How to Steal an Encryption Key With a €20 Software Defined Radio and €200 of Parts
The cost of Van Eck phreaking has dramatically dropped. The side-channel attack used to monitor every word you type—by eavesdropping on the contents of your display using the electromagnetic radiation from old-style CRT displays—used to be the sole preserve of nation states. But, despite the demise of the CRT, it can now be used to steal your private key using just €200—that’s about $225—of off the shelf hardware.
Side-channel attacks to recover keys for cryptographic algorithms using measurements of power use are well know. However in the past these attacks tended to require physical access to the hardware to directly measure power in the processor usage during encryption.
This attack differs, using radio hardware to allow recovery of a key from up to 1m (about 3ft) in around 5 minutes, and in much shorter times with the radio hardware closer to the target machine—around 50 seconds at about 30cm (about 1ft).
While those distances might still seem close, the team specified off-the shelf hardware that could fit in a big, or a—admittedly large—jacket pocket. The team make use of a loop antenna, attached to an external amplifier with a bandpass filter, and a software defined radio on a USB stick that they bought for just €20 (about $23).
Of course attacks like this have been know for years, after all Van Eck’s original paper was published in 1985, and a great deal of work has gone into both exploiting and defending against these sorts of attack vectors ever since. There are known defences—for instance at least to some extent it’s possible to mask the energy behaviour of encryption systems.
The FIPS 140–2 Standard—the standard to be used by (US) Federal organizations when specifying cryptographic-based security systems—even requires cryptographic modules to employ measures to eliminate unintentional radio emissions that could be used to compromise keys, although at least at the moment there aren’t any testable requirements laid down in the standard itself.
This side channel attack was also carried out under laboratory conditions. As the team themselves acknowledge, “In practice this setup is well suited to attacking network encryption appliances. Many of these targets perform bulk encryption (possibly with attacker controlled data) and the ciphertext is often easily captured from elsewhere in the network.” In the real world, where the attacker could be facing a system that’s multi-tasking and doing other things whilst encryption is going on, it would be a lot harder to recover the keys.
Want to delve deeper? You can download the team’s white paper.