Acoustic cryptanalysis

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In cryptography, acoustic cryptanalysis is a type of side channel attack which exploits sounds emitted by computers or machines. Modern acoustic cryptanalysis mostly focuses on the sounds produced by computer keyboards and internal computer components, but historically it has also been applied to impact printers and electromechanical cipher machines.


Victor Marchetti and John D. Marks eventually negotiated the declassification of CIA acoustic intercepts of the sounds of cleartext printing from encryption machines.[1] Technically this method of attack dates to the time of FFT hardware being cheap enough to perform the task—in this case the late 1960s to mid-1970s. However, using other more primitive means such acoustical attacks were made in the mid-1950s.

In his book Spycatcher, former MI5 operative Peter Wright discusses use of an acoustic attack against Egyptian Hagelin cipher machines in 1956. The attack was codenamed "ENGULF".[2]

Known attacks[edit]

In 2004, Dmitri Asonov and Rakesh Agrawal of the IBM Almaden Research Center announced that computer keyboards and keypads used on telephones and automated teller machines (ATMs) are vulnerable to attacks based on the sounds produced by different keys. Their attack employed a neural network to recognize the key being pressed. By analyzing recorded sounds, they were able to recover the text of data being entered. These techniques allow an attacker using covert listening devices to obtain passwords, passphrases, personal identification numbers (PINs), and other information entered via keyboards. In 2005, a group of UC Berkeley researchers performed a number of practical experiments demonstrating the validity of this kind of threat.[3]

Also in 2004, Adi Shamir and Eran Tromer demonstrated that it may be possible to conduct timing attacks against a CPU performing cryptographic operations by analyzing variations in acoustic emissions. Analyzed emissions were ultrasonic noise emanating from capacitors and inductors on computer motherboards, not electromagnetic emissions or the human-audible humming of a cooling fan.[4] Shamir and Tromer, along with new collaborator Daniel Genkin and others, then went on to successfully implement the attack on a laptop running a version of GnuPG (an RSA implementation), using either a mobile phone located close to the laptop, or a laboratory-grade microphone located up to 4 m away, and published their experimental results in December 2013.[5]

Acoustic emissions occur in coils and capacitors because of small movements when a current surge passes through them. Capacitors in particular change diameter slightly as their many layers experience electrostatic attraction/repulsion or piezoelectric size change.[6] A coil or capacitor which emits acoustic noise will, conversely, also be microphonic, and the high-end audio industry takes steps with coils[7] and capacitors[8] to reduce these microphonics (emissions) because they can muddy a hi-fi amplifier's sound.


This kind of cryptanalysis can be defeated by generating sounds that are in the same spectrum and same form as keypresses. If you randomly replay sounds of actual keypresses, it may be possible to totally defeat such kinds of attacks. It is advisable to use at least 5 different recorded variations (36 x 5 = 180 variations) for each keypress to get around the issue of FFT fingerprinting.[9] Alternatively, white noise of a sufficient volume (which may be simpler to generate for playback) will also mask the acoustic emanations of individual keypresses.

See also[edit]


  1. ^ Marchetti, Victor; Marks, John (1973), The CIA and the Craft of Intelligence 
  2. ^ Wright, Peter (1987), Spycatcher: The candid autobiography of a senior intelligence officer, Viking 
  3. ^ Yang, Sarah (14 September 2005). "Researchers recover typed text using audio recording of keystrokes". UC Berkeley News. 
  4. ^ Shamir, Adi; Tromer, Eran. "Acoustic cryptanalysis: On nosy people and noisy machines". 
  5. ^ Genkin, Daniel; Shamir, Adi; Tromer, Eran. "RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis". 
  6. ^ "Capacitors for Reduced Micro phonics and Sound Emission" (PDF). CARTS 2007 Symposium Proceedings, Albuquerque. Electronic Components, Assemblies & Materials Association (ECA). March 2007. Retrieved 2014-01-24. 
  7. ^ "FoilQ, .50mH 16ga". Retrieved 2014-01-24. 
  8. ^ "50uF 250volt Metallized Polyester Mylar Film Capacitor-ERSE". Retrieved 2014-01-24. 
  9. ^ Asonov, Dmitri; Agrawal, Rakesh (2004), "Keyboard Acoustic Emanations" (PDF), IBM Almaden Research Center