1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Researchers recover AES256 key using a $230 device

By William Gayde
Jul 18, 2017
Post New Reply
  1. Security researchers are always on the lookout for breaking encryption algorithms. Brute force techniques aren't viable solutions given the time and resources required, which has led to the development of other, more creative methods of getting around encryption. Using the background electromagnetic radiation given off by a computer system's electronics, a team of researchers at Fox-IT and Riscure were able to recover an AES256 key in just 5 minutes using a $230 device.

    This AES attack is a type of side-channel attack and is one of the more popular modern ways to obtain classified or encrypted information. The attacks involve capturing data based on the physical implementation of a system rather than a brute force or exploit of the system itself. Other similar attacks include power analysis to characterize the system doing different encryption operations, acoustic analysis to pick up minute audio queues from the processor, and attacks that purposefully introduce faults into the system.

    Without proper shielding or masking, systems can be very difficult to protect since traditional security methods like patches or complex encryption won't have much of an effect. The researchers were able to carry out the attack with a loop antenna, an amplifier, a filter, and a software-defined radio receiver on a USB stick. The whole setup is small enough to fit in a pocket or briefcase and only needs 5 minutes to capture a key from a meter away.

    The device works by capturing electromagnetic radiation coming from the target. It then correlates these data to power usage and known encryption profiles. By comparing characteristic power usage spikes to the known values for each of the 256 values of a byte, researchers were able to effectively recover the key. They only needed to try 8,192 guesses instead of the 2^256 that a brute force would take.

    If all of this has you worried, you'll be happy to know that this was carried out in a controlled lab environment. The device and target were both shielded from all external electromagnetic waves. The same technology, known as Van Eck Phreaking, has also been used by an Israeli team to capture a computer password through a thin wall and other mobile phone keys.

    Permalink to story.

  2. VitalyT

    VitalyT Russ-Puss Posts: 4,533   +3,123

    This is very similar to picking up a safe combination :)
    Puiu and Reehahs like this.
  3. jobeard

    jobeard TS Ambassador Posts: 13,011   +1,558

  4. Godel

    Godel TS Addict Posts: 179   +91


    This was presumably done while the file was being encrypted, not on an encrypted file at rest.

    Also the processor doing the encryption was probably not specifically designed for security purposes. Security devices use unvarying time and power consumption for their encrypting/decrypting tasks just to stymie attacks like this -- although this might be relevant to the many cheap POS card scanners out in the real world.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...