Acoustic Cryptanalysis

One of the methods for extracting information from supposedly secure systems is side-channel attacks: cryptanalytic techniques that rely on information unintentionally leaked by computing devices. Most side-channel attack research has focused on electromagnetic emanations (TEMPEST), power consumption and, recently, diffuse visible light from CRT displays. The oldest eavesdropping channel, namely acoustic emanations, has received little attention. The preliminary analysis of acoustic emanations from personal computers shows them to be a surprisingly rich source of information on CPU activity. Acoustic cryptanalysis is a side channel attack which exploits sounds audible or not, produced during a computation or input-output operation by computer workstations, impact printers, or electromechanical cipher machines. We will look at the possible attack method, attempt to analyze the risk of the method and give pointers for further research. In 2004, Adi Shamir and Eran Tromer demonstrated that it may be possible to conduct timing attacks against a CPU performing cryptographic operations by analysis of variations in its humming noise. In 2004, Dimitri Asonov and Rakesh Agarwal of the IBM Almaden Research Center announced that computer keyboards and keypads used on telephones and automated teller machines (ATMs) are vulnerable to attacks based on differentiating the sound produced by different keys.. By analyzing recorded sounds, they were able to recover the text of data being entered. These techniques allow an attacker using covert listening devices to obtain password, passphrases and personal identification number (PINs) and other security information. In 2005, a group of UC Berkeley researchers performed a number of practical experiments demonstrating the validity of this kind of threat.