Researchers Crack AES-256 Using Only $200 Worth Of Equipment

Security Researchers at Fox-IT made a device which can sniff the AES-256 keys from 1m of distance. The AES-256 encryption is been used by Military forces to and many other big organizations to keep their secret data safe. It is also used by the famous crypto currency Bitcoin for blockchain encryption.

If the key is to be decrypted then it will need 2^256 possible combinations of 1’s and 0’s, which would take ~6.7e40 times longer than the age of the universe to exhaust half of the key space of an AES-256 key, that too when we use billion of high-end GPU’s which can do about 2 billion calculations per second (2 gigaflops).

So, it is clear that you cannot wait for that much time to decrypt the AES-256 encryption.

Researchers at Fox-IT got successful in sniffing the AES-256 keys using their $224 worth setup from a distance of 1 meter. TEMPEST leakage made the sniffing possible.

(Tempest was the name of a classified (secret) U.S. government project to study the susceptibility of some computer and telecommunications devices to emit electromagnetic radiation (EMR) in a manner that can be used to reconstruct  intelligible data.)

The team used a simple loop antenna, attached it to an external amplifier and bandpass filters and then plugged them into a cheap USB SDR like RTLSDR which costs just $12.

They used the setup to record the radio signals generated by the power consumption of the target system (SmartFusion2) running an ARM Cortex-M3-powered chip. The data showed the peaks and troughs of consumption when monitored during encryption. The researchers were able to map the power consumption related to individual bytes of information after running different encryption run in their test environment.

“The value which provides the biggest peak in correlation should be the correct value. Using this approach only requires us to spend a few seconds guessing the correct value for each byte in turn (256 options per byte, for 32 bytes — so a total of 8192 guesses)” said the researcher in their report.

The setup at this cost takes 5 minutes to sniff the keys from a system at a distance of 1 m and 50 secs for a distance of 30 cm. Although, the time and range could be increased by using more upgraded parts.

The experiment was conducted in a silent environment and has yet to be conducted in office environment where there could be noises interfering with the signals.

you can find the pdf of detailed report here.

THE PDF FILE (click)