Stray electronic-magnetic leaks used to harvest PC crypto keys

quote

preserve of Mission Impossible and three-letter spy agencies.

unquote

Thats GCHQ of the hook then?

White noise jamming

Surely this is trivial to jam? My office is full of various PCs and electronics - often without cases. Are they going to pick out that one signal of the encryption being decoded? And what happens when I turn on my Plasma TV - that blasts MW and LW radio in a wide area.

This seems a little too much of "proving a theory" but not being practical in real world use.

its how the Enigma crack worked.......because the Germans tended to send routine identical signals at similar times of day it was possible to presume what a message held and then brute force it

for instance every weather message would have a preface indicating time / location, once thats cracked the rest is open - especially as weather reports follow a predictable format

in this case, if the PC next door was also send messages in a predictable format (stock reports, bank details, sales reports) then cracking it should be relatively trivial.

Van Eck Phreaking

This is very similar in principle to:

https://en.wikipedia.org/wiki/Van_Eck_phreaking

which I first heard about in the Neal Stephenson novel Cryptonomicon.

Just off to wrap my laptop in chickenwire now.

Would desktops in completely metal cases be less susceptible to this attack then?

This is going to sound daft, but back when I worked for Time Computers the meeting rooms had windows with a metal coating, secondary glazing and fixed blinds, all in an attempt to stop electronic or lazer eavesdropping.

What the brothers were worried about is anyone's guess......the only real secrets were the true ownership of all the companies in the fraud......,and just who in Dubai got all the money

(thinks in background.....Bin Ladin, Bin Ladin). Totally no proof of course

Tinfoil hats all round

Including a grounded one around your PC!

A technical question

My question is how close must the snooper be for this to work? Depending on the circumstances these types of attacks are very troubling but if the distance is 5 to 10 meters not as much.

decryption keys in applications using the libgcrypt11 library might be harvested.

I think the might is the operative word here unless they can pack all their equipment down into something smaller than a shoe box they are going to be found out rather quickly.

Antique tech! This technique has been used for decades to capture information from "secure" systems. That's why the US DOD came up with Tempest for truly secure terminals and computer systems that could not be eavesdropped on via stray EM signals!

Not read the paper then?

I see most people have not looked at the paper to see how they did it with largeish equipment without being detected from a few feet away, through the adjoining wall.

There is even a nice picture showing the set-up if you click the link in the article.

Maybe my priorities are wrong

But what I found interesting about the presentation on their website is that, in the first picture's caption, they list items from left to right. Native Israelis (and the rest of the Middle East) tend to enumerate things from right to left.

Most confusingly, the "first" item in a shelf may be the rightmost or the leftmost one from the point of view of the same person, purely depending on whether they are speaking Hebrew* or English or Russian.

* I haven't seen this with Arabic speakers, but I presume the same phenomenon would hold for a native bilingual.

Random?

Soooo, if they (currently) require multiple runs to capture/identify the signals - presumably any machine running "other code" at the same time (as most machines do?) might well create obfuscation? Also, why not simply build in random calls during the decrypt, for optional "secure decryption" - every X operations, head -Y /dev/random into /dev/null (or /tmp/file), and use a decent RNG to generate X & Y. It'd slow the process down, but theoretically create enough chaff to hide things, and wouldn't be the same on any replay?