Cryptography is a technique of protecting privacy of data by converting it (encrypting it) into an encoded format, called cipher text. Just the individuals who have decryption key can translate (or unscramble) the message into plain content. The analysis of encrypted messages to recover key or pain text is called cryptanalysis, also called code breaking. Acoustic cryptanalysis is a special type of side channel attack which exploits sounds emitted by computers or machines. It mainly focuses on the sounds produced by computer keyboards , impact printers and internal computer components. This attack reliably extracts secret cryptographic keys by capturing the high-pitched sounds coming from a computer while it displays an encrypted message.
In the year of 2004, Dmitri Asonov and Rakesh Agrawal of the IBM Almaden Research Center had announced that PC keyboards and keypads utilized on telephones and automated teller machines (ATMs) are defenseless against attack based on the sounds created by various keys. Their attack uses a neural network to discover the key being pressed. On the same year i.e. in 2004, Adi Shamir and Eran Tromer showed that it might be possible to perform the timing attacks against a CPU that utilize the cryptographic operations by analyzing fluctuations in acoustic emissions. They and Daniel Genkin of Tel Aviv University utilized this technique and effectively recover 4096-bit RSA key used for de crypting e-mails by using GNU Privacy Guard, a popular open source implementation of the OpenPGP standard. In March 2015, it was made open that some inkjet printers utilizing ultrasonic heads can be perused back using high frequency MEMS microphones.
Attacking area of Focus
This type of attacks are applied on various targets and by various methods, including the inside microphone of a plain cell phone put alongside the PC and using a sensitive microphone from a distance of four meters. Researchers all over the world are trying to explore the new zones where this attack can be applied. They have already found few situations where this attack can be applied such as infecting a target’s smartphone with sound capturing and monitoring malware, setting a bug or infected computer or mobile device in a charging station, presentation podium, or other areas where PCs are often putted, or keeping a listening malware communicates at a distance of 65 feet using built-in microphone and speakers. Beyond acoustics, the specialists also exhibited a similar, low-bandwidth attack that can be done by measuring the electric potential of a computer chassis. Attackers need only touch the target computer with their bare hands or get the required leakage information from the ground wires at the remote end of USB, VGA, or Ethernet cables.
However, this system has its constraints. Most clearly, the attackers must have a cell phone, bug or other microphone- empowered gadget in close closeness to a PC at the exact moment it’s decoding a message that was sent by, or otherwise known to, the attackers.
This sort of cryptanalysis can be defeated by producing sounds that are in the same spectrum and same structure as key-presses. Another solution of this problem is to use sound dampening equipment, such as “sound-proof” boxes, that is intended to adequately attenuate all relevant frequencies.