that you couldn't successfully short the CMOS or boot off a floppy or open the case and fiddle with the innards.

What was once old is new again? (1)

Bob Bitchen (147646) | more than 10 years ago | (#9094160)

Eavesdropping is an old technique, it's interesting that it's being touted as something new. Okay so the context is a bit different but not all that different. Is even the context all that new? It may be new to the authors (and readers?) but it's probably not new to those folks that employ creative techniques to snoop. A microphone works great to "log" keystrokes. The delays between key presses can be used to create a pattern that in turn can define exactly what's been typed. Passive listening devices have been employed for years, sometimes going undetected for years. A cell phone could turn into a monitoring device. So there really appears to be no such thing as a secret afterall. Where's my quantum encryption...?

My computer tells me... (1, Funny)

Anonymous Coward | more than 10 years ago | (#9094170)

When I listen to my computer, it just tells me "Snap, crackle, burn!"

I listen to my computer... (3, Funny)

JanusFury (452699) | more than 10 years ago | (#9094190)

It tells me to troll Slashdot, and buy Kenny G albums.

I'm starting to think it doesn't have my best interests at heart...

Noise from HLT state etc.. (2)

Anubis333 (103791) | more than 10 years ago | (#9094196)

Anyone who uses software powersaving/CPU cooling in windows or linux has heard this noise. Programs like CPUIdle [cpuidle.de] et all put the processor into an HLT state and cool it significantly (12+ degrees here). I run the thing to cool my massive laptop [chrisevans3d.com] which would get quite hot during renders and things, what with it's 10K RAID etc.. I hear this hum in a lot of electronics that have no moving parts (routers, computers, etc..), and have always wondered about it. In a chat on IRC we chalked it up to electric frequency vibration.

I have also worked on some PCs that make the hum during *any* processor use, like scrolling a webpage, etc..

Re:Noise from HLT state etc.. (3, Interesting)

0x0d0a (568518) | more than 10 years ago | (#9094348)

The most common thing I've found to induce audible noise (I use a SB Live, and can easily hear this with even cheap speakers) is to demute the sound card inputs that aren't connected to anything -- like CD audio and whatnot -- and then start moving my PS/2 mouse, which generates a fairly slow sequence of signals, producing a definite buzz. Video redraw also can do this -- dragging windows works well as well, and what's on the screen (oddly enough, lots of white areas seems to cause more of a buzz) has an impact.

It's really amazing how dirty a computer power supply is -- I also picked up a headphone preamp that fits inside a 5.25" drive bay, and can optionally run off the computer power supply. If it's running off the power supply, I get a *very* noisy signal that is affected by things like hard drive access.

The other shoe dropping (4, Informative)

Effugas (2378) | more than 10 years ago | (#9094220)

Shamir, once again pointing out something absolutely brilliant and (in retrospect) totally obvious, did forget to include something rather important in his announcement:

The particular pattern of CPU operations executed while an RSA private key is executed varies depending on that RSA private key. Given a rough estimate of the pattern of CPU operations executed, the set of possible RSA private keys is greatly reduced. So it becomes much, much easier -- possibly trivial, particularly if you have a chosen plaintext scenario -- to extract a private key from an otherwise secure system. Consider an e-voting machine with an audio system for handicapped access -- with nothing but a very sensitive microphone in the booth, you might be able to determine the private key used to sign votes (and thus gain the capability to spoof votes elsewhere).

And of course, this would be a very, very successful attack against an RSA private key embedded within a trusted computing environment. Processors -- even those encased in epoxy -- still need power, and variable amounts depending on what they're doing. The brilliance here is that rather than needing some very expensive analog energy drain measurement equipment, you just need a sound card. It's a side channel attack for the masses.

Very very cool work. Wow.

--Dan

Forget capacitors, listen to the keyboard. (5, Interesting)

Hans Lehmann (571625) | more than 10 years ago | (#9094227)

Other than fans & hard drives, I don't think I've ever heard noise from any machine I've ever worked on, though back in the old days we would hold an AM radio next to the computer, which would give very distinct noise patterns as the CPU went about its business.

If you really want to do some acoustic evesdropping, listen to the keyboard. It's got a much larger signal to begin with (from across the room, instead of having to paste your ear to the computer case.) Since there are always slight mechanical differences between keys on any given keyboard, I would think that the sound spectrum would also be slightly different. Being able to always listen in on the same user would also help, since most people are somewhat consistent regarding which finger they use on which key. (Evesdropping on people who were smart enough to take a touch-typing class in high school is also a big plus.)

Assuming you could discern between the acoustic fingerprint of 100 different keys, then it's just a matter of figuring out which sound goes with which key. It's a simple substitution cypher, which are almost trivial to break.

Sneak your cell phone into your boss's office, set it to silent mode and plug in a headset so that you can set it to auto-answer when a call comes in. Then, while your boss is busy typing dirty notes to his mistress, you call your cell phone, start recording it, and presto, you've got a keylogger without ever having touch his computer or the software on it. Then, at your next performance review, you convince him to give you a hefty raise.

...Profit!!!

Re:Forget capacitors, listen to the keyboard. (1)

0x0d0a (568518) | more than 10 years ago | (#9094318)

Or just use a camera cell phone.

Sound vs. electromagnetic emanations (2, Informative)

roosterx (739030) | more than 10 years ago | (#9094255)

I've heard of Tempest emanations/ Van Ecks for eavesdropping. Supposedly the technique can grab keystrokes from remote machies. Just google for "tempest eavesdropping" if you want info on this.

CMU (1)

Rinisari (521266) | more than 10 years ago | (#9094291)

I remember Adi Shamir talked about this at his talk at Carnegie Mellon in March. He gave a brief description and said that it was in the works. So many people doubted it.

pfft

Interesting... (5, Interesting)

boola-boola (586978) | more than 10 years ago | (#9094360)

It is interesting to note that Adi Shamir (one of the co-authors) is one of the three people who came up with RSA-encryption [thefreedictionary.com]

R = Ron Rivest
S = Adi Shamir
A = Len Adleman

Re:Interesting... (0)

Anonymous Coward | more than 10 years ago | (#9094480)

this is interesting... someone mod parent up please! =)

Usefull for spying (1)

Darthmalt (775250) | more than 10 years ago | (#9094430)

given a good enogh mic i'm sure it would be easier to plant one of these near a computer than actually breaking into the coputer itself.
I've got 3 computers running side by side good luck figuring out which computer the noise came from.
course you could always install an old hard drive that clicks everytime it's accessed that should cover up the noise pretty well.

Could this be used on console systems (1)

Marble68 (746305) | more than 10 years ago | (#9094458)

I wonder if this technique could be used on console gaming systems like the XBOX?

Also, how about the proprietary circuit boards in automobiles?

Perhaps someone more familiar with this could elaborate or expound?
Thanks!

Sounds, Electronics, and the Hound :) (3, Interesting)

Zizkus (658125) | more than 10 years ago | (#9094498)

Having worked in telecommunications as well as consumer electronics and computing, I've played a lot :) One of the more interesting things for fun was to poke around with a induction amplifier, you know, the "hound" in the fox and hound tone generator/ handheld probe that the phone guys use for tracing copper thru a building. It is pretty sensitive and I've found many fun sounds by waving it around in various analog and digital equipment, it kinda gives a unique viewpoint. Used in different locations in a PC it picks up various interesting sounds that are very different according to what the system is doing, and where you are probing, memory, chipset, io/chips, cpu etc. Never found it very good for troubleshooting PC's, but lots of fun! Also, I think the sounds you can hear around running electronics is partly caused by sympathetic viberation induced in the air molecules by high frequency energy changes happening, especially on the buses where there are long runs exposed, as well as perhaps by the caps, (?), could it be the aluminum in the caps is reacting to the energy field?, most of the round tall caps you see on a board are used on low frequency mainly power filtering applications.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...