Link to Article

Archived Version

Fri, 20 Dec 2013 16:52

Acoustic cryptanalysisDaniel GenkinAdi ShamirEran TromerTechnion and Tel Aviv UniversityWeizmann Institute of ScienceTel Aviv Universityassisted by Lev Pachmanov and numerous othersSummaryMany computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer and, in particular, leak sensitive information about security-related computations. In a preliminary presentation, we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was the very low bandwidth of the acoustic side channel (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.

Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.

Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.

PaperA detailed account of the results and their context is given in the full version of our paper (8MB PDF).

Note: these are recent results, first published on 18 December 2013. Preliminary results were announced in the Eurocrypt 2004 rump session presentation, "Acoustic cryptanalysis: on nosy people and noisy machines", and are now archived. Progress since publication of the preliminary results is summarized in Q16 below.

Q&AQ1: What information is leaked?This depends on the specific computer hardware. We have tested numerous laptops, and several desktops.

In almost all machines, it is possible to distinguish an idle CPU (x86 "HLT") from a busy CPU.On many machines, it is moreover possible to distinguish different patterns of CPU operations and different programs.Using GnuPG as our study case, we can, on some machines:distinguish between the acoustic signature of different RSA secret keys (signing or decryption), andfully extract decryption keys, by measuring the sound the machine makes during decryption of chosen ciphertexts.Q2: What is making the noise?The acoustic signal of interest is generated by vibration of electronic components (capacitors and coils) in the voltage regulation circuit, as it struggles to supply constant voltage to the CPU despite the large fluctuations in power consumption caused by different patterns of CPU operations. The relevant signal is not caused by mechanical components such as the fan or hard disk, nor by the laptop's internal speaker.

Q3: Does the attack require special equipment?It sure helps, and in the paper we describe an expensive hardware setup for getting the best sensitivity and frequency response. But in some cases, a regular mobile phone is good enough. We have used a mobile phone to acoustically extract keys from a laptop at a distance of 30cm, as in the following picture.

Q4: What is the acoustic attack range?That depends on many factors. Using a sensitive parabolic microphone, we surpassed 4 meters. In the following example, a parabolic microphone, attached to a padded case of equipment (power supply, amplifier, filters, and a laptop running the attack code) is extracting an RSA key from a target laptop (on the far side of the room).

Without the ungainly parabolic dish, we achieved a range of 1 meter. In the following, the target (A) is on the right, and the attacker is on the left. Only the capsule of the microphone, marked (B), is sensitive to position and orientation; the rest of the attacker's equipment can be hidden away.

Q5: What are some examples of attack scenarios?We discuss some prospective attacks in our paper. In a nutshell:

Install an attack app on your phone. Set up a meeting with the victim and place the phone on the desk next to his laptop (see Q2).Break into the victim's phone, install the attack app, and wait until the victim inadvertently places his phone next to the target laptop.Construct a web page use the microphone of the computer running the browser (using Flash or HTML Media Capture, under some excuse such as VoIP chat). When the user permits the microphone access, use it to steal the user's secret key.Put your stash of eavesdropping bugs and laser microphones to a new use.Send your server to a colocation facility, with a good microphone inside the box, and then acoustically extract keys from all nearby servers.Get near a TEMPEST/1-92 protected machine, such as the one pictured to the right, place a microphone next to its ventilation holes, and extract its supposedly-protected secrets.Q6: What if I don't have any microphone, or the environment is too noisy?Another low-bandwidth channel is the electric potential of the laptop's chassis. We've shown that in many computers, this "ground" potential fluctuates (even when connected to a grounded power supply) and leaks the requisite signal. This can be measured in several ways, for example:

Magic-touch attack: the attacker measures the chassis potential by merely touching the laptop chassis with his hand, while surreptitiously measuring his own body potential relative to the ground potential of the room. (This attack is especially effective in hot weather, since sweaty fingers offer a lower electric resistance.)Far-end-of-cable attack: the victim plugs in some innocuous-looking VGA or Ethernet cable into his laptop. The attacker measures the shield's electric potential on the far side of the cable (out of sight, in some cabinet or server room).Q7: Can an attacker use power analysis instead?Yes, power analysis (by measuring the current drawn from the laptop's DC power supply) is another way to perform our low-bandwidth attack.

If the attacker can measure clockrate-scale (GHz) power leakage, then traditional power analysis may also be very effective, and far faster. However, this is foiled by the common practice of filtering out high frequencies on the power supply.

Q8: How can low-frequency (kHz) acoustic leakage provide useful information about a much faster (GHz)? Individual CPU operations are too fast for a microphone to pick up, but long operations (e.g., modular exponentiation in RSA) can create a characteristic (and detectable) acoustic spectral signature over many milliseconds. In the chosen-ciphertext key extraction attack, we carefully craft the inputs to RSA decryption in order to maximize the dependence of the spectral signature on the secret key bits.

Q9 How vulnerable is GnuPG now?We have disclosed our attack to GnuPG developers under CVE-2013-4576, suggested suitable countermeasures, and worked with the developers to test them. New versions of GnuPG 1.x and of libgcrypt (which underlies GnuPG 2.x), containing these countermeasures and resistant to our current key-extraction attack, were released concurrently with the first public posting of these results. Some of the effects we found (including RSA key distinguishability) remain present.

Q10: How vulnerable are other algorithms and cryptographic implementations?We don't know. Our attack requires careful cryptographic analysis of the implementation, which so far has been conducted only for the GnuPG 1.x implementation of RSA. Implementations using ciphertext blinding (a common side channel countermeasure) appear less vulnerable. We have, however, observed that GnuPG's implementation of ElGamal encryption also allows acoustically distinguishing keys.

Q11: Is there a realistic way to perform a chosen-ciphertext attack on GnuPG?To apply the attack to GnuPG, we found a way to cause GnuPG to automatically decrypt ciphertexts chosen by the attacker. The idea is to use encrypted e-mail messages following the OpenPGP and PGP/MIME protocols. For example, Enigmail (a popular plugin to the Thunderbird e-mail client) automatically decrypts incoming e-mail (for notification purposes) using GnuPG. An attacker can e-mail suitably-crafted messages to the victims, wait until they reach the target computer, and observe the acoustic signature of their decryption (as shown above), thereby closing the adaptive attack loop.

Q12: Won't the attack be foiled by loud fan noise, or by multitasking, or by several computers in the same room?Usually not. The interesting acoustic signals are mostly above 10KHz, whereas typical computer fan noise and normal room noise are concentrated at lower frequencies and can thus be filtered out. In task-switching systems, different tasks can be distinguished by their different acoustic spectral signatures. Using multiple cores turns out to help the attack (by shifting down the signal frequencies). When several computers are present, they can be told apart by spatial localization, or by their different acoustic signatures (which vary with the hardware, the component temperatures, and other environmental conditions).

Q13: What countermeasures are available?One obvious countermeasure is to use sound dampening equipment, such as "sound-proof" boxes, designed to sufficiently attenuate all relevant frequencies. Conversely, a sufficiently strong wide-band noise source can mask the informative signals, though ergonomic concerns may render this unattractive. Careful circuit design and high-quality electronic components can probably reduce the emanations.

Alternatively, the cryptographic software can be changed, and algorithmic techniques employed to render the emanations less useful to the attacker. These techniques ensure that the rough-scale behavior of the algorithm is independent of the inputs it receives; they usually carry some performance penalty, but are often used in any case to thwart other side-channel attacks. This is what we helped implement in GnuPG (see Q9).

Q14: Why software countermeasures? Isn't it the hardware's responsibility to avoid physical leakage?It is tempting to enforce proper layering, and decree that preventing physical leakage is the responsibility of the physical hardware. Unfortunately, such low-level leakage prevention is often impractical due to the very bad cost vs. security tradeoff: (1) any leakage remnants can often be amplified by suitable manipulation at the higher levels, as we indeed do in our chosen-ciphertext attack; (2) low-level mechanisms try to protect all computation, even though most of it is insensitive or does not induce easily-exploitable leakage; and (3) leakage is often an inevitable side effect of essential performance-enhancing mechanisms (e.g., consider cache attacks).

Application-layer, algorithm-specific mitigation, in contrast, prevent the (inevitably) leaked signal from bearing any useful information. It is often cheap and effective, and most cryptographic software (including GnuPG and libgcrypt) already includes various sorts of mitigation, both through explicit code and through choice of algorithms. In fact, the side-channel resistance of software implementations is nowadays a major concern in the choice of cryptographic primitives, and was an explicit evaluation criterion in NIST's AES and SHA-3 competitions.

Q15: What about other acoustic attacks?See the discussion and references in our paper, and the Wikipedia page on Acoustic Cryptanalysis. In a nutshell:

Eavesdropping on keyboard keystrokes has been well discussed; keys can be distinguished by timing, or by their different sounds. While this attack is applicable to data that is entered manually (e.g., passwords), it is not applicable to larger secret data such as RSA keys. Another acoustic source is hard disk head seeks; this source does not appear very useful in the presence of caching, delayed writes and multitasking. Preceding modern computers is MI5's "ENGULF" technique (recounted in Peter Wright's book Spycatcher), whereby a phone tap was used to eavesdrop on the operation of an Egyptian embassy's Hagelin cipher machine, thereby recovering its secret key. Declassified US government publications describe "TEMPEST" acoustic leakage from mechanical and electromechanical devices, but do make no mention of modern electronic computers.

Q16: What's new since the Eurocrypt 2004 presentation?Full key extraction attack, exploiting deep internal details of GnuP's implementation of RSADramatic improvement in range and applicability (increased from 20cm with open chassis to 4m in normal operation)Much better hardware (some self-built), allowing longer range and better signal characterizationSignal processing and error correction, making it possible to perform the attack using a mobile phone despite the low-quality microphoneMany more targets testedNon-acoustic low-bandwidth attacks, including chassis potential analysisCountermeasures implemented and tested in GnuPG (see Q9)Detailed writeupAcknowledgementsLev Pachmanov wrote much of the software setup used in our experiments, including custom signal acquisition programs. Avi Shtibel, Ezra Shaked and Oded Smikt assisted in constructing and configuring the experimental setup. Assa Naveh assisted in various experiments, and offered valuable suggestions. Sharon Kessler provided copious editorial advice. We thank Werner Koch, lead developer of GnuPG, for the prompt response to our disclosure and the productive collaboration in adding suitable countermeasures. We are indebted to Pankaj Rohatgi for inspiring the origin of this research, and to Nir Yaniv for use of the Nir Space Station and for valuable advice on audio recording. National Instruments Israel generously donated a National Instruments PCI-6052E DAQ card and a MyDAQ device. Erik Olson's Baudline signal analysis software was used for some of the analysis. We thank numerous volunteers for access to test-target machines.This work was sponsored by the Check Point Institute for Information Security; by the Israeli Ministry of Science and Technology; by the Israeli Centers of Research Excellence I-CORE program (center 4/11); and by NATO's Public Diplomacy Division in the Framework of "Science for Peace".

Acoustic cryptanalysisDaniel GenkinAdi ShamirEran TromerTechnion and Tel Aviv UniversityWeizmann Institute of ScienceTel Aviv Universityassisted by Lev Pachmanov and numerous othersSummaryMany computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer and, in particular, leak sensitive information about security-related computations. In a preliminary presentation, we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was the very low bandwidth of the acoustic side channel (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.

Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.

Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.

PaperA detailed account of the results and their context is given in the full version of our paper (8MB PDF).

Note: these are recent results, first published on 18 December 2013. Preliminary results were announced in the Eurocrypt 2004 rump session presentation, "Acoustic cryptanalysis: on nosy people and noisy machines", and are now archived. Progress since publication of the preliminary results is summarized in Q16 below.

Q&AQ1: What information is leaked?This depends on the specific computer hardware. We have tested numerous laptops, and several desktops.

In almost all machines, it is possible to distinguish an idle CPU (x86 "HLT") from a busy CPU.On many machines, it is moreover possible to distinguish different patterns of CPU operations and different programs.Using GnuPG as our study case, we can, on some machines:distinguish between the acoustic signature of different RSA secret keys (signing or decryption), andfully extract decryption keys, by measuring the sound the machine makes during decryption of chosen ciphertexts.Q2: What is making the noise?The acoustic signal of interest is generated by vibration of electronic components (capacitors and coils) in the voltage regulation circuit, as it struggles to supply constant voltage to the CPU despite the large fluctuations in power consumption caused by different patterns of CPU operations. The relevant signal is not caused by mechanical components such as the fan or hard disk, nor by the laptop's internal speaker.

Q3: Does the attack require special equipment?It sure helps, and in the paper we describe an expensive hardware setup for getting the best sensitivity and frequency response. But in some cases, a regular mobile phone is good enough. We have used a mobile phone to acoustically extract keys from a laptop at a distance of 30cm, as in the following picture.

Q4: What is the acoustic attack range?That depends on many factors. Using a sensitive parabolic microphone, we surpassed 4 meters. In the following example, a parabolic microphone, attached to a padded case of equipment (power supply, amplifier, filters, and a laptop running the attack code) is extracting an RSA key from a target laptop (on the far side of the room).

Without the ungainly parabolic dish, we achieved a range of 1 meter. In the following, the target (A) is on the right, and the attacker is on the left. Only the capsule of the microphone, marked (B), is sensitive to position and orientation; the rest of the attacker's equipment can be hidden away.

Q5: What are some examples of attack scenarios?We discuss some prospective attacks in our paper. In a nutshell:

Install an attack app on your phone. Set up a meeting with the victim and place the phone on the desk next to his laptop (see Q2).Break into the victim's phone, install the attack app, and wait until the victim inadvertently places his phone next to the target laptop.Construct a web page use the microphone of the computer running the browser (using Flash or HTML Media Capture, under some excuse such as VoIP chat). When the user permits the microphone access, use it to steal the user's secret key.Put your stash of eavesdropping bugs and laser microphones to a new use.Send your server to a colocation facility, with a good microphone inside the box, and then acoustically extract keys from all nearby servers.Get near a TEMPEST/1-92 protected machine, such as the one pictured to the right, place a microphone next to its ventilation holes, and extract its supposedly-protected secrets.Q6: What if I don't have any microphone, or the environment is too noisy?Another low-bandwidth channel is the electric potential of the laptop's chassis. We've shown that in many computers, this "ground" potential fluctuates (even when connected to a grounded power supply) and leaks the requisite signal. This can be measured in several ways, for example:

Magic-touch attack: the attacker measures the chassis potential by merely touching the laptop chassis with his hand, while surreptitiously measuring his own body potential relative to the ground potential of the room. (This attack is especially effective in hot weather, since sweaty fingers offer a lower electric resistance.)Far-end-of-cable attack: the victim plugs in some innocuous-looking VGA or Ethernet cable into his laptop. The attacker measures the shield's electric potential on the far side of the cable (out of sight, in some cabinet or server room).Q7: Can an attacker use power analysis instead?Yes, power analysis (by measuring the current drawn from the laptop's DC power supply) is another way to perform our low-bandwidth attack.

If the attacker can measure clockrate-scale (GHz) power leakage, then traditional power analysis may also be very effective, and far faster. However, this is foiled by the common practice of filtering out high frequencies on the power supply.

Q8: How can low-frequency (kHz) acoustic leakage provide useful information about a much faster (GHz)? Individual CPU operations are too fast for a microphone to pick up, but long operations (e.g., modular exponentiation in RSA) can create a characteristic (and detectable) acoustic spectral signature over many milliseconds. In the chosen-ciphertext key extraction attack, we carefully craft the inputs to RSA decryption in order to maximize the dependence of the spectral signature on the secret key bits.

Q9 How vulnerable is GnuPG now?We have disclosed our attack to GnuPG developers under CVE-2013-4576, suggested suitable countermeasures, and worked with the developers to test them. New versions of GnuPG 1.x and of libgcrypt (which underlies GnuPG 2.x), containing these countermeasures and resistant to our current key-extraction attack, were released concurrently with the first public posting of these results. Some of the effects we found (including RSA key distinguishability) remain present.

Q10: How vulnerable are other algorithms and cryptographic implementations?We don't know. Our attack requires careful cryptographic analysis of the implementation, which so far has been conducted only for the GnuPG 1.x implementation of RSA. Implementations using ciphertext blinding (a common side channel countermeasure) appear less vulnerable. We have, however, observed that GnuPG's implementation of ElGamal encryption also allows acoustically distinguishing keys.

Q11: Is there a realistic way to perform a chosen-ciphertext attack on GnuPG?To apply the attack to GnuPG, we found a way to cause GnuPG to automatically decrypt ciphertexts chosen by the attacker. The idea is to use encrypted e-mail messages following the OpenPGP and PGP/MIME protocols. For example, Enigmail (a popular plugin to the Thunderbird e-mail client) automatically decrypts incoming e-mail (for notification purposes) using GnuPG. An attacker can e-mail suitably-crafted messages to the victims, wait until they reach the target computer, and observe the acoustic signature of their decryption (as shown above), thereby closing the adaptive attack loop.

Q12: Won't the attack be foiled by loud fan noise, or by multitasking, or by several computers in the same room?Usually not. The interesting acoustic signals are mostly above 10KHz, whereas typical computer fan noise and normal room noise are concentrated at lower frequencies and can thus be filtered out. In task-switching systems, different tasks can be distinguished by their different acoustic spectral signatures. Using multiple cores turns out to help the attack (by shifting down the signal frequencies). When several computers are present, they can be told apart by spatial localization, or by their different acoustic signatures (which vary with the hardware, the component temperatures, and other environmental conditions).

Q13: What countermeasures are available?One obvious countermeasure is to use sound dampening equipment, such as "sound-proof" boxes, designed to sufficiently attenuate all relevant frequencies. Conversely, a sufficiently strong wide-band noise source can mask the informative signals, though ergonomic concerns may render this unattractive. Careful circuit design and high-quality electronic components can probably reduce the emanations.

Alternatively, the cryptographic software can be changed, and algorithmic techniques employed to render the emanations less useful to the attacker. These techniques ensure that the rough-scale behavior of the algorithm is independent of the inputs it receives; they usually carry some performance penalty, but are often used in any case to thwart other side-channel attacks. This is what we helped implement in GnuPG (see Q9).

Q14: Why software countermeasures? Isn't it the hardware's responsibility to avoid physical leakage?It is tempting to enforce proper layering, and decree that preventing physical leakage is the responsibility of the physical hardware. Unfortunately, such low-level leakage prevention is often impractical due to the very bad cost vs. security tradeoff: (1) any leakage remnants can often be amplified by suitable manipulation at the higher levels, as we indeed do in our chosen-ciphertext attack; (2) low-level mechanisms try to protect all computation, even though most of it is insensitive or does not induce easily-exploitable leakage; and (3) leakage is often an inevitable side effect of essential performance-enhancing mechanisms (e.g., consider cache attacks).

Application-layer, algorithm-specific mitigation, in contrast, prevent the (inevitably) leaked signal from bearing any useful information. It is often cheap and effective, and most cryptographic software (including GnuPG and libgcrypt) already includes various sorts of mitigation, both through explicit code and through choice of algorithms. In fact, the side-channel resistance of software implementations is nowadays a major concern in the choice of cryptographic primitives, and was an explicit evaluation criterion in NIST's AES and SHA-3 competitions.

Q15: What about other acoustic attacks?See the discussion and references in our paper, and the Wikipedia page on Acoustic Cryptanalysis. In a nutshell:

Eavesdropping on keyboard keystrokes has been well discussed; keys can be distinguished by timing, or by their different sounds. While this attack is applicable to data that is entered manually (e.g., passwords), it is not applicable to larger secret data such as RSA keys. Another acoustic source is hard disk head seeks; this source does not appear very useful in the presence of caching, delayed writes and multitasking. Preceding modern computers is MI5's "ENGULF" technique (recounted in Peter Wright's book Spycatcher), whereby a phone tap was used to eavesdrop on the operation of an Egyptian embassy's Hagelin cipher machine, thereby recovering its secret key. Declassified US government publications describe "TEMPEST" acoustic leakage from mechanical and electromechanical devices, but do make no mention of modern electronic computers.

Q16: What's new since the Eurocrypt 2004 presentation?Full key extraction attack, exploiting deep internal details of GnuP's implementation of RSADramatic improvement in range and applicability (increased from 20cm with open chassis to 4m in normal operation)Much better hardware (some self-built), allowing longer range and better signal characterizationSignal processing and error correction, making it possible to perform the attack using a mobile phone despite the low-quality microphoneMany more targets testedNon-acoustic low-bandwidth attacks, including chassis potential analysisCountermeasures implemented and tested in GnuPG (see Q9)Detailed writeupAcknowledgementsLev Pachmanov wrote much of the software setup used in our experiments, including custom signal acquisition programs. Avi Shtibel, Ezra Shaked and Oded Smikt assisted in constructing and configuring the experimental setup. Assa Naveh assisted in various experiments, and offered valuable suggestions. Sharon Kessler provided copious editorial advice. We thank Werner Koch, lead developer of GnuPG, for the prompt response to our disclosure and the productive collaboration in adding suitable countermeasures. We are indebted to Pankaj Rohatgi for inspiring the origin of this research, and to Nir Yaniv for use of the Nir Space Station and for valuable advice on audio recording. National Instruments Israel generously donated a National Instruments PCI-6052E DAQ card and a MyDAQ device. Erik Olson's Baudline signal analysis software was used for some of the analysis. We thank numerous volunteers for access to test-target machines.This work was sponsored by the Check Point Institute for Information Security; by the Israeli Ministry of Science and Technology; by the Israeli Centers of Research Excellence I-CORE program (center 4/11); and by NATO's Public Diplomacy Division in the Framework of "Science for Peace".