Security Information Vulnerability Research Security Blog

Side-channel attacks and listening to keyboards

September 23rd, 2005 by SecuriTeam, Filed under: Commentary, Privacy, Physical Security

This item recently hit the news:
http://blogs.securiteam.com/index.php/archives/65

About how by listening to keyboard key strokes, one can re-build the original message typed.

I recently posted about this somewhere else.

Side channel attacks are not new. You can listen to the keyboard, cpu, hdd, etc. You can go with EM radiation. You can use a telescope to view through a window a reflection off a wall. All you have to do is Google. :)

But yes, side channel attacks are cool. Thing is, there are usually *much* easier ways of doing things.

A Trojan horse can also be considered a side-channel attack if we are talking encryption, which is exactly the difference between how crypto guys and security guys think.

If you ask a crypto guy what the best way of breaking RSA is, you’d get a complicated answer with if’s, maybe’s and math. If you ask a security guy (or in this case, me), I’d just say use a Trojan horse.

For crypto guys, once an algorithm is found weak it is no longer trusted and they try and develop new ones, which is good for their science. As security people the more vulnerabilities are found and fixed the more secure we feel (except for worrying that the coders suck and the holes will keep showing).

Back to side-channel attacks, try Googling for what Adi Shamir has to say on them. I love this subject. It’s way cool.

Jeremy Richards from ncircle recently posted the following links to a mailing list I am on, detailing just a few of the possible side-channel attacks out there:
1) Acoustic Cryptanalysis.

“Adi Shamir, Eran Tromer have done some remarkable research into a side
channel attack that is able to extract private RSA keys just by monitoring the
sound output of your computer!”

2) Power Analysis.

“DPA is a powerful tool that allows cryptanalysts to extract secret keys
and compromise the security of smart cards and other cryptographic devices
by analyzing their power consumption.”

3) LED Leakage.

“A previously unknown form of compromising emanations has been
discovered. LED status indicators on data communication equipment, under certain
conditions, are shown to carry a modulated optical signal that is significantly
correlated with information being processed by the device….Experiments show that
it is possible to intercept data under realistic conditions at a considerable distance. Many different sorts of devices, including modems and Internet Protocol routers, were found to be vulnerable.”

Try also Googling for TEMPEST for the classics.

Gadi Evron,
ge@linuxbox.org.

DiggRedditSlashdotTwitThisSphinnStumbleUpondel.icio.usFacebookGoogleTechnoratiE-mail this story to a friend!

-

Is your site safe from XSS Attacks? Sig nup for Beyond Security Vulnerability Scanner today!

Leave a Comment

Security RSS Subscribe


Vulnerability Scanner