Device Can Remotely Steal Decryption Keys

Monday, June 29, 2015 @ 06:06 PM gHale

A palm-sized radio device can capture decryption keys from laptops sitting just almost half a meter away (19in), researchers said.

The new side-channel attack functions without tethering against RSA and ElGamal implementations in GnuPG open source encryption software, and it is possible by intercepting electromagnetic emanations from the CPU of the targeted mobile computer device, said researchers at Tel Aviv University in collaboration with Israel’s Technion institute.

More Games for Software Security
Gaming to Cut Out Sofware Flaws
Employees Violate Cloud Security Rules
Social Engineering: Employees a Huge Risk

The cost of the radio device is around $300 and it can consist of readily available components: A Rikomagic controller, a piece of wire acting as an antenna, and a FUNcube software-defined radio (SDR).

A more professional variant would also include a data storage card, batteries and a WiFi antenna for sending data wirelessly to the attacker’s machine.

However, the researchers said they can make a device using components commonly found in a household (a plain consumer-grade radio receiver).

The gadget created by the researchers ended up named PITA (short for Portable Instrument for Trace Acquisition), in reference to the fact an attacker can conceal the device inside a pita bread.

During the experiment, it was possible to extract decryption keys in just seconds when non-adaptive ciphertext ended up used.

In a technical research paper, provided by Andy Greenberg on Scribd, the researchers explain their method relies on non-adaptive ciphertexts “crafted so that whenever the decryption routine encounters particular bit patterns in the secret key, intermediate values occur with a special structure that causes observable fluctuations in the electromagnetic field.”

By further processing the signal and through cryptographic interpretation, the bit patterns and the secret keys can end up retrieved. For the theft, a very low measurement bandwidth ends up used (less than 100kHz around carrier under 2MHz).

The experiment proved to be a success on a Lenovo 3000 N200 with a version of GnuPG that was the latest at the time of the research. An update released at the beginning of the year to counter this form of attack, but ElGamal and RSA encryption is in other software that may still be vulnerable.