Wednesday, November 2, 2011

Compromising emissions!

Been reading about various side channel attacks, I think my skills (lateral thinking, electronics, 'puters, physics and math) could lend themselves well to this ...where do I sign up!
basically is eavesdropping information leaked via power,RF/EMI,sound,light or other means to gain information
(RF/EMI demo)
(USB port power and sound)
(PoC for picking up sound from mobo capacitors to break RSA )
(Keyboard taps)
(keyboard EMI)
(car keys...brute forcing the private key from all challenge/responses)
(a physical side channel aka safe cracking)

Padding oracle attacks
(decrypt ciphertext without knowing the key eg to bypass CAPTCHA )
( Efficient Padding Oracle Attacks on Cryptographic Hardware )

RSA FOB tokens
(Crack 3DES smart cards with an RFID reader and an oscilloscope, via power analysis of the chip in the card while de/encrypting)
(Read displays at a distance)
(Flashing lights on your network kit may be a spanned port!)

TEMPEST backronyms from wikipedia

Tiny ElectroMagnetic Particles Emitting Secret Things
Transmitted Electro-Magnetic Pulse / Energy Standards & Testing
Telecommunications ElectroMagnetic Protection, Equipment, Standards & Techniques
Transient ElectroMagnetic Pulse Emanation STandard
Telecommunications Electronics Material Protected from Emanating Spurious Transmissions