You'll falafel about this horrifying new crypto-key-sniffing hack


#1

[Read the post]


#2

The cheap-ass DVB-T dongles can do some amazing stuff, but the funcube dongle, made for amateur radio satellite fun, has way better coverage down to the kHz region rather than just to low VHF. There are easy enough to build plans to make a manually switched upconverter but I suggest starting with the sub $10 DVB-T dongles before investing in a funcube.
(edit)
The technique is a pretty cool hack to offset the limitations of the sampling capacity of a cheap RTL2832 TV tuner reading in raw mode.


#3

Ahh, good old TEMPEST…

In practice, the usability of this is somewhat limited by the multitasking nature of the computers. But this in turn can be offset by running the same decrypt task many times and statistically processing the data to mine the relevant pieces out. Multiprocessor work can introduce additional signals to filter out but it has the same repeat-and-look-for-in-noise solution.

TEMPEST shielding is quite an interesting area. Mostly but not entirely similar to the problematics of conventional EMI, with the twist of suppressing the signatures more than only the radiated energy.

This signature sniffing thing could be turned 180 degrees. A software could be written for generating easily detectable signatures (modulated tones, for example) at specified frequencies, or sweeping across bands, radiated from selectable sources (USB, PCI bus, HDMI, memory bus…). These then can be used for assessing the success of the applied shielding and radiation suppression. By intentionally generating a “bright” signal we can use cheaper, less sensitive equipment.

Also, another issue: what about writing crypto libraries (or math libraries in general) optimized not for code speed but for low differential power consumption and low radiation signatures?
Edit:

The researchers disclosed their findings to the GnuPG (GPG) project in advance, and there will be a new version of GPG that prevents the attack that comes out simultaneous with the paper, in September.

Apparently this is what is being done. Or something along those lines. Whatever it is, looks like a good beginning.


#4

Is not to worry. I simply am putting ordinary bread atop computer. Go on about ordinary business now.


#5

wow! I thought I was going to plotz!


#6

Is this similar to what neal stephenson wrote about in crytonomicon?


#7

Pretty much yes. Good that it is hitting the civilian world.


#8

So this essentially only works when you can control the messages being sent? Did I get that right?

Why is the sample frequency so much lower then the CPU frequency? Is that a limit in the state of the art sensors or just in this off-the-shelf component?

I figured the solution would probably just be to add in some extra (random) noise but you are probably right in that they have a smarter solution.


#9

This topic was automatically closed after 5 days. New replies are no longer allowed.