A team of UCB researchers have coupled the sound of typing to various artificial intelligence learning techniques and recovered the text that was being typed. This recalls to mind Peter Wright's work. Poking around the net, I found that Shamir and Tromer started from here:
Preceding modern computers, one may recall MI5's "ENGULF" technique (recounted in Peter Wright's book Spycatcher), whereby a phone tap was used to eavesdrop on the operation of an Egyptian embassy's Hagelin cipher machine, thereby recovering its secret key.
I haven't _Spycatcher_ to hand, but from memory the bug was set up by fiddling the phone in the same room to act as a microphone, and the different sounds of the typewriter keys hitting being pressed on the cipher machine were what allowed the secret key to be recovered. Here's some more of Wright's basic techniques:
One of Peter Wright's successes was in listening to (i.e. bugging) the actions of a mechanical cipher machine, in order to break their encryption. This operation was code-named ENGULF, and enabled MI5 to read the cipher of the Egyptian embassy in London at the time of the Suez crisis. Another cipher-reading operation, code-named STOCKADE, read the French embassy cipher by using the electro-magnetic echoes of the input teleprinter which appeared on the output of the cipher machine. Unfortunately, Wright says this operation "was a graphic illustration of the limitations of intelligence" - Britain was blocked by the French from joining the Common Market and no amount of bugging could change that outcome.Particularly interesting is MI5's invention code-named RAFTER, which is used to detect the frequency a radio receiver is tuned to, by tracing emissions from the receiver's local oscillator circuit. RAFTER was used against the Soviet embassy and consulate in London to detect whether they were listening in to A4-watcher radios. Wright also used this technique to try to track down Soviet "illegals" (covert agents) in London who received their instructions by radio from the USSR.
Unlike Wright's techniques from the 60s, the UCB team and their forerunners have the ability to couple up their information to vastly more powerful processing (Ed Felton comments, the paper and pointer from Adam). They manage to show how not only can the technique extract pretty accurate text, it can do so after listening to only 10-15 minutes of typing without prior clues.
That's a pretty impressive achievement! Does this mean that next time a virus invades your PC, you also need to worry about whether it captures your microphone and starts listening to your password typing? No, it's still not that likely, as if the audio card can be grabbed your windows PC is probably "owned" already and the keyboard will be read directly. Mind you, the secure Mac that you use to do your online banking next to it might be in trouble :-)
While we are on the subject, Adam also points at (Bruce who points at) the CIA's Tolkachev case, the story of an agent who passed details on Russian avionics until caught in 1985 (and executed a year later for high treason).
The tradecraft information in there is pretty interesting. Oddly, for all their technical capability the thing that worked best was old-fashioned systems. At least the way the story reads, microfilm cameras, personal crypto-communicators and efforts to forge library passes all failed to make the grade and simpler systems were used:
In November 1981, Tolkachev was passed a commercially purchased shortwave radio and two one-time pads, with accompanying instructions, as part of an "Interim-One-Way Link" (IOWL) base-to-agent alternate communication system. He was also passed a demodulator unit, which was to be connected to the short wave radio when a message was to be received.Tolkachev was directed to tune into a certain short wave frequency at specific times and days with his demodulator unit connected to his radio to capture the message being sent. Each broadcast lasted 10 minutes, which included the transmission of any live message as well as dummy messages. The agent could later break out the message by scrolling it out on the screen of the demodulator unit. The first three digits of the message would indicate whether a live message was included for him, in which case he would scroll out the message, contained in five-digit groups, and decode the message using his one-time pad. Using this system, Tolkachev could receive over 400 five-digit groups in any one message.
Tolkachev tried to use this IOWL system, but he later informed his case officer that he was unable to securely monitor these broadcasts at the times indicated (evening hours) because he had no privacy in his apartment. He also said that he could not adhere to a different evening broadcast schedule by waiting until his wife and son went to bed, because he always went to bed before they did.
As a result, the broadcasts were changed to the morning hours of certain workdays, during which Tolkachev would come home from work using a suitable pretext. This system also ran afoul of bad luck and Soviet security. Tolkachev's institute initiated new security procedures that made it virtually impossible for him to leave the office during work hours without written permission. In December 1982, Tolkachev returned his IOWL equipment, broadcast schedule, instructions, and one-time pad to his case officer. The CIA was never able to use this system to set up an unscheduled meeting with him.
Sounds like a familiar story! The most important of Kherchkoffs' 6 laws is that last one, which says that a crypto-system must be usable. The article also describes another paired device that could exchange encrypted messages over distances of a few hundred metres, with similar results (albeit with some successful message deliveries).
Posted by iang at September 11, 2005 10:41 AM | TrackBackThe fact that people may have information that maybe of value to other people suggest that there are relative to both parties safe zones to exploit the information. These safe zones where each party exploits their valued information freely are their weak spots. The Russians apartment, the Americans home, and any place considered private or uninteresting to others. Cryptos use and deployment suggest that one party is not destroying the safe zones of the other and not a hot war but rather a cold one. A hot war removes the safe zones from the other party and protects your own. We (Americans) are in a hot war that we have failed to recognize. We are not destroying enough of the enemies safe zones and we are defending enough of our own safe zones. We never invested enough time or money in our cold wars turning the funding and validation process on and off based on emotion. Preventive measures are not our forte as witnessed by Katrina. If we where able to learn from the Dutch and the efforts they deployed after Rotterdam was destroyed from flood surge we might have learned to prevent the loss of New Orleans. If we had learned that proactive spy networks are cheaper than armies we might have prevented Islamic Terrorist Activity. We had teams doing the work prior to the war but the leadership lacked the longterm vision to use the information. We are replicating this mistake with China with the belief that trade will stop their aggression. The Soviet Union became convinced that a police state was not functional and competetive so they changed from within. China has no reason to change, but is given every excuse to escalate from a state as bad as Stalins USSR. So the preventive measures to protect a valued resource would not allow the CIA handlers to waste the life of the spy. In general a crypto system will be usable if the information is of value the greater the value the greater the users access to the system. The US Presidential football is always availible day and night.
Posted by: jim at September 11, 2005 10:30 AMHi Ian,
as you can imagine, us folks at cryptophone.com love these kind of articles. Keep 'm coming...
Posted by: BigMac at September 11, 2005 03:13 PMTwo months ago there was a documentary about the Tolkachev case in the Russian state TV (where, of course, Tolkachev and the Americans were the villains and the KGB-guys the heroes).
It was quite consistent with the CIA account, but it also mentioned a detail that is interesting and important from a security engineering point of view:
When Tolkachev was already under suspicion, the KGB tried all sorts of things (including messing with his working schedule, jamming radio communications etc.) to interfere with whatever means of secret communications he employed in order to force him (and his american counterparts) to resort to less secure means of communication.
Sidenote and finance-layer curiosity: they filmed him a lot beginning with 1983 or 1984 up to (and including) his arrest in order to have -- as the CIA account puts it -- airtight evidence. A lot of that material was shown in the documentary, including the capture of the CIA operative, several meetings, and a funny episode where Tolkachev got suddenly scared of the huge sums of cash he was not able to spend securely and burned the money in his dacha, carefully saving the rubber-band rings (which turned out to be West-German) for kitchen purposes (for closing jelly jars, AFAIR). He was far more comfortable with immediate reward in goods, because in the USSR money couldn't buy everything, but a lot of unaccounted-for cash was quite dangerous to have.
It is a very often overlooked aspect of secure communication channels that they need to be reliable and available. There is a large number of supposedly secure systems full of various alarm- and self-destruction mechanisms which are relatively easily triggered. These are most efficiently defeated by DoS attatcks, followed by attacking the less secure alternatives to which the frustrated users are resorting.
As for keyboard sniffing, I attended a very entertaining lecture about various means of surveillance, where it was demonstrated that keystrokes are practically impossible to conceal: it's electromagnetic ratiation, acoustic noise, mechanical waves travelling through the building (yepp, a pick-up microphone attached to the wall in the basement can perfectly "hear" keystrokes in a seventh-floor office) and other impulse-like (and hence very wide-spectrum) signals. It was said that "the israelis" (witout further qualification) trained people to type on custom-layout keyboards whose layout changed regularly and was kept a deep secret. It's actually more than a simple substitution cipher, as the patterns of typing (delays between keystrokes) are also messed up, and it was claimed to be resistant to statistical attacks for about two weeks of typing, when the layout was changed. Now, my cousine worked as a programmer for the israeli air force, but the stories she told me indicated, as she put it that airforce IT was a complete mess and the only reason it didn't matter was because the arabs were in an even bigger mess. Not only didn't they have special keyboards, but they had virus problems, self-installed software, etc. on regular windows boxen. But I guess, the story was about some other "israelis".
Posted by: Daniel A. Nagy at September 11, 2005 04:54 PMOh, we had a far better toy than this RAFTER device on the eastern side of the iron curtain. :-)
In my fourth year at the Technical University of Budapest in 1998, when studiing directional antenna design, our prof showed us a very detailed map of Budapest from 1983 with red dots all over it. As he explained, these were the locations at which people listened to RFE (US Congress-sponsored propaganda-radio), collected by three vans roaming the city, using the same effect (LO emissions). I had no reason to doubt the accuracy of the map, for our apartment did have a nice red dot over it and indeed, my dad regularly listened to RFE.
The complete scanning of the city took two or three days depending on the traffic conditions, and was repeated at regular intervals.
Our prof proudly showed us that he is NOT on the map, because he hacked up a symmetric mixer (with a transformer tapped in the middle) so that his LO didn't emit back through the receiver antenna.
Also, it is worth noting that the radiation from LOs is regularly used by marketers to assess the numbers of viewers of certain television programs. It works both for cable and regular TV. It is very easy to determine who is watching what channel and it is far cheaper and far more reliable than surveys.
Posted by: Daniel A. Nagy at September 11, 2005 05:07 PM