Feeds

Talking capacitors could blab to code breakers

Motherboard clues to private encryption keys

  • alert
  • submit to reddit

High performance access to file storage

Crypto Boffins - led by Adi Shamir of RSA fame - are investigating whether it might be possible to gain valuable clues about private encryption keys simply by listening to a targeted computer.

The sounds made by capacitors on motherboards might, in theory, give attackers code-breaking clues in much the same way electro-magnetic leakage or power fluctuations can be used in so-called "side-channel" attacks on secure systems. These kinds of attacks are well beyond the capability of your average hacker but they do have applications in the design of tamper-resistant systems. The research shows that cryptanalysts are prepared to think of any possible attack vector in their quest to ensure cryptographic systems remain secure.

Preliminary work by Adi Shamir and Eran Tromer of the Weizmann Institute in Israel showed that "acoustic emanations from personal computers are a surprisingly rich source of information on CPU activity". For instance the researchers have found that RSA signature/decryption sounds different for different secret keys and that monitoring audio signals can reveal the time of a decryption operation, useful in timing attacks, especially when an attacker can affect that input data of a cryptographic operation. The audio signals of interest are well above the frequency generated by fans and thus easily filtered out. A proof-of-concept presentation on the research can be found here. ®

Related stories

Twinkle, twinkle little LED (now I know what's in your head)
NSA coughs up secret TEMPEST specs
Readers' Letters Storm in a TEMPEST?
Meet Tempest it stops people knowing what's on your PC screen

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.