Acoustic cryptanalysis
Encyclopedia
Acoustic cryptanalysis is a side channel attack
Side channel attack
In cryptography, a side channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms...

 which exploits sound
Sound
Sound is a mechanical wave that is an oscillation of pressure transmitted through a solid, liquid, or gas, composed of frequencies within the range of hearing and of a level sufficiently strong to be heard, or the sensation stimulated in organs of hearing by such vibrations.-Propagation of...

s emitted by computers or machines. Modern acoustic cryptanalysis mostly focuses on sounds emitted by computer keyboard
Computer keyboard
In computing, a keyboard is a typewriter-style keyboard, which uses an arrangement of buttons or keys, to act as mechanical levers or electronic switches...

s and internal computer
Computer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...

 components, but historically it has also been applied to impact printers and electromechanical cipher machines.

History

Victor Marchetti
Victor Marchetti
Victor Marchetti is a former special assistant to the Deputy Director of the Central Intelligence Agency and a prominent paleoconservative critic of the United States Intelligence Community and the Israel lobby in the United States....

 and John D. Marks
John D. Marks
John D. Marks is the founder and President of Search for Common Ground, a non-profit organization based in Washington, DC that focuses on international conflict management programming...

 eventually negotiated the declassification of CIA acoustic intercepts of the sounds of cleartext printing from encryption machines. Technically this method of attack dates to the time of FFT
Fast Fourier transform
A fast Fourier transform is an efficient algorithm to compute the discrete Fourier transform and its inverse. "The FFT has been called the most important numerical algorithm of our lifetime ." There are many distinct FFT algorithms involving a wide range of mathematics, from simple...

 hardware being cheap enough to perform the task—in this case the late 1960s to mid-1970s. However, using other more primitive means such acoustical attacks were made in the mid-1950s.

In his book Spycatcher
Spycatcher
Spycatcher: The Candid Autobiography of a Senior Intelligence Officer , is a book written by Peter Wright, former MI5 officer and Assistant Director, and co-author Paul Greengrass. It was published first in Australia...

, former MI5
MI5
The Security Service, commonly known as MI5 , is the United Kingdom's internal counter-intelligence and security agency and is part of its core intelligence machinery alongside the Secret Intelligence Service focused on foreign threats, Government Communications Headquarters and the Defence...

 operative Peter Wright
Peter Wright
Peter Maurice Wright was an English scientist and former MI5 counterintelligence officer, noted for writing the controversial book Spycatcher, which became an international bestseller with sales of over two million copies...

 discusses use of an acoustic attack against Egypt
Egypt
Egypt , officially the Arab Republic of Egypt, Arabic: , is a country mainly in North Africa, with the Sinai Peninsula forming a land bridge in Southwest Asia. Egypt is thus a transcontinental country, and a major power in Africa, the Mediterranean Basin, the Middle East and the Muslim world...

ian Hagelin
Boris Hagelin
Boris Caesar Wilhelm Hagelin was a Swedish businessman and inventor of encryption machines.Born of Swedish parents in the Caucasus , Hagelin attended Lundsberg boarding school and later studied mechanical engineering at the Royal Institute of Technology in Stockholm, graduating in 1914...

 cipher machines in 1956. The attack was codenamed "ENGULF".

Known attacks

In 2004, Dmitri Asonov and Rakesh Agrawal of the IBM
IBM
International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...

 Almaden Research Center
Almaden Research Center
The IBM Almaden Research Center is in San Jose, California, and is one of IBM's nine worldwide research labs. Its scientists perform basic and applied research in computer science, services, storage systems, physical sciences, and materials science and technology. The center opened in 1986, and...

 announced that computer keyboard
Computer keyboard
In computing, a keyboard is a typewriter-style keyboard, which uses an arrangement of buttons or keys, to act as mechanical levers or electronic switches...

s and keypads used on telephone
Telephone
The telephone , colloquially referred to as a phone, is a telecommunications device that transmits and receives sounds, usually the human voice. Telephones are a point-to-point communication system whose most basic function is to allow two people separated by large distances to talk to each other...

s and automated teller machine
Automated teller machine
An automated teller machine or automatic teller machine, also known as a Cashpoint , cash machine or sometimes a hole in the wall in British English, is a computerised telecommunications device that provides the clients of a financial institution with access to financial transactions in a public...

s (ATMs) are vulnerable to attacks based on differentiating the sound produced by different keys. Their attack employed a neural network
Artificial neural network
An artificial neural network , usually called neural network , is a mathematical model or computational model that is inspired by the structure and/or functional aspects of biological neural networks. A neural network consists of an interconnected group of artificial neurons, and it processes...

 to recognize the key being pressed.

By analyzing recorded sounds, they were able to recover the text of data being entered. These techniques allow an attacker using covert listening device
Covert listening device
A covert listening device, more commonly known as a bug or a wire, is usually a combination of a miniature radio transmitter with a microphone. The use of bugs, called bugging, is a common technique in surveillance, espionage and in police investigations.A bug does not have to be a device...

s to obtain password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....

s, passphrase
Passphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...

s, personal identification number
Personal identification number
A personal identification number is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Typically, the user is required to provide a non-confidential user identifier or token and a confidential PIN to gain access to the system...

s (PINs), and other information entered via keyboards.

In 2005, a group of UC Berkeley researchers performed a number of practical experiments demonstrating the validity of this kind of threat.

Also in 2004, Adi Shamir
Adi Shamir
Adi Shamir is an Israeli cryptographer. He is a co-inventor of the RSA algorithm , a co-inventor of the Feige–Fiat–Shamir identification scheme , one of the inventors of differential cryptanalysis and has made numerous contributions to the fields of cryptography and computer...

 and Eran Tromer demonstrated that it may be possible to conduct timing attack
Timing attack
In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms...

s against a CPU
Central processing unit
The central processing unit is the portion of a computer system that carries out the instructions of a computer program, to perform the basic arithmetical, logical, and input/output operations of the system. The CPU plays a role somewhat analogous to the brain in the computer. The term has been in...

 performing cryptographic operations by analysis of variations in humming emmissions (that is, its ultrasonic
Ultrasound
Ultrasound is cyclic sound pressure with a frequency greater than the upper limit of human hearing. Ultrasound is thus not separated from "normal" sound based on differences in physical properties, only the fact that humans cannot hear it. Although this limit varies from person to person, it is...

 noise emanating from capacitor
Capacitor
A capacitor is a passive two-terminal electrical component used to store energy in an electric field. The forms of practical capacitors vary widely, but all contain at least two electrical conductors separated by a dielectric ; for example, one common construction consists of metal foils separated...

s on a motherboard, not electromagnetic emissions
Electromagnetic radiation
Electromagnetic radiation is a form of energy that exhibits wave-like behavior as it travels through space...

 or the human-audible humming of a cooling fan).

Countermeasures

This kind of cryptanalysis can be defeated by generating sounds that are in the same spectrum and same form as keypresses. If you replay sounds of actual keypresses, it may be possible to totally defeat such kinds of attacks. It is advisable to use at least 5 different recorded variations (36 x 5 = 180 variations) for each keypress to get around the issue of FFT fingerprinting. Alternatively, white noise
White noise
White noise is a random signal with a flat power spectral density. In other words, the signal contains equal power within a fixed bandwidth at any center frequency...

of a sufficient volume (which may be simpler to generate for playback) will also mask the acoustic emanations of individual keypresses.
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK