Visible to the public Biblio

Filters: Keyword is electromagnetic  [Clear All Filters]
Guri, Mordechai.  2021.  LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables Emission. 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC). :745–754.
In this paper we present LANTENNA - a new type of an electromagnetic attack allowing adversaries to leak sensitive data from isolated, air-gapped networks. Malicious code in air-gapped computers gathers sensitive data and then encodes it over radio waves emanated from Ethernet cables. A nearby receiving device can intercept the signals wirelessly, decodes the data and sends it to the attacker. We discuss the exiltration techniques, examine the covert channel characteristics, and provide implementation details. Notably, the malicious code can run in an ordinary user mode process, and can successfully operates from within a virtual machine. We evaluate the covert channel in different scenarios and present a set of of countermeasures. Our experiments show that with the LANTENNA attack, data can be exfiltrated from air-gapped computers to a distance of several meters away.
Wang, Chenguang, Cai, Yici, Wang, Haoyi, Zhou, Qiang.  2018.  Electromagnetic Equalizer: An Active Countermeasure Against EM Side-Channel Attack. Proceedings of the International Conference on Computer-Aided Design. :112:1-112:8.

Electromagnetic (EM) analysis is to reveal the secret information by analyzing the EM emission from a cryptographic device. EM analysis (EMA) attack is emerging as a serious threat to hardware security. It has been noted that the on-chip power grid (PG) has a security implication on EMA attack by affecting the fluctuations of supply current. However, there is little study on exploiting this intrinsic property as an active countermeasure against EMA. In this paper, we investigate the effect of PG on EM emission and propose an active countermeasure against EMA, i.e. EM Equalizer (EME). By adjusting the PG impedance, the current waveform can be flattened, equalizing the EM profile. Therefore, the correlation between secret data and EM emission is significantly reduced. As a first attempt to the co-optimization for power and EM security, we extend the EME method by fixing the vulnerability of power analysis. To verify the EME method, several cryptographic designs are implemented. The measurement to disclose (MTD) is improved by 1138x with area and power overheads of 0.62% and 1.36%, respectively.

Frieslaar, Ibraheem, Irwin, Barry.  2017.  Investigating the Utilization of the Secure Hash Algorithm to Generate Electromagnetic Noise. Proceedings of the 9th International Conference on Signal Processing Systems. :164–169.
This research introduces an electromagnetic (EM) noise generator known as the FRIES noise generator to mitigate and obfuscate Side Channel Analysis (SCA) attacks against a Raspberry Pi. The FRIES noise generator utilizes the implementation of the Secure Hash Algorithm (SHA) from OpenSSL to generate white noise within the EM spectrum. This research further contributes to the body of knowledge by demonstrating that the SHA implementation of libcrypto++ and OpenSSL had different EM signatures. It was further revealed that as a more secure implementation of the SHA was executed additional data lines were used, resulting in increased EM emissions. It was demonstrated that the OpenSSL implementations of the SHA was more optimized as opposed to the libcrypto++ implementation by utilizing less resources and not leaving the device in a bottleneck. The FRIES daemon added noise to the EM leakage which prevents the visual location of the AES-128 cryptographic implementation. Finally, the cross-correlation test demonstrated that the EM features of the AES-128 algorithm was not detected within the FRIES noise.
Frieslaar, Ibraheem, Irwin, Barry.  2017.  Investigating the Effects Various Compilers Have on the Electromagnetic Signature of a Cryptographic Executable. Proceedings of the South African Institute of Computer Scientists and Information Technologists. :15:1–15:10.

This research investigates changes in the electromagnetic (EM) signatures of a cryptographic binary executable based on compile-time parameters to the GNU and clang compilers. The source code was compiled and executed on a Raspberry Pi 2, which utilizes the ARMv7 CPU. Various optimization flags are enabled at compile-time and the output of the binary executable's EM signatures are captured at run-time. It is demonstrated that GNU and clang compilers produced different EM signature on program execution. The results indicated while utilizing the O3 optimization flag, the EM signature of the program changes. Additionally, the g++ compiler demonstrated fewer instructions were required to run the executable; this related to fewer EM emissions leaked. The EM data from the various compilers under different optimization levels was used as input data for a correlation power analysis attack. The results indicated that partial AES-128 encryption keys was possible. In addition, the fewest subkeys recovered was when the clang compiler was used with level O2 optimization. Finally, the research was able to recover 15 of 16 AES-128 cryptographic algorithm's subkeys, from the the Pi.