from Electronic Devices Using Interceptor, Its Countermeasure - - PowerPoint PPT Presentation

from electronic devices using interceptor
SMART_READER_LITE
LIVE PREVIEW

from Electronic Devices Using Interceptor, Its Countermeasure - - PowerPoint PPT Presentation

Oct 05, 2023 27 likes •382 views

August 26 th , 2019 CHES, Atlanta, U.S Electromagnetic Information Extortion from Electronic Devices Using Interceptor, Its Countermeasure Masahiro Analog Kinugawa Daisuke Digital Fujimoto Yuichi EM EM Hayashi 1 Conventional EM information

slide-1
SLIDE 1

Masahiro Analog Kinugawa Daisuke Digital Fujimoto Yuichi EM EM Hayashi

Electromagnetic Information Extortion from Electronic Devices Using Interceptor, Its Countermeasure

August 26th, 2019 CHES, Atlanta, U.S

1

slide-2
SLIDE 2

Conventional EM information leakage threat

2

slide-3
SLIDE 3

Demo

3

  • Y. Hayashi, et al. “A Threat for Tablet PCs in Public Space: Remote Visualization
  • f Screen Images Using EM Emanation, " 21st ACM CCS

https://youtu.be/nL2wM-4xRkI https://youtu.be/FHaKnzb--a8

slide-4
SLIDE 4

Targets of EM information leakage

4

Cryptographic modules Keyboards Touch screen devices

Touch Panel of ATM Desktop/Laptop PC Display (CRT/LCD) Printer

www.panasonic.co.jp www.nec.co.jp

slide-5
SLIDE 5

Is the EM attack feasible against every electrical device?

5

Devices with information leakage caused by unintentional EM emission

In conventional attacks, attackers focused on devices with unintentional EM

  • emission. So, devices without EM emission had been out of the scope of threats.

Leak-free devices without EM emission

slide-6
SLIDE 6

6

EM information extortion from electronic devices using interceptor

slide-7
SLIDE 7

Threats against potentially leak-free devices

7

slide-8
SLIDE 8

Threats against potentially leak-free devices

8

slide-9
SLIDE 9

Threats against potentially leak-free devices

9

slide-10
SLIDE 10

Threats against potentially leak-free devices

10

Using interceptor, active/passive attack, there is the possibility that information can be leaked from potentially leak-free devices.

slide-11
SLIDE 11

11

Operation principle of interceptor installed on peripheral circuits of IC and transmission line

slide-12
SLIDE 12

Concept of interceptor

12

https://www.bloomberg.com/news/

Interceptor

slide-13
SLIDE 13

Function of interceptor

13

 The acquisition of information is made possible by forcibly

causing leakage from devices

 Leakage is only measurable from a distance during the

irradiation of EM waves from devices, and the range of leakage is adjustable by the irradiation intensity

 Interceptors cover both analog and digital signals  Interceptors emanate information from unintended antenna

structures

 Signals leaked by the interceptor retain the original shape,

and this waveform can be measured (Conventional TEMPEST measures the differentiated shape of the original signal)

slide-14
SLIDE 14

Installation of interceptor

14

slide-15
SLIDE 15

Information leakage caused by interceptor installed on peripheral circuits of IC and transmission line

15

slide-16
SLIDE 16

Information leakage caused by interceptor installed on peripheral circuits of IC and transmission line

16

slide-17
SLIDE 17

Information leakage caused by interceptor installed on peripheral circuits of IC and transmission line

17

slide-18
SLIDE 18

Information leakage caused by interceptor installed on peripheral circuits of IC and transmission line

18

slide-19
SLIDE 19

Selection of MOSFETs matching the target signal

19

This selection can be determined by the frequency and voltage of the target signal. MOSFET is the core component

  • f interceptor.
slide-20
SLIDE 20

20

EM leakage from a display

slide-21
SLIDE 21

Target signal

21

Targeted signal line

slide-22
SLIDE 22

Installation of Interceptor

22

Circuit configuration of interceptor

slide-23
SLIDE 23

Demo

23

https://youtu.be/yFVdnhb28bo

slide-24
SLIDE 24

Experimental system components and layout

24

Stationary setup Portable setup

slide-25
SLIDE 25

Demo

25

slide-26
SLIDE 26

Leakage control by EM irradiation strength

26

0 dBm 10 dBm 20 dBm 30 dBm

EM irradiation strength

slide-27
SLIDE 27

27

EM leakage from a smart speaker

slide-28
SLIDE 28

Interceptor installation against smart speaker

28

Smart speakers always pick up ambient sounds, so attacker can monitor the surrounding sounds of smart speakers by observing EM leakage.

slide-29
SLIDE 29

Demo

29

slide-30
SLIDE 30

30

EM leakage from a cryptographic module

slide-31
SLIDE 31

Interceptor installation against crypt module (RSA)

31

slide-32
SLIDE 32

EM leakage signal from crypt module (RSA)

32

Change of internal signal at key input (original) Observed leakage signal without EM injection Observed leakage signal with EM injection (5 m)

slide-33
SLIDE 33

33

Detection method of interceptor

slide-34
SLIDE 34

Interceptor detection using passive sensing

34

slide-35
SLIDE 35

Conclusion

35

Some devices have weak EM emission and potentially leak free. So, these devices have been excluded from this kind of threats in conventional EM attacks. In addition, we showed the interceptors have the potential to be detected by passive or active sensing methods. It was shown that interceptors can cause information leakage from potentially leak-free devices forcibly. It was also shown that the timing, distance, and intensity of leakage can be controlled by using interceptors.