Acoustic cryptanalysis

Acoustic cryptanalysis

Acoustic cryptanalysis is a side channel attack which exploits sounds, audible or not, produced during a computation or input-output operation by computer workstations, impact printers, or electromechanical cipher machines.

History

Victor Marchetti and John Marks eventually negotiated the declassification of CIA acoustic intercepts of the sounds of cleartext printing from encryption machines.citation
first1 = Victor | last1 = Marchetti | first2=John | last2 = Marks
title = The CIA and the Craft of Intelligence
year = 1973
] Technically this method of attack dates to the time of FFT hardware being cheap enough to perform the task -- in this case the late 1960s to mid-1970s. However, using other more primitive means such acoustical attacks were made in the mid-1950s.

In his book "Spycatcher", former MI5 operative Peter Wright discusses use of an acoustic attack against Egyptian Hagelin cipher machines in 1956. The attack was codenamed "ENGULF".citation
title = Spycatcher: The candid autobiography of a senior intelligence officer
first1=Peter | last1=Wright | authorlink = Peter Wright
year = 1987
publisher = Viking
]

Known attacks

In 2004, Dmitri Asonov and Rakesh Agrawal of the IBM Almaden Research Center announced that computer keyboards and keypads used on telephones and automated teller machines (ATMs) are vulnerable to attacks based on differentiating the sound produced by different keys. Their attack employed a neural network to recognize the key being pressed.

By analyzing recorded sounds, they were able to recover the text of data being entered. These techniques allow an attacker using covert listening devices to obtain passwords, passphrases, personal identification numbers (PINs) and other security information.

In 2005, a group of UC Berkeley researchers performed a number of practical experiments demonstrating the validity of this kind of threat.citation
url = http://www.berkeley.edu/news/media/releases/2005/09/14_key.shtml
title = Researchers recover typed text using audio recording of keystrokes
first = Sarah | last = Yang
date = 14 September 2005
journal = UC Berkeley News
]

Also in 2004, Adi Shamir and Eran Tromer demonstrated that it may be possible to conduct timing attacks against a CPU performing cryptographic operations by analysis of variations in its humming noise.citation
url =http://www.wisdom.weizmann.ac.il/~tromer/acoustic/
title = Acoustic cryptanalysis:On nosy people and noisy machines]
first1 = Adi | last = Shamir | first2 = Eran |last2 = Tromer
]

Countermeasures

If you generate sounds that are in the same spectrum and same form as keypresses, this kind of cryptanaysis can be defeated. If you replay sounds of actual keypresses, it may be possible to totally defeat such kinds of attacks. It is advisable to use at least 5 different recorded variations (36 x 5 = 180 variations) for each keypress to get around the issue of FFT fingerprinting.citation
title = Keyboard Acoustic Emanations
first12 = Dmitri | last1 = Asonov | first2 = Rakesh | last2 = Agrawal
organization = IBM Almaden Research Center
year = 2004
url = http://rakesh.agrawal-family.com/papers/ssp04kba.pdf
]

ee also

* TEMPEST
* ACOUSTINT

References


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Acoustic — may refer to:In science: * Acoustics, a branch of physics that studies sound ** Musical acoustics, the branch of acoustics that studies the physics of music * Acoustic meatus, another name for the ear canal *Acoustic recording, a pre microphone… …   Wikipedia

  • Side-channel attack — In cryptography, a side channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms (compare cryptanalysis). For example, timing… …   Wikipedia

  • Атака по сторонним каналам — Атака по энергопотреблению на алгоритм RSA. Левый пик соответствует операции быстрого возведения в степень без умножения, правый  с умножением, что позволяет восстановить значение обрабатываемых битов. Атака по сто …   Википедия

  • Password cracking — is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. The purpose of password cracking might be to help a user recover a… …   Wikipedia

  • Acoustical Intelligence — (ACOUSTINT, sometimes ACINT) is an intelligence gathering discipline that collects and processes acoustic phenomena. It is a sub discipline of MASINT (Measurement and Signature Intelligence).cite book | last = OPSEC | title = Intelligence Threat… …   Wikipedia

  • Covert listening device — A covert listening device, more commonly known as a bug or a wire, is usually a combination of a miniature radio transmitter with a microphone. The use of bugs, called bugging, is a common technique in surveillance, espionage and in police… …   Wikipedia

  • Peter Wright — Peter Maurice Wright (August 9, 1916 April 27, 1995) was an English scientist and former MI5 counterintelligence officer noted for writing the controversial book Spycatcher (ISBN 0 670 82055 5), which became an international bestseller with sales …   Wikipedia

  • Password manager — A password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or a file that holds the encrypted password data for secure logon onto computers, networks, web sites and application… …   Wikipedia

  • Disk encryption — uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term full disk encryption (or whole disk encryption) is often used to… …   Wikipedia

  • Менеджер паролей — Менеджер паролей  программное обеспечение, которое помогает пользователю работать с паролями и PIN кодами. У подобного программного обеспечения обычно имеется местная база данных или файлы, которые содержат зашифрованные данные пароля.… …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”