New hacking method to decrypt cryptosystem using PC's sound emerged

ByA. Strakey

Public key cryptographyUsing technology "RSA encryption"Is used for encrypting e-mails handling confidential information because it can perform complex encryption and digital signature at the same time. However, a computer scientist has demonstrated a new hacking technique of eavesdropping e-mails using the RSA cipher by eavesdropping "sounds" emitted from PCs.

New attack steals e-mail decryption keys by capturing computer sounds | Ars Technica
http://arstechnica.com/security/2013/12/new-attack-steals-e-mail-decryption-keys-by-capturing-computer-sounds/

Techniques for decoding RSA encryption by analyzing sounds were published in a joint paper "RSA Key Extraction Technique Based on Low Frequency Sound Analysis" by Dr. Adi Shamia, Dr. Daniel Jenkin, Dr. Elan Tromer of Tel Aviv University thing. The first author, Dr. Shamia, is one of the inventors of the RSA cryptosystem and is also the origin of "S" named RSA.

Dr. Shamia's research team successfully extracted the 4096 bit RSA secret key by eavesdropping and analyzing the sound generated by the computer that is decoding the RSA cipher. In this experiment, the sound that can be picked up by installing the microphone in the close distance of about 4 m from the computer to be hacked was used. Although I used a variety of equipment as a microphone, some general smart phones were included, and decryption was possible even from sounds that were recorded on smartphones.


In this decryption technology, extremely severe conditions of "tapping the sounds emitted by the PC while decrypting the RSA encryption after installing the microphone in the vicinity of the target PC" are required, so the general It may not be applicable as a hacking technique. However, for example, there is a danger that the RSA encryption may be decrypted by sound analysis in certain places / scenes such as conference rooms that make important meetings, presentation venues, even near server rooms, etc.

Dr. Shamia pointed out that application developers should develop software assuming cryptographic analysis technology using sound, and as countermeasures against hacking using sound, RSA cryptography analysis is randomly applied to multiple We are doing what we are doing. Furthermore, for general users who use software using RSA encryption, we encourage software developers to check whether the RSA encryption software they are using measures for sound hacking.