Practical TEMPEST Attack
Four researchers have demonstrated a TEMPEST attack against a laptop, recovering its keys by listening to its electrical emanations. The cost for the attack hardware was about $3,000.
News article:
To test the hack, the researchers first sent the target a specific ciphertext—in other words, an encrypted message.
“During the decryption of the chosen ciphertext, we measure the EM leakage of the target laptop, focusing on a narrow frequency band,” the paper reads. The signal is then processed, and “a clean trace is produced which reveals information about the operands used in the elliptic curve cryptography,” it continues, which in turn “is used in order to reveal the secret key.”
The equipment used included an antenna, amplifiers, a software-defined radio, and a laptop. This process was being carried out through a 15cm thick wall, reinforced with metal studs, according to the paper.
The researchers obtained the secret key after observing 66 decryption processes, each lasting around 0.05 seconds. “This yields a total measurement time of about 3.3 sec,” the paper reads. It’s important to note that when the researchers say that the secret key was obtained in “seconds,” that’s the total measurement time, and not necessarily how long it would take for the attack to actually be carried out. A real world attacker would still need to factor in other things, such as the target reliably decrypting the sent ciphertext, because observing that process is naturally required for the attack to be successful.
For half a century this has been a nation-state-level espionage technique. The cost is continually falling.
Thoth • February 23, 2016 6:27 AM
@all
Software side channel resistance is long overdue. It’s about time that software side-channel protection should be found inside all major crypto libraries (e.g. OpenSSL, LibreSSL, BouncyCastle …etc…). Software side-channel resistance are not fool-proof but they provide the first steps to higher security implementations and assurances. Using dynamic whitebox cryptigraphy techniques with randomised data access and execution (and probably including dummy access to system resiurces and dummy rounds) to make the more common and weaker side-channel analysis useless.