ECDH Encrypted PC? watch out for electromagnetic waves

ECDH Key-Extraction: Israeli security researchers managed to collect the keys s from a nearby computer analyzing the electromagnetic radiation.

The attack was carried out by IT scientists at the University of Tel Aviv and shows that TEMPEST side channel attacks are now a reality and not only at Mission Impossible.

Η study them has an ECDH Key-Extraction through Low-Bandwidth Electromagnetic Attacks on PCs, researchers and shows how decryption can be done in application keys using the libgcrypt11 library.wall-measurement ECDH

"We show that decryption keys can be extracted from computers running the ECDH encryption algorithm, using the electromagnetic emissions produced during the decryption process. By measuring the electromagnetic leakage of the target, the attack extracts the secret decryption key within a few , from a target located in an adjacent room even if a wall is in the way.”

ECDH (elliptic curve Diffie Hellman) is a standard public key encryption algorithm used in OpenPGP, as defined in RFC 6637 and NIST SP800-56A. We attacked ECDH with GnuPG's libgcrypt 1.6.3 library (the latest version at the time the study was published). The attack requires the decryption of a single and carefully chosen ciphertext, and is repeated a few dozen times. It then uses time-frequency signal analysis techniques to electromagnetically extract the decryption code from the target laptop's emissions during tel execution of the ECDH.

An antenna, amplifiers, software radio and a computer for analysis were used for the attack.

Οι ερευνητές (Daniel Genkin, Lev Pachmanov, Itamar Pipman και Eran Tromer) θα παρουσιάσουν τα ευρήματά τους κατά την προσεχή διάσκεψη RSA που θα γίνει στο San on 3 March. The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.081 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).