Another Side-Channel Attack on PC Encryption

New paper: "Physical Key Extraction Attacks on PCs," by Daniel Genkin, Lev Pachmanov, Itamar Pipman, Adi Shamir, and Eran Tromer. They recover keys acoustically, from the high-frequency "coil whine" from the circuits, from a distance of about ten meters.

News article.

Posted on June 7, 2016 at 2:59 PM • 25 Comments

Comments

PhysicalSecurity?June 7, 2016 5:35 PM

DELETE FROM table_comments
WHERE `comment` = `first`;

You could go up, with a recorder and software, to find the encryption key, to break the drive, with high tech tools,

Lets face it, the easiest (Unethical) way is to place the admin on drugs, and hit him with a crowbar repeatedly.

I would never do that, but it is a reliable method that can't be easily patched.

ThothJune 7, 2016 6:45 PM

@all
Just spend like $10+ and get a smart card. Ain't too hard right ?

Also, rubberhose cryptanalysis is much more easier, cheaper and effective than those high tech scanners considering most Govts don't shy away from human rights abuses.

CelosJune 7, 2016 7:50 PM

This is not about coming up with a practical attack, it is instead a demonstration that a certain side-channel is a practical one and that it may need consideration. For example, coil-whine is something that is a design-flaw and hence better designs use coils that whine less and better filtering.

RequiredJune 7, 2016 8:39 PM

Wondering if the quiet beeping coming from the area of the cooling fan on some Lenovo laptops whenever software is executed might be a deliberate side channel using just such techniques. The noise sounds a lot like the voice coil from a hard drive, and it does often correlate with the disk activity LED, but also occurs on systems with only SSD's. Or maybe it's a cap making the noise.

ArclightJune 8, 2016 1:51 AM

While this is mostly an academic exercise for the majority of us, it does have real-world implications. For instance, collocation customers could have their VPN keys stolen or a gambling site could get their PRNG compromised by a malicious tenant in the next cage.

And it could be another way of getting at data contained on powered-on-but-locked devices in custody.

Arclight

Clive RobinsonJune 8, 2016 5:02 AM

@ Celos,

For example, coil-whine is something that is a design-flaw and hence better designs use coils that whine less and better filtering.

Coil whine is a result of the laws of physics, thus calling it a "design-flaw" is a little deceiving. It's like saying the computer chip emits IR radiation when it is operating is a design-flaw.

In both cases it would only be a "design-flaw" if the system specification called for the suppression of the results of the inefficiency of the devices being used. Such a specification would not be to disimilar to one for a perpetual motion machine, which as far as we know is impossible to build.

Yes you can if you have the money and appropriate clearence obtain TEMPEST equipment. But if you read the equipment manuals and have done the TEMPEST certified technician training you will know that they don't solve these problems. What the equipment designers do is use various very expensive techniques to reduce the levels with passive transducers that convert the coherent energy from the inefficient component into decoherent energy of very limited bandwidth, that still needs to be removed safely and securely from the equipment. Thus many further steps have to be taken to make the equipment usage secure within given parameters.

If you can find an EmSec hardend computer, you will find it is far from commodity pricing by several orders of magnitude, very far from being portable in any way by an unaided person and way way behind on the technology curve. Oh and only secure if used in certain highly prescribed instalations, so not in your house, office, airport lounge etc etc. In other words totaly impractical for the bulk of common usage modes.

Clive RobinsonJune 8, 2016 5:18 AM

@ Vesselin Bontchev • June 8, 2016 2:23 AM

How exactly is this new attack different from... just about the same thing written by pretty much the same authors two and a half years ago?

It's not, and I made comment on this on the Squid Page it came up on a few days ago.

To be kind, let's just say they are a little bit like non-theoretical physicists, coming up with experiments to demonstrate what is already well known but considered theoretical.

The use of magneto constriction to both radiate and receive signals is actually very well known. Research into practical applications with it started in ernest during WWI (yes a hundred years ago). Not only to try and find German U-Boats with what we now call sonar, but also to detect underground "mining" under the trenches, where tunnels were dug as quietly as possible under enemy trenches. This was for either "listening in" for intel or to make culverts which would be filled with large quantities of high explosives which is where the term "land-mine" originated from.

CelosJune 8, 2016 5:43 AM

@Clive Robinson:

No, it is not a "law of physics". It is a flaw in the inductors used, which results from windings being loose and (to a lesser degree, especially in ring-cores) from lack of shielding. Using such inductors in a device where the user can hear this is a design-flaw. Better inductors embed the whole thing in high-temperature epoxy and shielding and do not produce coil-whine.

I suggest you limit yourself in berating others to things you actually have a clue about.

JG4June 8, 2016 6:33 AM

@Celos

you might want to read up on magnetostriction before suggesting that one of the most clueful people on the planet of unintended consequences is clueless

Bob PaddockJune 8, 2016 6:58 AM

Frequently such 'whine' has nothing to do with coils at all.

The 'whine' is caused by Multi Layer Ceramic Capacitor (or ceramic capacitors) due to their piezoelectric effect exhibiting audible noise as they each act as tiny 'piezo speakers'.

For example see: "Reducing MLCCs' piezoelectric effects and audible noise" By Nicolas Guibourg among many others.

Bob PaddockJune 8, 2016 7:37 AM

The Murata ZRA Series of ceramic capacitors are specifically designed to give no audible noise.

Clive RobinsonJune 8, 2016 8:54 AM

@ Celos,

No, it is not a "law of physics".

Oh really, do you want to explaine why?

How about starting with a description of a DC motor, or a Moving coil speaker?

I'm sure most of the physicists in the world would love to hear your explanation of how the work without using the established laws of physics...

@ All,

You might want to get some popcorn and a comfortable chair for this it's going to be entertaining at the very least.

Clive RobinsonJune 8, 2016 10:14 AM

@ Bob Paddock,

Frequently such 'whine' has nothing to do with coils at all.

It tends to be frequency and physical size dependent but yes capacitors even without ceramic or other energy storage element do vibrate in sympathy with the change in charge storage.

In older style LF switchmode PSU's it tended to be the inductors, now in more modern series resonant PSU's at HF frequencies it's the capacitors, which also has the side effect of a greater "carrier" bandwidth.

@ All,

For those wondering why, components should whine ultimately at the lowest level it's down to inefficient energy storage and transportation. That is you don't get 100% of the power out that you put in and the difference has to go somewhere, ultimately it becomes heat.

But inbetween it can go through many transformations. Not least of these transformations is into mechanical energy which is it's self an ineficient energy storage mechanism. A side effect of this is it stresses the mechanical component which causes it to move or vibrate. This in turn transports energy out in the form of sonic waves that are the problem in this particular case.

The closer the acoustic transformation is to the changing energy input, the wider it's effective signal bandwidth is thus the greater it's information carrying capacity (this reduction in information is due to the energy becoming less coherent with each transformation in line with the laws of thermodynamics thus it's entropy or uncertainty becomes greater).

A few years ago with LF switching PSUs etc, the basic energy storage bandwidth was insufficient to carry much detailed information, which kind of made the idea a bit of a curiosity. Similar in many respects to earlier times when computer clocks were in or below the Medium wave band, thus you could turn the computer into a low power transmiter by getting it to loop at different frequencies and thus crudely play a tune you could recieve on a radio. These days some power supplies work up above the Medium Wave band and change frequency in response to the load, thus you can do the same trick of playing tunes but this time with a Narow Band Frequency Modulated reciever in the VHF and UHF bands.

But there is also a "manufacturing cost" implication to the much higher switchin frequencies, in that the required "smoothing" effect can be obtained with very small values of capacitance and inductance, with the consequence that the information carrying bandwidth is many many times higher. Even though it is not enough for individual CPU operations to be identified directly, certain patterns of instructions can be identified directly, and by an averaging process changes such as branching can be located and identified sufficiently to determin the results of mathmatical and some logical operations. Which if sufficient samples are available will leak key bit information...

As Bruce had noted in the past, attacks do not get worse with time, which is possibly why just over a decade and a half after Differential Power Analysis hit the news with smart cards this is now hitting the news with laptops and pads etc (which due to size and weight considerations tend to use the higest PSU frequencies they can, with the absolute minimum --or less-- of filtering and shielding etc).

albertJune 8, 2016 10:46 AM

@Celos, Clive, et al,

A practical example might be comparing a woofer and a tweeter in terms of the compliance of their cones (actually, the cone support, 'surround'). Woofer cones move very easily with large travel, but tweeter cones have extremely small travel, very little compliance. Taken to the extreme, check out transducers in ultrasonic welders (15-75kHz), whose output is delivered by aluminum blocks! This doesn't bode well for potting, as the potting material would efficiently transmit the high frequencies.

Faraday shields are important for RF shielding, but could be excellent transducers for acoustic signals:)

For experts: Aside from power supplies, what are the functions of large-valued inductors and electrolytic capacitors on motherboards?

. .. . .. --- ....

Clive RobinsonJune 8, 2016 12:16 PM

@ Albert,

For experts: Aside from power supplies, what are the functions of large-valued inductors and electrolytic capacitors on motherboards?

One such is "roofing filters" for sampaling systems with analog inputs. Another is to keep signals from one part out of another part, ie harsh digital noise getting into analog circuits like audio and RF.

In older more conservatively designed systems, they would be used for EMC reasons on inputs and outputs which include serial lines, video lines, power supply lines etc.

In more modern desktop PCs you will also find inductors being used for both power supply noise reduction and fuses on USB power lines. The same is true for pad systems, where suddenly the battery stops charging as the inductor has fried O/C.

Jesse ThompsonJune 8, 2016 3:15 PM

Step 1: Put computer into a soundproof box (box lined with sharp foam pyramids)

Step 2: attach chassis to side of box with materials of length not sympathetic to any of your component noise.

Step 3: Get Jeff Goldblum to tell you there is no Step 3 in his own signature brand of bemused wonderment.

ianfJune 8, 2016 6:26 PM


Bit OT, but… speaking of unrequited capacitors' near-subsonic whine, if there ever was a case for a man-made post-Chernobyl-like industrial activity-free zone for the next 100000 years, perhaps due to carpet-bombing with radioactive waste, then surely this man-made Zug Island with blast steel furnaces downwind from Windsor must be it:

The 'Windsor Hum': [35Hz] where is the noise plaguing a city of 210,000 coming from?

    The low rumbling that’s been reverberating in the Canadian city’s ears for six years is getting louder – and more debilitating. The source may be on an American industrial island but muffling the sound has not been an easy task
    http://gu.com/p/4jbyt

albertJune 9, 2016 10:37 AM

@ianf,

Can repost your comment on tomorrows Squid, along with a full URL?

. .. . .. --- ....

Leon WolfesonJune 11, 2016 2:45 PM

@Clive - It would seem possible, for far less, to have a small device which produced semi-random coil whine which render the monitoring useless.

The same concept works in some areas of cryptography, to break up certain patterns which would otherwise become predictable.

Clive RobinsonJune 12, 2016 1:24 AM

@ Leon Wolfeson,

It would seem possible, for far less, to have a small device which produced semi-random coil whine which render the monitoring useless.

This attack is just one of many arising from the same problem brought to fame in the Smart Card security via the Differential Power Analysis paper of 1999 (the author of which has tried to corner thus stymied research via patents). As I've noted before, the reality is that Van Eek Freaking and even the old "British GPO Television Detector Vans" from years ago got there long before the patents arising from DPA. All of them work by the same fundemental basic principle "doing work is not efficient" and the waste energy carries information impressed / modulated upon it.

For those working on smart card security back the 1990's it was a major issue, and one of the methods tried was what you might call randomizers. For various reasons they all kind of failed. You could say because they "only added energy", not limited the information bandwidth or reduced the level of the many and varied signals that have the information impressed upon them.

Eventually the smart card industry realised they had to redesign the process creating the information leak such that whilst it still created waste energy that energy did not have usable information as readily impressed upon it.

If you think about things a little the waste energy from a PC style computer is inherently very very broadband ranging from just a few KHz of the audio band well into the low GHz of the microwave bands. And it's quite high power certainly in the tens of Watts range well above that of mobile phones two way radios etc. Creating a "jammer" --which is what the randomizer is-- to cover all of that bandwidth effectively is at best problematic. Becasuse as long as the attacker can get just one signal of enough strength to synchronize with the CPU activities they can over a period of time average out the randomizer jamming signal. You can look up something called "processing gain" from Spread Spectrum / CDMA techniques along with "jamming margin" to get a feel for why a randomizer will not be an effective solution.

In the US they actualy regarded what are generaly called TEMPEST techniques as being so important, they used regulatory processes to limit the availability of materials you would use to make equipment radiate less waste energy. Which fell right into the law of unintended consequences of equipment interfering with other equipment. Which in Europe gave rise to the EMC legislation and the tricks that have arisen from it's emissions masks to "mask" not remove "harmfull emissions". The masking techniques used arise from a process called "whitening" from the telecommunications industry, and are in fact "spread spectrum" techniques, whereby the energy from signal spurs, instead of being on one frequency are spread acoss many thereby reducing the energy per Hz. Unfortunatly if you know the spreading code and can sync to it you can reverse the spreading process. It's something I've mentioned on this blog before, and it has other consequences such as spreading any jamming signal energy out of the receiver.

Whilst TEMPEST and EmSec are still supposadly "clasified" in the US and some other places, they are not in others thus the likes of the NSA are fighting a rearguard action against the information becoming common place.

The thing that suprises me is back in the 1980's I independently discovered many EmSec techniques some of which I've mentioned on this blog in the past. I know from other engineers that they have done similar going back into the late 60's, so there is nothing special about TEMPEST / EmSec techniques. It's just for some reason that it's only now some half century later that academia is turning it's gaze in that direction. And aside from saying to them "Welcome to the party" I guess I'd also say, "There's a lot to learn" in the way of specific attacks. But it's realy just a new sub group of applied physics, most of the theoretical ground work was done and dusted a hundred years or more ago.

ianfJuly 26, 2016 2:48 AM

@ MODERATOR :: another brace of SPAM

    Regarding special defenses in place: perhaps filter out URLs, telephone numbers AND overt email addresses at once? (incl. instances of "handle AT gmail dot com"?)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.