Characterization of the Electromagnetic Side Channel in Frequency Domain

In this article, we propose a new approach to characterize the EM leakage of electronic devices by identifying and focusing on the signals' frequencies leaking the most information. We introduce a set of tests based on cryptanalysis methods that will help vendors and users of sensitive devices to estimate the security risks due to leakage through electromagnetic emanations. We propose two approaches: an empirical one and another based on information theory. Both provide a characterization of the leakage i.e. the frequencies and the bandwidths where information is contained. These techniques are low cost, automatic, and fast as they can be performed with an oscilloscope and some softwares for the characterization. Such evaluation could also be carried out with TEMPEST. But TEMPEST evaluations require dedicated apparatus and time consuming step work that consists in scanning all the spectrum frequencies. Our approach does not substitute to regulatory TEMPEST evaluation, but nonetheless can identify the leakage with high confidence. To illustrate the relevance of our approach, we show that an online software filtering at some identified frequencies allows us to recover a key stroked in one measurement at the distance of 5 meters from the keyboard.

[1]  Simon W. Moore,et al.  Security evaluation against electromagnetic analysis at design time , 2005, Tenth IEEE International High-Level Design Validation and Test Workshop, 2005..

[2]  Catherine H. Gebotys,et al.  EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA , 2005, CHES.

[3]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[4]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[5]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[6]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[7]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[8]  François-Xavier Standaert,et al.  Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages , 2008, CHES.

[9]  W. V. Eck Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? , 1996 .

[10]  C. Gordon Bell Computer Engineering , 1998 .

[11]  Hervé Chabanne,et al.  Generalizing square attack using side-channels of an AES implementation on an FPGA , 2005, International Conference on Field Programmable Logic and Applications, 2005..

[12]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[13]  W. Rosenstiel,et al.  Correlation power analysis in frequency domain extended abstract , 2010 .

[14]  Markus G. Kuhn,et al.  Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations , 1998, Information Hiding.

[15]  Stefan Mangard,et al.  Power and EM Attacks on Passive 13.56 MHz RFID Devices , 2007, CHES.

[16]  Ingrid Verbauwhede,et al.  Cryptographic hardware and embedded systems : CHES 2007 : 9th International Workshop, Vienna, Austria, September 10-13, 2007 : proceedings , 2007 .

[17]  Markus G. Kuhn,et al.  Compromising Emanations , 2002, Encyclopedia of Cryptography and Security.

[18]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[19]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[20]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[21]  Jean-Louis Lacoume,et al.  A Proposition for Correlation Power Analysis Enhancement , 2006, CHES.

[22]  Markus G. Kuhn Security Limits for Compromising Emanations , 2005, CHES.

[23]  Martin Feldhofer,et al.  Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes , 2008 .

[24]  Hervé Chabanne,et al.  Electromagnetic Side Channels of an FPGA Implementation of AES , 2004, IACR Cryptol. ePrint Arch..

[25]  Hidema Tanaka,et al.  Information Leakage Via Electromagnetic Emanations and Evaluation of Tempest Countermeasures , 2007, ICISS.

[26]  Martin Vuagnoux,et al.  Compromising Electromagnetic Emanations of Wired and Wireless Keyboards , 2009, USENIX Security Symposium.