Side channel attacks usually call up timing attacks and electromagnetic (TEMPEST) attacks. But there are different, less and more exotic, forms. I recount two amusing stories that Adi Shamir told during an invited talk in early 2011 at the Computer Security course at Collège de France (Paris).

1) The first story was about ultrasonic waves. Adi and one of his student bought an ultrasonic microphone, like the ones used to study bats. They recorded the sonic spectrum up to 48Khz near a computer performing RSA encryption and looked at graphs like that . They were amazed by the fact that patterns appeared, but they wanted be sure that they were picking real ultrasonic sound and not electromagnetic noise of the PC (or surrounding equipement) and so they tested against the muffled (soundproofed) microphone. Indeed it was real ultrasonic noise. Ultrasonic sound was not particularly disturbed by the PC fans and background sound. So they wrote an assembly test program and were able to match ultrasonic patterns with actual CPU operations: From there, they were able to break RSA by knowing the CPU operations performed during encryption. So the last question was: where does this ultrasonic noise, highly correlated with CPU operations, comes from? They found it came from (1500 μF) capacitors designed to smooth the power delivered to the CPU which two plates were vibrating (Piezo effect) differently depending on the instant power consumption of the CPU. How did they found that? By applying “Quick-Freeze” (-48ºC) spray to various part of the motherboard/CPU! So it all boiled down to a power analysis attack.

2) The second story was about USB devices. Basically, they plugged a very precise voltmeter into an USB port and started recording the very small variations between 4.999V and 5V. With the same assembly-test-program-pattern-matching approach, they broke RSA again. Better yet, they cut off the USB power from the OS USB controls, and they were able to perform exactly the same side channel attack through residual power in the USB port. It seems the only solution is either not have USB ports, or physically disable their +5V power output by short-circuiting them and so blowing their specific fuses.

References:
– Invited talk of Adi Shamir part of the Computer Security 2011 course by Martin Abadi at Collège de France (Paris)
– http://tau.ac.il/~tromer/acoustic/
– http://www.lsec.be/upload_directories/documents/AdiShamir.pdf
– it all boils down to http://en.wikipedia.org/wiki/Power_analysis