A group of researchers from Technion and Tel Aviv University have demonstrated new and unexpected ways to retrieve decryption keys from computers.
Their research is “based on the observation that the ‘ground’ electric potential in many computers fluctuates in a computation-dependent way.”
“An attacker can measure this signal by touching exposed metal on the computer’s chassis with a plain wire, or even with a bare hand. The signal can also be measured at the remote end of Ethernet, VGA or USB cables,” they explained.
“Through suitable cryptanalysis and signal processing, we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing.”
Their attacks have been leveraged against GnuPG, and they used several side channels to do it.
They measured fluctuations of the electric potential on the chassis of laptop computers by setting up a wire that connected to an amplifier and digitizer. They also found a way to measure the chassis potential via a cable with a conductive shield that is attached to an I/O port on the laptop.
Most surprisingly, the signal can also be measured after it passes through a human body. “An attacker merely needs to touch the target computer with his bare hand, while his body potential is measured,” they explained, adding that the measuring equipment is then carried by the attacker.
Finally, they also succeeded in extracting the keys by measuring the electromagnetic emanations through an antenna and the current draw on the laptop’s power supply via a microphone.
The bad news is that each of these attacks can be easily and quickly performed without the user being none the wiser (the researchers included realistic, every-day scenarions in the paper). More information about the attacks can also be found here.