[PD] [OT] high-frequency birdsong

Jonathan Wilkes jancsika at yahoo.com
Tue Jun 7 13:28:28 CEST 2016


Ah, it makes a lot more sense now.  Thanks.
-Jonathan


 

    On Tuesday, June 7, 2016 1:50 AM, Chris McCormick <chris at mccormick.cx> wrote:
 

 On 07/06/16 13:40, Chris McCormick wrote:
> On 07/06/16 12:22, Chris McCormick wrote:
>>  > But a public-facing server would regularly be "tweeting", no?
>>
>> So you'd need physical access to a public-facing server in order to
>> collect the
>> acoustic signature.
>
> https://www.tau.ac.il/~tromer/acoustic/
>
> Here the same authors mention this attack:
>
> "Send your server to a colocation facility, with a good microphone
> inside the box, and then acoustically extract keys from all nearby
> servers."

Oh and on that same page they address your question directly in a way 
that is far better and more succinct than I did:

Q8: How can low-frequency (kHz) acoustic leakage provide useful 
information about a much faster (GHz)?

Individual CPU operations are too fast for a microphone to pick up, but 
long operations (e.g., modular exponentiation in RSA) can create a 
characteristic (and detectable) acoustic spectral signature over many 
milliseconds. In the chosen-ciphertext key extraction attack, we 
carefully craft the inputs to RSA decryption in order to maximize the 
dependence of the spectral signature on the secret key bits. See also Q18.

For the acoustic channel, we can't just increase the measurement 
bandwidth: the bandwidth of acoustic signals is very low: up to 20 kHz 
for audible signals and commodity microphones, and up to a few hundred 
kHz using ultrasound microphones. Above a few hundred kHz, sound 
propagation in the air has a very short range: essentially, when you try 
to vibrate air molecules so fast they just heat up, instead of moving in 
unison as a sound wave.

Cheers,

Chris.

-- 
http://mccormick.cx/


  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.puredata.info/pipermail/pd-list/attachments/20160607/081c7297/attachment.html>


More information about the Pd-list mailing list