Introduction to Electromagnetic Information Security

With the rising importance of information security, the necessity of implementing better security measures in the physical layer as well as the upper layers is becoming increasing apparent. Given the development of more accurate and less expensive measurement devices, highperformance computers, and larger storage devices, the threat of advanced attacks at the physical level has expanded from the military and governmental spheres to commercial products. In this paper, we review the issue of information security degradation through electromagnetic (EM)-based compromising of security measures in the physical layer (i.e., EM information security). Owing to the invisibility of EM radiation, such attacks can be serious threats. We first introduce the mechanism of information leakage through EM radiation and interference and then present possible countermeasures. Finally, we explain the latest research and standardization trends related to EM information security. key words: EM information security, TEMPEST, side-channel attacks, fault analysis, hardware Trojan horse, electromagnetic compatibility

[1]  Swarup Bhunia,et al.  Towards Trojan-Free Trusted ICs: Problem Analysis and Detection Scheme , 2008, 2008 Design, Automation and Test in Europe.

[2]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[3]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[4]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[5]  Daisuke Suzuki,et al.  On Measurable Side-Channel Leaks Inside ASIC Design Primitives , 2013, CHES.

[6]  W. V. Eck Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? , 1996 .

[7]  W.A. Radasky,et al.  Introduction to the special issue on high-power electromagnetics (HPEM) and intentional electromagnetic interference (IEMI) , 2004, IEEE Transactions on Electromagnetic Compatibility.

[8]  Roman Novak,et al.  SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation , 2002, Public Key Cryptography.

[9]  William Radasky,et al.  Fear of frying electromagnetic weapons threaten our data networks. Here's how to stop them , 2014, IEEE Spectrum.

[10]  Cliff Wang,et al.  Introduction to Hardware Security and Trust , 2011 .

[11]  M. Kinugawa,et al.  The effects of PS/2 keyboard setup on a conductive table on electromagnetic information leakages , 2012, 2012 Proceedings of SICE Annual Conference (SICE).

[12]  Adi Shamir,et al.  Collision-Based Power Analysis of Modular Exponentiation Using Chosen-Message Pairs , 2008, CHES.

[13]  Eric Peeters,et al.  Power and electromagnetic analysis: Improved model, consequences and comparisons , 2007, Integr..

[14]  Swarup Bhunia,et al.  Introduction to Hardware Security , 2019 .

[15]  H. Sekiguchi,et al.  Study on Maximum Receivable Distance for Radiated Emission of Information Technology Equipment Causing Information Leakage , 2013, IEEE Transactions on Electromagnetic Compatibility.

[16]  C. Kasmi,et al.  IEMI Threats for Information Security: Remote Command Injection on Modern Smartphones , 2015, IEEE Transactions on Electromagnetic Compatibility.

[17]  Markus G. Kuhn,et al.  Electromagnetic Eavesdropping Risks of Flat-Panel Displays , 2004, Privacy Enhancing Technologies.

[18]  Yu-ichi Hayashi,et al.  Design Methodology and Validity Verification for a Reactive Countermeasure Against EM Attacks , 2015, Journal of Cryptology.

[19]  Martin Vuagnoux,et al.  Compromising Electromagnetic Emanations of Wired and Wireless Keyboards , 2009, USENIX Security Symposium.

[20]  Martin Vuagnoux,et al.  An improved technique to discover compromising electromagnetic emanations , 2010, 2010 IEEE International Symposium on Electromagnetic Compatibility.

[21]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[22]  Philippe Maurine Techniques for EM Fault Injection: Equipments and Experimental Results , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[23]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[24]  Yang Li,et al.  A Silicon-Level Countermeasure Against Fault Sensitivity Analysis and Its Evaluation , 2015, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[25]  Stefan Mangard,et al.  Power and EM Attacks on Passive 13.56 MHz RFID Devices , 2007, CHES.

[26]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[27]  Sylvain Guilley,et al.  Hardware Trojan Horses in Cryptographic IP Cores , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[28]  Wenyuan Xu,et al.  Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors , 2013, 2013 IEEE Symposium on Security and Privacy.

[29]  Christof Paar,et al.  A Collision-Attack on AES: Combining Side Channel- and Differential-Attack , 2004, CHES.

[30]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[31]  Çetin Kaya Koç,et al.  About Cryptographic Engineering , 2008, Cryptographic Engineering.

[32]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[33]  Christof Paar,et al.  Side-Channel Analysis of Cryptographic RFIDs with Analog Demodulation , 2011, RFIDSec.

[34]  Y. Hayashi,et al.  Analysis of Electromagnetic Information Leakage From Cryptographic Devices With Different Physical Structures , 2013, IEEE Transactions on Electromagnetic Compatibility.

[35]  Jong-Gwan Yook,et al.  Modeling of Leaked Digital Video Signal and Information Recovery Rate as a Function of SNR , 2015, IEEE Transactions on Electromagnetic Compatibility.

[36]  Yu-ichi Hayashi,et al.  Study on Information Leakage of Input Key due to Frequency Fluctuation of RC Oscillator in Keyboard , 2013, IEICE Trans. Commun..

[37]  Christos A. Papachristou,et al.  MERO: A Statistical Approach for Hardware Trojan Detection , 2009, CHES.

[38]  Daniel Genkin,et al.  Get your hands off my laptop: physical side-channel key-extraction attacks on PCs , 2015, Journal of Cryptographic Engineering.

[39]  Daisuke Suzuki,et al.  Random Switching Logic: A New Countermeasure against DPA and Second-Order DPA at the Logic Level , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[40]  T.H. Hubing,et al.  Model for estimating radiated emissions from a printed circuit board with attached cables due to Voltage-driven sources , 2005, IEEE Transactions on Electromagnetic Compatibility.

[41]  Christof Paar,et al.  MOLES: Malicious off-chip leakage enabled by side-channels , 2009, 2009 IEEE/ACM International Conference on Computer-Aided Design - Digest of Technical Papers.

[42]  Zheng Gong,et al.  Hardware Trojan Side-Channels Based on Physical Unclonable Functions , 2011, WISTP.

[43]  Ingrid Verbauwhede,et al.  Electromagnetic circuit fingerprints for Hardware Trojan detection , 2015, 2015 IEEE International Symposium on Electromagnetic Compatibility (EMC).

[44]  Hidenori Sekiguchi,et al.  Information leakage of input operation on touch screen monitors caused by electromagnetic noise , 2010, 2010 IEEE International Symposium on Electromagnetic Compatibility.

[45]  Tetsushi Watanabe,et al.  Common-Mode-Current Generation Caused by Difference of Unbalance of Transmission Lines on a Printed Circuit Board with Narrow Ground Pattern , 2000 .

[46]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[47]  Susmit Jha,et al.  Randomization Based Probabilistic Approach to Detect Trojan Circuits , 2008, 2008 11th IEEE High Assurance Systems Engineering Symposium.

[48]  Takashi Watanabe,et al.  Countermeasure for electromagnetic screen image leakage based on color mixing in human brain , 2010, 2010 IEEE International Symposium on Electromagnetic Compatibility.

[49]  Philippe Maurine,et al.  An Embedded Digital Sensor against EM and BB Fault Injection , 2016, 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[50]  Mark Mohammad Tehranipoor,et al.  Power supply signal calibration techniques for improving detection resolution to hardware Trojans , 2008, 2008 IEEE/ACM International Conference on Computer-Aided Design.

[51]  Christos Christopoulos,et al.  Introduction to Electromagnetic Compatibility , 2007 .

[52]  Dennis Sylvester,et al.  A2: Analog Malicious Hardware , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[53]  Y. Hayashi,et al.  Transient IEMI Threats for Cryptographic Devices , 2013, IEEE Transactions on Electromagnetic Compatibility.

[54]  Patrick Schaumont,et al.  Prototype IC with WDDL and Differential Routing - DPA Resistance Assessment , 2005, CHES.

[55]  Markus G. Kuhn,et al.  Optical time-domain eavesdropping risks of CRT displays , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[56]  H. Sekiguchi,et al.  Proposal of an Information Signal Measurement Method in Display Image Contained in Electromagnetic Noise Emanated from a Personal Computer , 2008, 2008 IEEE Instrumentation and Measurement Technology Conference.

[57]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[58]  KoushanfarFarinaz,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010 .

[59]  Y. Yamanaka,et al.  Method for Determining Whether or Not Information is Contained in Electromagnetic Disturbance Radiated From a PC Display , 2011, IEEE Transactions on Electromagnetic Compatibility.

[60]  C. Paul Introduction to electromagnetic compatibility , 2005 .

[61]  Y. Hayashi,et al.  Efficient Evaluation of EM Radiation Associated With Information Leakage From Cryptographic Devices , 2013, IEEE Transactions on Electromagnetic Compatibility.

[62]  Markus G. Kuhn Security Limits for Compromising Emanations , 2005, CHES.

[63]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[64]  Akashi Satoh,et al.  Chosen-message SPA attacks against FPGA-based RSA hardware implementations , 2008, 2008 International Conference on Field Programmable Logic and Applications.

[65]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[66]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[67]  Yu-ichi Hayashi,et al.  Integrated-circuit countermeasures against information leakage through EM radiation , 2014, 2014 IEEE International Symposium on Electromagnetic Compatibility (EMC).

[68]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[69]  John D. Villasenor,et al.  A System-On-Chip Bus Architecture for Thwarting Integrated Circuit Trojan Horses , 2011, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[70]  Mark Mohammad Tehranipoor,et al.  Sensitivity analysis to hardware Trojans using power supply transient signals , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[71]  Markus G. Kuhn,et al.  Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations , 1998, Information Hiding.

[72]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[73]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[74]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[75]  Yiorgos Makris,et al.  Experiences in Hardware Trojan design and implementation , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[76]  Y. Yamanaka,et al.  Feasibility study for reconstruction of information from near field observations of the magnetic field of laser printer , 2006, 2006 17th International Zurich Symposium on Electromagnetic Compatibility.

[77]  Makoto Nagata,et al.  Enhancing reactive countermeasure against EM attacks with low overhead , 2017, 2017 IEEE International Symposium on Electromagnetic Compatibility & Signal/Power Integrity (EMCSI).

[78]  Milos Prvulovic,et al.  Experimental Demonstration of Electromagnetic Information Leakage From Modern Processor-Memory Systems , 2014, IEEE Transactions on Electromagnetic Compatibility.

[79]  Michael S. Hsiao,et al.  A region based approach for the identification of hardware Trojans , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[80]  Christof Paar,et al.  EM Side-Channel Attacks on Commercial Contactless Smartcards Using Low-Cost Equipment , 2009, WISA.

[81]  John Clark,et al.  Risks associated with USB Hardware Trojan devices used by insiders , 2011, 2011 IEEE International Systems Conference.

[82]  Yu-ichi Hayashi,et al.  A Threat for Tablet PCs in Public Space: Remote Visualization of Screen Images Using EM Emanation , 2014, CCS.

[83]  Markus G. Kuhn,et al.  Compromising Emanations , 2002, Encyclopedia of Cryptography and Security.

[84]  M. G. Kuhn,et al.  Compromising emanations of LCD TV sets , 2011, 2011 IEEE International Symposium on Electromagnetic Compatibility.