Intercepting mobile communications

Borisov, Nikita; Goldberg, Ian; Wagner, David

doi:10.1145/381677.381695

Cited by 612 publications

(328 citation statements)

References 5 publications

Supporting

Mentioning

314

Contrasting

Unclassified

Order By: Relevance

“…The key extraction attack requires decryption of ciphertexts adaptively chosen by the attacker. Prior works requiring chosen plaintext or ciphertext typically attacked network protocols such as SSL/TLS [BB05] or WEP [BGW01,BHL06], or used direct access to a protected device's input. To apply the attack to GnuPG, we identified and exploited a new chosenciphertext attack vector: OpenPGP encrypted e-mail messages.…”

Section: Overviewmentioning

confidence: 99%

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

Genkin

Shamir

Tromer

2014

Lecture Notes in Computer Science

269

158

View full text Add to dashboard Cite

Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations. In a preliminary presentation (Eurocrypt'04 rump session), we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was that the acoustic side channel has a very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.In this paper we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables. * The authors thank Lev Pachmanov for programming and experiment support during the course of this research.

show abstract

Section: Overviewmentioning

confidence: 99%

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

Genkin

Shamir

Tromer

2014

Lecture Notes in Computer Science

269

158

View full text Add to dashboard Cite

show abstract

“…In addition, a continuously transmitting node can always capture the channel and cause other nodes to back off endlessly which can trigger a chain reaction from upper layer protocols (e.g. TCP window management) [2,15].…”

Section: Security Issues In the Data Link Layermentioning

confidence: 99%

Multifold node authentication in mobile ad hoc networks

Komninos¹,

Vergados²,

Douligeris³

2007

Int J Communication

View full text Add to dashboard Cite

show abstract

“…In practice, it is challenging to ensure that a nonce is never reused. Flawed implementations of nonces are ubiquitous [9,20,28,44,45]. Apart from implementation failures, there are fundamental reasons why software developers can't always prevent nonce reuse.…”

Section: Introductionmentioning

confidence: 99%

McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes

Fleischmann

Forler

Lucks

2012

Fast Software Encryption

102

View full text Add to dashboard Cite

Abstract. On-Line Authenticated Encryption (OAE) combines privacy with data integrity and is on-line computable. Most block cipher-based schemes for Authenticated Encryption can be run on-line and are provably secure against nonce-respecting adversaries. But they fail badly for more general adversaries. This is not a theoretical observation only -in practice, the reuse of nonces is a frequent issue 1 .In recent years, cryptographers developed misuse-resistant schemes for Authenticated Encryption. These guarantee excellent security even against general adversaries which are allowed to reuse nonces. Their disadvantage is that encryption can be performed in an off-line way, only.This paper considers OAE schemes dealing both with nonce-respecting and with general adversaries. It introduces McOE, an efficient design for OAE schemes. For this we present in detail one of the family members, McOE-X, which is a design solely based on a standard block cipher. As all the other member of the McOE family, it provably guarantees reasonable security against general adversaries as well as standard security against nonce-respecting adversaries.

show abstract

Intercepting mobile communications

Cited by 612 publications

References 5 publications

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

Multifold node authentication in mobile ad hoc networks

McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes

Contact Info

Product

Resources

About