Vigil@nce - GnuPG: key detection by chassis voltage
September 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is located near a computer performing RSA
operations with GnuPG on chosen messages, can measure this
computer chassis voltage, in order to guess a 4096 bit RSA key in
one hour.
Impacted products: GnuPG, MBS, Ubuntu, Unix (platform)
Severity: 1/4
Creation date: 04/09/2014
DESCRIPTION OF THE VULNERABILITY
The GnuPG program uses the RSA algorithm for its cryptographic
operations. Naturally, the RSA algorithm is sensitive to time
measurement attacks, because the duration of the mathematical
operation depends on user’s message.
The common protection is to use the RSA Blinding feature. It
multiplies the message by a random, before performing the RSA
operation, and then multiplies the result by the inverse of the
random. However, GnuPG version 1 does not use RSA Blinding.
The chassis voltage of a laptop computer oscillates of
approximatively 10mV related to the ground during processor
operations. A voltmeter connected to the other end of a network
cable can thus detect there variations, in order to guess the type
of the RSA operation.
An attacker, who is located near a computer performing RSA
operations with GnuPG on chosen messages, can therefore measure
this computer chassis voltage, in order to guess a 4096 bit RSA
key in one hour.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/GnuPG-key-detection-by-chassis-voltage-15270