Acoustic cryptanalysis is a type of

side-channel attack In computer security, a side-channel attack is a type of security exploit that leverages information inadvertently leaked by a system—such as timing, power consumption, or electromagnetic or acoustic emissions—to gain unauthorized access to ...

that exploits

sound In physics, sound is a vibration that propagates as an acoustic wave through a transmission medium such as a gas, liquid or solid. In human physiology and psychology, sound is the ''reception'' of such waves and their ''perception'' by the br ...

s emitted by computers or other devices. Most of the modern acoustic cryptanalysis focuses on the sounds produced by

computer keyboard A computer keyboard is a built-in or peripheral input device modeled after the typewriter keyboard which uses an arrangement of buttons or Push-button, keys to act as Mechanical keyboard, mechanical levers or Electronic switching system, electro ...

s and internal

computer A computer is a machine that can be Computer programming, programmed to automatically Execution (computing), carry out sequences of arithmetic or logical operations (''computation''). Modern digital electronic computers can perform generic set ...

components, but historically it has also been applied to

impact printer A printer is a peripheral machine which makes a durable representation of graphics or text, usually on paper. While most output is human-readable, bar code printers are an example of an expanded use for printers. Different types of printer ...

s, and

electromechanical Electromechanics combine processes and procedures drawn from electrical engineering and mechanical engineering. Electromechanics focus on the interaction of electrical and mechanical systems as a whole and how the two systems interact with each ...

deciphering machines.

History

Victor Marchetti Victor Leo Marchetti Jr. (December 23, 1929 – October 19, 2018) was a special assistant to the Deputy Director of the Central Intelligence Agency who later became a prominent critic of the United States Intelligence Community and the Israel l ...

and

John D. Marks John D. Marks (born 1943) is the founder and former president of Search for Common Ground (SFCG), a nonprofit organization based in Washington, D.C., that focuses on international conflict management programming. Marks now acts as a senior advi ...

eventually negotiated the declassification of CIA acoustic intercepts of the sounds of cleartext printing from encryption machines. Technically this method of attack dates to the time of

FFT A fast Fourier transform (FFT) is an algorithm that computes the discrete Fourier transform (DFT) of a sequence, or its inverse (IDFT). A Fourier transform converts a signal from its original domain (often time or space) to a representation in ...

hardware being cheap enough to perform the task; in this case the late 1960s to mid-1970s. However, using other more primitive means such acoustical attacks were made in the mid-1950s. In his book ''

Spycatcher ''Spycatcher: The Candid Autobiography of a Senior Intelligence Officer'' (1987) is a memoir written by Peter Wright, former MI5 officer and assistant director, and co-author Paul Greengrass. Wright drew on his experiences and research into ...

'', former

MI5 MI5 ( Military Intelligence, Section 5), officially the Security Service, is the United Kingdom's domestic counter-intelligence and security agency and is part of its intelligence machinery alongside the Secret Intelligence Service (MI6), Gov ...

operative Peter Wright discusses use of an acoustic attack against

Egypt Egypt ( , ), officially the Arab Republic of Egypt, is a country spanning the Northeast Africa, northeast corner of Africa and Western Asia, southwest corner of Asia via the Sinai Peninsula. It is bordered by the Mediterranean Sea to northe ...

ian Hagelin cipher machines in 1956. The attack was

codename A code name, codename, call sign, or cryptonym is a code word or name used, sometimes clandestinely, to refer to another name, word, project, or person. Code names are often used for military purposes, or in espionage. They may also be used in ...

d "ENGULF".

Known attacks

In 2004, Dmitri Asonov and Rakesh Agrawal of the

IBM International Business Machines Corporation (using the trademark IBM), nicknamed Big Blue, is an American Multinational corporation, multinational technology company headquartered in Armonk, New York, and present in over 175 countries. It is ...

Almaden Research Center IBM Research is the research and development division for IBM, an American multinational information technology company. IBM Research is headquartered at the Thomas J. Watson Research Center in Yorktown Heights, New York, near IBM headquarters ...

announced that

s and keypads used on

telephone A telephone, colloquially referred to as a phone, is a telecommunications device that enables two or more users to conduct a conversation when they are too far apart to be easily heard directly. A telephone converts sound, typically and most ...

s and

automated teller machine An automated teller machine (ATM) is an electronic telecommunications device that enables customers of financial institutions to perform financial transactions, such as cash withdrawals, deposits, funds transfers, balance inquiries or account ...

s (ATMs) are vulnerable to attacks based on the sounds produced by different keys. Their attack employed a

neural network A neural network is a group of interconnected units called neurons that send signals to one another. Neurons can be either biological cells or signal pathways. While individual neurons are simple, many of them together in a network can perfor ...

to recognize the key being pressed. By analyzing recorded sounds, they were able to recover the text of data being entered. These techniques allow an attacker using

covert listening device A covert listening device, more commonly known as a bug or a wire, is usually a combination of a miniature radio transmitter with a microphone. The use of bugs, called bugging, or wiretapping is a common technique in surveillance, espionage and ...

s to obtain

password A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...

passphrase A passphrase is a sequence of words or other text used to control access to a computer system, program or data. It is similar to a password in usage, but a passphrase is generally longer for added security. Passphrases are often used to control ...

personal identification number A personal identification number (PIN; sometimes RAS syndrome, redundantly a PIN code or PIN number) is a numeric (sometimes alpha-numeric) passcode used in the process of authenticating a user accessing a system. The PIN has been the key to faci ...

s (PINs), and other information entered via keyboards. In 2005, a group of UC Berkeley researchers performed a number of practical experiments demonstrating the validity of this kind of threat. Also in 2004,

Adi Shamir Adi Shamir (; born July 6, 1952) is an Israeli cryptographer and inventor. He is a co-inventor of the Rivest–Shamir–Adleman (RSA) algorithm (along with Ron Rivest and Len Adleman), a co-inventor of the Feige–Fiat–Shamir identification sc ...

and Eran Tromer demonstrated that it may be possible to conduct

timing attack In cryptography, a timing attack is a side-channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, an ...

s against a

CPU A central processing unit (CPU), also called a central processor, main processor, or just processor, is the primary processor in a given computer. Its electronic circuitry executes instructions of a computer program, such as arithmetic, log ...

performing cryptographic operations by analyzing variations in acoustic emissions. Analyzed emissions were

ultrasonic Ultrasound is sound with frequencies greater than 20 kilohertz. This frequency is the approximate upper audible limit of human hearing in healthy young adults. The physical principles of acoustic waves apply to any frequency range, includi ...

noise emanating from

capacitor In electrical engineering, a capacitor is a device that stores electrical energy by accumulating electric charges on two closely spaced surfaces that are insulated from each other. The capacitor was originally known as the condenser, a term st ...

s and

inductor An inductor, also called a coil, choke, or reactor, is a Passivity (engineering), passive two-terminal electronic component, electrical component that stores energy in a magnetic field when an electric current flows through it. An inductor typic ...

s on computer

motherboard A motherboard, also called a mainboard, a system board, a logic board, and informally a mobo (see #Nomenclature, "Nomenclature" section), is the main printed circuit board (PCB) in general-purpose computers and other expandable systems. It ho ...

s, not electromagnetic emissions or the human-audible humming of a cooling fan. Shamir and Tromer, along with new collaborator Daniel Genkin and others, then went on to successfully implement the attack on a laptop running a version of

GnuPG GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's cryptographic software suite PGP. The software is compliant with the now obsoleted , the IETF standards-track specification of OpenPGP. Modern versions of PGP are ...

(an RSA implementation), using either a mobile phone located close to the laptop, or a laboratory-grade microphone located up to 4 m away, and published their experimental results in December 2013. Acoustic emissions occur in coils and capacitors because of small movements when a current surge passes through them. Capacitors in particular change diameter slightly as their many layers experience electrostatic attraction/repulsion or piezoelectric size change. A coil or capacitor which emits acoustic noise will, conversely, also be microphonic, and the high-end audio industry takes steps with coils and capacitors to reduce these microphonics (immissions) because they can muddy a hi-fi amplifier's sound. In March 2015, it was made public that some inkjet printers using ultrasonic heads can be read back using high frequency

MEMS MEMS (micro-electromechanical systems) is the technology of microscopic devices incorporating both electronic and moving parts. MEMS are made up of components between 1 and 100 micrometres in size (i.e., 0.001 to 0.1 mm), and MEMS devices ...

microphones to record the unique acoustic signals from each nozzle and using timing reconstruction with known printed data, that is, "confidential" in 12-point font. Thermal printers can also be read using similar methods but with less fidelity as the signals from the bursting bubbles are weaker. The hack also involved implanting a microphone, chip storage IC and burst transmitter with long-life Li+ battery into doctored cartridges substituted for genuine ones sent by post to the target, typically a bank, then retrieved from the garbage using challenge-response

RFID Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. An RFID system consists of a tiny radio transponder called a tag, a radio receiver, and a transmitter. When tri ...

chip. A similar work on reconstructing printouts made by

dot-matrix printer Dot matrix printing, sometimes called impact matrix printing, is a computer printing process in which ink is applied to a surface using a relatively low-resolution dot matrix for layout. Dot matrix printers are a type of impact printer that p ...

s was publicized in 2011. A new acoustic cryptanalysis technique discovered by a research team at Israel's

Ben-Gurion University Ben-Gurion University of the Negev (BGU) (, ''Universitat Ben-Guriyon baNegev'') is a public research university in Beersheba, Israel. Named after Israeli national founder David Ben-Gurion, the university was founded in 1969 and currently has f ...

Cybersecurity Research Center allows data to be extracted using a computer's speakers and headphones. ''

Forbes ''Forbes'' () is an American business magazine founded by B. C. Forbes in 1917. It has been owned by the Hong Kong–based investment group Integrated Whale Media Investments since 2014. Its chairman and editor-in-chief is Steve Forbes. The co ...

'' published a report stating that researchers found a way to see information being displayed, by using microphone, with 96.5% accuracy. In 2016, Genkin, Shamir, and Tromer published another paper that described a key extraction attack that relied on the acoustic emissions from laptop devices during the decryption process. They demonstrated the success of their attack with both a simple mobile phone and a more sensitive microphone.

Countermeasures

This kind of cryptanalysis can be defeated by generating sounds that are in the same spectrum and same form as keypresses. If sounds of actual keypresses are randomly replayed, it may be possible to totally defeat such kinds of attacks. It is advisable to use at least 5 different recorded variations (36 x 5 = 180 variations) for each keypress to get around the issue of

fingerprinting. Alternatively,

white noise In signal processing, white noise is a random signal having equal intensity at different frequencies, giving it a constant power spectral density. The term is used with this or similar meanings in many scientific and technical disciplines, i ...

of a sufficient volume (which may be simpler to generate for playback) will also mask the acoustic emanations of individual keypresses.

References

{{Reflist, 30em

Cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic se ...

Cryptographic attacks Side-channel attacks

History

Known attacks

Countermeasures

See also

References