Screen_reading_Electromagnetic_informati (1)

.pdf

School

Boston University *

*We aren’t endorsed by this school

Course

MISC

Subject

Electrical Engineering

Date

Oct 30, 2023

Type

pdf

Pages

Uploaded by CommodoreDangerArmadillo27

836 VOJNOTEHNIČKI GLASNIK / MILITARY TECHNICAL COURIER, 2022, Vol. 70, Issue 4 SCREEN READING: ELECTROMAGNETIC INFORMATION LEAKAGE FROM THE COMPUTER MONITOR Milena M. Grdović a , Danijela D. Protić b , Vladimir D. Antić c , Boriša Ž. Jovanović d Serbian Armed Forces, General Staff, Telecommunications and Information Security Directorate (J-6), Centre for Applied Mathematics and Electronics, Belgrade, Republic of Serbia a e-mail: milena.grdovic@gmail.com, ORCID iD: https://orcid.org/0000-0003-4310-7935 b e-mail: danijelaprotic318@gmail.com, corresponding author ; ORCID iD: https://orcid.org/0000-0003-0827-2863 c e-mail: vladimirantic2013@gmail.com, ORCID iD: https://orcid.org/0000-0001-9843-0743 d e-mail: borisa.jovanovic@vs.rs, ORCID iD: https://orcid.org/0000-0002-9353-724X DOI: 10.5937/vojtehg70-38930; https://doi.org/10.5937/vojtehg70-38930 FIELD: Computer sciences, Electronics, Telecommunications, Mechanical engineering ARTICLE TYPE: Original scientific paper Abstract: Introduction/purpose: The security of systems can be jeopardized by compromising emanations. This paper provides an overview of computer screen attacks. New technologies can be used to exfiltrate sensitive data from computer screens. Emission security is the prevention of electromagnetic signal attacks that are conducted or radiated. Methods: This paper examines the impact of a side-channel attack that intercepts compromised information from a computer screen. The leakage of electromagnetic data is also explained. Software-defined radios are described to explain malicious attacks on computer monitors. Results: The source of the electromagnetic signal determines the nature of the side-channel information they carry. The most well-known issue associated with revealing emissions is the possibility of intercepting visual information displayed on computer monitors. Conclusion: Visual data displayed on computer monitors could be intercepted by a software-defined radio which can digitize the desired frequency spectrum directly from an antenna, present it to a digital signal processor, and output it to an application for revealing sensitive data. A

837 Grdović, M. et al, Screen reading: electromagnetic information leakage from the computer monitor, pp.836-855 variety of countermeasures, such as shielding, zoning, soft TEMPEST, and similar techniques, can be used to prevent data leakage. Key words: electromagnetic emission, information leakage, computer monitor. Introduction In recent years, new technologies have made it possible to exfiltrate sensitive data from a computer by monitoring the computer screen in a variety of novel ways that do not require network connectivity or physically contacting devices via the invisible channel determined by the computer screen. Because the user does not have a visual perception of what is happening, malware on the compromised computer can obtain sensitive data such as files, images, or passwords. The prevention of attacks using electromagnetic (EM) signals that are either conducted or radiated is referred to as emission security. By formulating that "changing electrical currents induce changing magnetic fields, which induce changing currents and induce a changing magnetic field that propagates as an EM wave through surrounding space," Oersted, Faraday, and Henry discovered the physics of EM emanation (Rowe, 2006). This field can be picked up by nearby electrical conductors and, through EM interference, can impede the operation of other electromagnetic devices. As a result, an antenna with an amplifier can pick up some signal from a computer and reconstruct generated electrical signals (Rowe, 2006). Military and commercial organizations are very concerned about the Transient Electro Magnetic Pulse Emanation Standard (TEMPEST) defence which prevents the stray EM pulses emitted by computers and other electronic devices from being picked up and used to reconstruct the sensitive data (Markagi ć , 2018, pp.143-153). TEMPEST has recently become a commercial issue for electronic voting machines and smart cards used for digital signatures. Side-channel attacks refer to a variety of attacks that take advantage of optical, thermal and acoustic emanations from the equipment. This happens when information leaks through a channel that is not intended for communication. Electromagnetic eavesdropping attacks can cause a computer to emit a stronger signal than usual and modulate the signal so that it can pass through the firewall. Electromagnetic compatibility (EMC) and radio frequency interference (RFI) are closely related to EM security measures. All emission security issues are expected to worsen as more devices connect to wireless networks and processor speeds increase into the gigahertz range. There are two types of electromagnetic attacks that are not mutually exclusive:

838 VOJNOTEHNIČKI GLASNIK / MILITARY TECHNICAL COURIER, 2022, Vol. 70, Issue 4 1) when the signal is transmitted over a circuit such as a power line or phone line, it is known as Highjack and 2) when the signal is transmitted as radio frequency (RF) energy, it is known as TEMPEST. Properly shielded equipment is typically limited in quantity and designed specifically for defence markets, making it extremely expensive. The operating rooms must also be properly filtered. Screen signals can be found in a variety of locations across computer networks. These signals may contain multiple harmonics, some of which radiate more effectively than others, owing to the designed equipment being certified to not emit any signals beyond a certain distance. Spying on the surface of a screen with a powerful telescope is a very basic approach to spying on the content displayed on it (Lavaud et al, 2021). Khun (2002), Backes et al (2008), and Backes et al (2009), on the other hand, describe several more efficient ways to attack computer monitor content. Computer monitors leak electromagnetic information as a result of three key factors used to reproduce video images: (1) refresh rate, (2) horizontal frequency, and (3) pixel frequency, which is the display principle (Mao et al, 2017). One method for estimating the risk of information leakage is to use multi-resolution spectrum analysis to distinguish and match the spectrum interval from the radiated EM signals. This paper investigates the impact of how a side-channel attack causes compromised information to be taken from a computer screen. This paper also discusses the leakage of electromagnetic information from computer screens. To explain potential malicious attacks on computer monitors, software-defined radios (SDRs) are described. Side-channel attacks The security of a cryptosystem (cryptographic algorithms and protocols, cryptographic keys, and cryptographic devices used for implementation) is dependent on more than just using robust algorithms and parameters, certified protocols, and cryptographic keys that are long enough. Physical attacks on a system can also be used to compromise it. Side-channel attacks are generally physical attacks in which malicious parties extract confidential and protected data by observing how systems physically behave (Barthe et al, 2018). These attacks use the dependency between secret information used in the cryptosystem and physical values measured on/around the cryptosystem (e.g. power consumption, electromagnetic radiation, timing information) to break a system (Mangard et al, 2007). Table 1 depicts the classification of side-channel emanation (Lavaud et al, 2021). Each side-channel attack seeks to exploit an

839 Grdović, M. et al, Screen reading: electromagnetic information leakage from the computer monitor, pp.836-855 unintentional emission. As a result, the subject of side-channel attacks covers a broad range of techniques (Sayakkara et al, 2018). Side-channel information sources, such as EM emanations from a chip (Agrawal et al, 2003) and timings for various operations performed (Kocher, 1996, pp.104-113) have also been demonstrated to be exploitable (Mangard et al, 2007). Hayashi et al (2014, pp.954-965) conducted a thorough examination of EM emanations from a chip in-depth, including countermeasures. Their primary focus, however, was on recovering sensitive information from inside the computer systems (cryptographic keys, not-the-screen content). Kinugawa et al (2019, pp.62-90) demonstrate how to increase the EM leakage with a (cheap) hardware modification added to potentially any device and spread the attack over a greater distance. The authors show that the additional circuitry (interceptor) increases leakage and forces leakage in devices that are not susceptible to EM leakage. Table 1 – Side channel emanation Таблица 1 – Утечка по стороннему каналу Табела 1 – Еманација успед споредних ефеката SIDE-CHANNEL EMANATION Power line Keyboard Internal components Cryptosystems Sound Speakers Internal components External components Light Status LED Internal components Screens Electromagnetic Radio radiation Forced broadcast Goller & Sigl (2015, pp.255-270) proposed to perform side-channel attacks on smartphones using standard radio equipment. The authors also show the ability to distinguish between squaring and multiplications. This discovery may result in the complete recovery of the Rivest, Shamir, and Adelman (RSA) key (Jonsson & Kaliski, 2003). Their setup gathered electromagnetic leaks from an Android phone. Genkin et al (2015, pp.95- 112), and Genkin et al (2019, pp.853-869) present the extraction of cryptographic keys such as RSA or ElGamal from laptops using various side channels such as power and EM radiation (Will & Ko, 2015). Furthermore, an adversary may be able to monitor a device’s power

840 VOJNOTEHNIČKI GLASNIK / MILITARY TECHNICAL COURIER, 2022, Vol. 70, Issue 4 consumption while it performs secret key operations (Kocher et al, 2011, pp.5-27). Acoustic emanation from various computer system components can be used to exfiltrate data. Genkin et al (2014, pp.444-461) demonstrated that, by listening for acoustic emanation, it is possible to distinguish between CPU operations, resulting in an attack on an RSA algorithm encryption key. Fenkin et al (2019) show how to extract screen content using the acoustic side channel. Microphones can pick up sound from webcams or screens and transmit it during a video conference call or archived recordings. Berger et al (2006, pp.245 – 254) demonstrated a dictionary attack using keyboard acoustic emanation. Backes et al (2010) investigated acoustic side channels in printers. Asonov and Agrawal (2004) used the sound emitted by different keys to recover information typed on a keyboard. The contribution of Liu et al (2021, pp.1-15) is a side- channel attack analysis that exploits the EM emanations of the display cable from a mobile phone. These signals are more difficult to obtain and may be significantly weaker than those examined in more traditional TEMPEST technique attacks. TEMPEST is a side-channel technique for spying on computer systems via unintentional radio or electrical signals, sounds, and vibrations (Kuhn & Anderson, 1998, pp.124-142). The possibility of intercepting visual information displayed on an electronic device screen is the most well-known issue associated with EM revealing emissions. Van Eck (1985, pp.269-286) is the first to present an unclassified analysis of the feasibility and security risks of computer monitor emanations. He was able to listen in on a real system from hundreds of meters away by measuring electromagnetic emanations with only $15 in equipment and a Cathode-Ray Tube (CRT) television set. Side-channel attacks have a variety of countermeasures because they are among the most serious threats to embedded crypto devices and frequently target the secret (cryptographic) key in a device that secures sensitive data. The countermeasures' primary goal is to eliminate reliance on sensitive data and the side channel. One method attempts to separate the actual data processed by the device from the data on which the computation is performed (masking) (Prouff & Rivian, 2013, pp.142-159). Another approach attempts to separate the device's computed data from the power consumed by the computations (hiding). One of the countermeasures is also flattening the power consumption of a device. Hardware-based countermeasures propose microarchitecture-based solutions such as providing hardware support for advanced encryption standard (AES) instructions or making caches security-sensitive. Hardware countermeasures are effective, but they can be difficult to implement. In contrast, software countermeasures are simple to

841 Grdović, M. et al, Screen reading: electromagnetic information leakage from the computer monitor, pp.836-855 implement solutions that can be implemented at the program language level (secure programming guidelines, program transformations). They can also be supported by strict enforcement methods (Bernstein, 2005; Molonar et al, 2005; Barthe et al, 2018). Electromagnetic information leakage from the computer monitor EM radiation is the underlying technology for wireless communication, and it is selected based on the distance to be covered, data throughput rate, signal frequency, amount of bandwidth required, modulation technique, power of the transmitted signal, and other factors (Sayakkara et al, 2018). Although wireless communication devices are designed to generate EM radiation at the appropriate frequency and amplitude for the communication technology, as a by-product of their internal operations, these devices also generate EM radiation at unintended frequencies (Genkin et al, 2014, pp.444-461). Unintentional EM emissions from computers can be caused by a variety of factors. The source of each EM signal determines the nature of these EM signals as well as the type of side-channel information they carry. The possibility of intercepting visual information displayed on computer monitors is the most well-known issue associated with the issue of EM revealing emissions. Van Eck (1985, pp.269-286) demonstrated a modified television set that was capable of capturing and visualizing video streams displayed on a nearby television screen. To transmit video data to computer monitors, various protocols are used, necessitating more flexibility than a dedicated hardware-based attack. This article was about CRT monitors. It should be noted that liquid- crystal displays (LCD), which are common output components of computers and currently dominate the market, are not immune to this threat because they are equipped with digital video data (DVD) transmission interfaces. This is not the case, because digital signals, like analogue signals, are susceptible to electromagnetic infiltration and enable non-invasive data acquisition. There is a risk of eavesdropping on the leaked signal because the leakage of the displayed information is quite high. In 2002, Kuhn expands on this eavesdropping concept by conducting an analysis of EM side-channel eavesdropping on modern video display technologies (Kuhn, 2002, pp.3-18). This study employs RF acquisition hardware with fast sampling rates to monitor EM emissions from computer displays. Sekiguchi (2010, pp.127-131) describes receiving EM noise and reconstructing a display image on a touch screen monitor on a personal computer. The experimental results showed that the reconstructed display image can recognize the image of the touched button on the touch screen

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version