Apparatus for picking-up the electromagnetic signal
______________________________________________
Any computer during work creates an electromagnetic field, whose spectral components vary slightly depending on the operations being performed by the device. These laws of physics are the basis for the attack on electromagnetic radiation representative of the class of side channel attacks. Information about the physical processes in the device can be enough to restore the value of the bits in memory.
_______________________________________________
Scanning electromagnetic radiation of a PC to capture passwords has been done, there is nothing new. But previously, this was used lot of expensive and bulky equipment. Now the threat has reached a new level. In principle, such an attack can be carried out even unbeknownst to the victim, just sitting near a PC with a small "bug" in the pocket (pictured above).
________________________________________________
Researchers from Fox-IT demonstrated a TEMPEST attack from a distance of 1 meter, using the minimum set of equipment cost only 200 euros. To collect the necessary amount of information needed to record electromagnetic radiation for 5 minutes (distance 1 meter) or 50 seconds (a distance of 30 cm).
________________________________________________
More information about the conditions of the experiment, the authors described in the scientific work (pdf). The attack algorithm is depicted in the diagram below. It includes four phases:
- Analog measurements.
- The entry signal.
- Pre-processing.
- Analysis.
_________________________________________________
For analog measurements need an antenna with associated electronics, which will measure characteristics of the electromagnetic field, filtering the desired frequency and amplify the signal. As it turned out, surprisingly efficiently catches the signal is small and simple loop antenna, which is very easy to make from a piece of junk cable and tape.
Loop antenna
Then the signal is filtered and amplified. The researchers filtered the plot with a width of about 10 MHz clock rate (142 MHz) and amplified it using a cheap amplifier Mini Circuits production. The cost of the entire hardware — at least 200 euros.
Amplifier with filter
Before recording signal converts into digital form. To record the signal on different equipment from expensive professional equipment to budget software radio in the form of a stick 20 euros. Experiments have shown that even a cheap stick enough to record the signal for a successful attack. In other words, to carry out such an attack can not only intelligence agencies or corporations with big budgets for exploration, but absolutely all people. A lot of money here is not necessary.
__________________________________________________
During preprocessing, the program searches for sections of the signal where the encryption in the computer memory using the AES-256 key. The signal is divided into corresponding blocks. There has also been a transformation of the data for further analysis.
__________________________________________________
The illustration below shows the signal recorded radio SR-7100 in the frequency band width of 10 MHz. This signal corresponds to one block of AES-256 running on SmartFusion2 SoC. The experiment used the OpenSSL implementation of AES on ARM Cortex-M3 core. As you can see, there is a clear, clean patterns at each stage of processing. See the signal I / o data with the processor, the phase computation for the schedule of keys, and 14 rounds of encryption.
Of course, such a small fragment of the cipher does not recover. Need to save a lot of computational blocks with rounds of encryption on different input data. For the accumulation of information and required to sit near the computer for a few minutes, hiding the antenna in the pocket.
The recorded signal of electromagnetic radiation corresponds to the power consumption of the device. In turn, it correlates with the data at a specific point in time handles the processor.
In the end, analysis is performed using Riscure Inspector. The task is to search for correlations between the guesses of the key bytes and the recorded signal. That's the hardest part because you need to develop an effective model of information leakage from the computer's memory in an electromagnetic field, so that the analysis could indeed predict the bytes of the encryption key. In this case, the analysis is performed by iterating through all 256 possible values each byte of the key. The researchers write: in order to guess the correct value of each byte it only takes a few seconds (256 options per byte to 32 bytes is 8192 attempts). For comparison, a direct brute-force on AES-256 would require busting 2256 options would have continued to the end of the Universe.
So, the experts Fox-IT have managed to put together all the puzzle pieces. As far as they can tell, this is the first public demonstration of sneak attack by electromagnetic radiation at a distance. This is something to ponder for those seeking to reliably protect your computer from information leaks. For such protection it is necessary to securely shield. Maybe wrap in foil.