1. RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer

2. Mathematical Attacks InputOutput Crypto Algorithm Key Goal: recover the key given access to the inputs and outputs

3. Side Channel Attacks Power Vibration Timing Sound Heat EM InputOutput Radiation Crypto Algorithm Key Bad InputsErrors Goal: recover the key given access to the inputs, outputs and measurements Goal: recover the key given access to the inputs and outputs Crypto Algorithm Key Crypto Device Key

4. ENGULF [Peter Wright, pycatcher, p. 84] In 1956, a couple of Post Office engineers fixed a phone at the Egyptian embassy in London.

5. ENGULF (cont.) “The combined MI5/GCHQ operation enabled us to read the Egyptian ciphers in the London Embassy throughout the Suez Crisis.”

6. Acoustic cryptanalysis on modern CPUs

7. Distinguishing various CPU operations

8. Distinguishing various code lengths loops in different lengths of ADD instructions

9. RSA decryption

10. RSA key distinguishability and here is the sound of the keys (after signal processing)keys

11. Modular exponentiation

14. Single multiplication is way to fast for us to measure Multiplication is repeated 2048 times (0.5 sec of data)

15. Acoustic leakage of key bits

16. Results Key extraction is possible up to 4 meters away using a parabolic microphone

17. Results Key extraction is possible up to 1 meter away without a parabolic microphone

18. Results Key extraction is possible up to 30cm away using a smartphone

19. Karatsuba multiplication

20. The recursion tree

21. Basic multiplication Repeated for a total of 8 times in this call and for a total of up to ~172,000 times!, allowing for the leakage to be detectable using low bandwidth means (such as sound).

22. 1.Play loud music while decrypting (or other kind of noise) 2.Parallel software load Countermeasures --- bad ideas!

23. Countermeasures (ciphertext randomization)

24. Thank you! (questions?) http://www.cs.tau.ac.il/~tromer/acoustic