Israeli computer scientists have worked out how to decrypt RSA encryption and steal data from computers without even needing to do any hacking. Instead, the researchers can capture encryption keys simply by monitoring the acoustic, electric and electromagnetic signals generated by a PC.
Researchers from the Israel Institute of Technology have found a way to steal encryption keys by monitoring the routine vibrations caused by the electronic components in a PC fluctuating as electrical currents pass through them, which are known as "coil whines".
RSA encryption, which is one of the most popular methods of encryption today, requires the factoring of large integers from two prime numbers to produce two mathematically-linked keys, a public key and a private key, which are needed to decrypt messages.
When a PC is running, the power consumption of its CPU and related chips changes drastically depending on the computation being performed in each moment. If the computer is trying to encrypt data in various applications, the electronic components in the PC's internal power supply struggle to provide constant voltage to the chips, and this causes the fluctuations and the resulting vibrations.
The researchers discovered that the cryptographic operations running on a PC correlate to the exact coil whine noises, making it possible to figure out the exact encryption keys by recording the noises – whether they be acoustic, electric or electromagnetic.
PC noises actually leak encryption keys
"By recording such [acoustic] noise while a target is using the RSA algorithm to decrypt ciphertexts (sent to it by the attacker), the RSA secret key can be extracted within one hour for a high grade 4,096-bit RSA key," the researchers wrote in the research paper.
"We experimentally demonstrated this attack from as far as 10m away using a parabolic microphone or from 30cm away through a plain mobile phone placed next to the computer."
The process for obtaining electromagnetic signals to detect encryption keys was even simpler – all the researchers had to do was place a consumer grade AM radio receiver tuned close to the PC's signal frequency and connect its headphone output to a phone's audio jack for digital recording, or make an electromagnetic probe antenna out of some wire attached to a cheap software-defined radio USB dongle.
"Extraction of secret cryptographic keys from PCs using physical side channels is feasible, despite their complexity and execution speed. We have demonstrated such attacks on many public-key encryption schemes and digital-signature schemes, as implemented by popular cryptographic libraries, using inexpensive and readily available equipment, by various attack vectors and in multiple scenarios," the researchers warned.
"Side-channel leakage can be attenuated through such physical means as sound-absorbing enclosures against acoustic attacks, Faraday cages against electromagnetic attacks, insulating enclosures against chassis and touch attacks, and photoelectric decoupling or fiber-optic connections against "far end of cable" attacks.
"However, these countermeasures are expensive and cumbersome. Devising inexpensive physical leakage protection for consumer-grade PCs is an open problem."
The open access research paper, entitled "Physical Key Extraction Attacks on PCs" is published in the journal Communications of the ACM.