290 likes | 441 Views
Michael D. LeMay and Dr. Jack Tan Computer Science Department University of Wisconsin-Eau Claire. Funding: Center of Excellence for Faculty/Student Research Collaboration. Acoustic Surveillance of Physically Unmodified PCs. Outline. Introduction Side-channel attacks
E N D
Michael D. LeMay and Dr. Jack Tan Computer Science Department University of Wisconsin-Eau Claire Funding: Center of Excellence for Faculty/Student Research Collaboration Acoustic Surveillance of Physically Unmodified PCs
Outline • Introduction • Side-channel attacks • Past efforts in acoustic cryptanalysis • Methods • Equipment used • Instruction sequence analysis • GNU MP modular exponentiation analysis • Acoustic keylogging • Discussion and recommendations • Future directions
Side-channel attacks CPU CPU
Acoustic cryptanalysis • Adi Shamir and Eran Tromer • tp://www.wisdom.weizmann.ac.il/~tromer/acoustic/ • Explored the acoustic emanations caused by: • GnuPG (GNU Privacy Guard) signature generation • loops of HLT, MUL, FMUL, ADD, MOV and NOP instructions • Neglected to explore: • loops of SSE2 instructions • actual attack scenarios
Capacitors www.dashdist.com/1u2u/company/capacitor.html
Instruction sequences // andpd asm("movupd vec_x, %%xmm0\n" "movupd vec_y, %%xmm1\n" "top_andpd:\n" "andpd %%xmm0, %%xmm1\n" "loop top_andpd\n" : : "c"(repCnt) );
300MHz (12.5% duty) Spectrogram
Quaternary Encoding BSWAP (0) CMPXCHG8B (3) BOUND (2) BT (1)
Hello World! =====BASE2===BASE4 H: 0100 1000: 1020 e: 0110 0101: 1211 l: 0110 1110: 1232 l: 0110 1110: 1232 o: 0110 1111: 1233 : 0010 0000: 0200 W: 0101 0111: 1113 o: 0110 1111: 1233 r: 0111 0010: 1302 l: 0110 1100: 1230 d: 0110 0100: 1210 !: 0010 0001: 0201
Manchester Encoding 1 0 NRZ (Non-Return to Zero) Manchester 1 0 0 0 1 1 1 NRZ (Non-Return to Zero) Manchester
Quaternary Improved Encoding ORIG[2] ORIG[16] NEW[4] 0000 0: 0101 0001 1: 0102 0010 2: 0103 0011 3: 0121 0100 4: 0123 0101 5: 0131 0110 6: 0132 0111 7: 0201 1000 8: 0202 1001 9: 0203 1010 A: 0212 1011 B: 0213 1100 C: 0231 1101 D: 0232 1110 E: 0301 1111 F: 0302 SYNC: 0312
Acoustic Keylogger for Linux • LKL Linux KeyLogger • ttp://ourceforgenet/projects/kl
Recommendations • Disable CPU frequency scaling on critical systems.
Future Directions • Determine why there is spectral overlap between instruction sequences • Explore effects of multicore processors on acoustic emanations • Determine how easily applications within virtual machines can modulate emanations