Experimental Demonstration of Electromagnetic Information Leakage From Modern Processor-Memory Systems

This paper shows that electromagnetic (EM) information leakage from modern laptops and desktops (with no peripherals attached) is indeed possible and is relatively easy to achieve. The experiments are performed on three laptop systems and one desktop system with different processors (Intel Centrino, Core 2, Core i7, and AMD Turion), and show that both active (program deliberately tries to cause emanations at a particular frequency) and passive (emanations at different frequencies happen as a result of system activity) EM side-channel attacks are possible on all the systems we tested. Furthermore, this paper shows that EM information leakage can reliably be received at distances that vary from tens of centimeters to several meters including the signals that have propagated through cubicle or structural walls. Finally, this paper shows how activity levels and data values used in accessing different parts of the memory subsystem (off-chip memory and each level of on-chip caches) affect the transmission distance.

[1]  Rui Wang,et al.  Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow , 2010, 2010 IEEE Symposium on Security and Privacy.

[2]  Pascal Benoit,et al.  Spatial EM jamming: A countermeasure against EM Analysis? , 2010, 2010 18th IEEE/IFIP International Conference on VLSI and System-on-Chip.

[3]  M. G. Kuhn,et al.  Compromising emanations of LCD TV sets , 2011, 2011 IEEE International Symposium on Electromagnetic Compatibility.

[4]  Hidenori Sekiguchi Novel Information Leakage Threat for Input Operations on Touch Screen Monitors Caused by Electromagnetic Noise and its Countermeasure Method , 2012 .

[5]  Hidenori Sekiguchi,et al.  MEASUREMENT OF RADIATED COMPUTER RGB SIGNALS , 2009 .

[6]  Martin Vuagnoux,et al.  An improved technique to discover compromising electromagnetic emanations , 2010, 2010 IEEE International Symposium on Electromagnetic Compatibility.

[7]  Wim Schoenmaker,et al.  Introduction to Electromagnetism , 2005 .

[8]  H. Sekiguchi,et al.  Study on Maximum Receivable Distance for Radiated Emission of Information Technology Equipment Causing Information Leakage , 2013, IEEE Transactions on Electromagnetic Compatibility.

[9]  Yasunao Suzuki,et al.  Jamming technique to prevent information leakage caused by unintentional emissions of PC video signals , 2010, 2010 IEEE International Symposium on Electromagnetic Compatibility.

[10]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[11]  Hidema Tanaka,et al.  Information Leakage Via Electromagnetic Emanations and Evaluation of Tempest Countermeasures , 2007, ICISS.

[12]  W. V. Eck Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? , 1996 .

[13]  Y. Hayashi,et al.  Efficient Evaluation of EM Radiation Associated With Information Leakage From Cryptographic Devices , 2013, IEEE Transactions on Electromagnetic Compatibility.

[14]  Christos Christopoulos,et al.  Introduction to Electromagnetic Compatibility , 2007 .

[15]  Carsten Willems,et al.  Practical Timing Side Channel Attacks against Kernel Space ASLR , 2013, 2013 IEEE Symposium on Security and Privacy.

[16]  van EckWim Electromagnetic radiation from video display units: an eavesdropping risk? , 1985 .

[17]  Thomas Plos,et al.  Enhancing Side-Channel Analysis with Low-Cost Shielding Techniques , 2014 .

[18]  Markus G. Kuhn,et al.  Compromising Emanations , 2002, Encyclopedia of Cryptography and Security.

[19]  Stephan Krenn,et al.  Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.

[20]  C. Paul Introduction to Electromagnetic Compatibility: Paul/Introduction to Electromagnetic Compatibility, Second Edition , 2005 .

[21]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[22]  H. Ott Electromagnetic Compatibility Engineering: Ott/Electromagnetic Compatibility , 2009 .

[23]  George S. Taylor,et al.  Security Evaluation of Asynchronous Circuits , 2003, CHES.

[24]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[25]  Harold Joseph Highland,et al.  Electromagnetic radiation revisited , 1986, Computers & security.

[26]  Y. Hayashi,et al.  Analysis of Electromagnetic Information Leakage From Cryptographic Devices With Different Physical Structures , 2013, IEEE Transactions on Electromagnetic Compatibility.

[27]  Antje Sommer,et al.  Electromagnetic Compatibility Engineering , 2016 .

[28]  Simha Sethumadhavan,et al.  Side-channel vulnerability factor: A metric for measuring information leakage , 2012, 2012 39th Annual International Symposium on Computer Architecture (ISCA).