Screen reading: electromagnetic information leakage from the computer monitor
Abstract
Introduction/purpose: The security of systems can be jeopardized by compromising emanations. This paper provides an overview of computer screen attacks. New technologies can be used to exfiltrate sensitive data from computer screens. Emission security is the prevention of electromagnetic signal attacks that are conducted or radiated.
Methods: This paper examines the impact of a side-channel attack that intercepts compromised information from a computer screen. The leakage of electromagnetic data is also explained. Software-defined radios are described to explain malicious attacks on computer monitors.
Results: The source of the electromagnetic signal determines the nature of the side-channel information they carry. The most well-known issue associated with revealing emissions is the possibility of intercepting visual information displayed on computer monitors.
Conclusion: Visual data displayed on computer monitors could be intercepted by a software-defined radio which can digitize the desired frequency spectrum directly from an antenna, present it to a digital signal processor, and output it to an application for revealing sensitive data. A variety of countermeasures, such as shielding, zoning, soft TEMPEST, and similar techniques, can be used to prevent data leakage.
References
Agrawal, D., Archambeault, B., Rao, J. & Rohatgi, P. 2003. The EM Side—Channel(s). In: Kaliski, B.S., Koç, ç.K. & Paar, C. (Eds.) Cryptographic Hardware and Embedded Systems - CHES 2002. CHES 2002. Lecture Notes in Computer Science, 2523, pp.29-45. Berlin, Heidelberg: Springer. Available at: https://doi.org/10.1007/3-540-36400-5_4>
Asonov, D. & Agrawal, R. 2004. Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy, Berkeley, CA, USA, pp.3-11, May 12. Available at: https://doi.org/10.1109/SECPRI.2004.1301311>
Backes, M., Chen, T., Duermuth, M., Lensch, H.P.A. & Welk, M. 2009. Tempest in a Teapot: Compromising Reflections Revisited. In: 2009 30th IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp.315-327, May 17-20. Available at: https://doi.org/10.1109/SP.2009.20>
Backes, M. Dürmuth, M., Gerling, S., Pinkal, M. & Sporleder, C. 2010. Acoustic side-channel attacks on printers. In: 19th USENIX Security Symposium (USENIX Security 10), Washington, DC, pp.307-322, August 11-13 [online]. Available at: https://www.usenix.org/legacy/event/sec10/tech/full_papers/Backes.pdf [Accessed: 25 June 2022].
Backes, M., Dürmuth, M. & Unruh, D. 2008. Compromising Reflections-or-How to Read LCD Monitors around the Corner. In: 2008 IEEE Symposium on Security and Privacy (sp 2008), Oakland, CA, USA, pp.158-169, May 18-22. Available at: https://doi.org/10.1109/SP.2008.25>
Barthe, G., Gregorie, B. & Laporte, V. 2018. Secure Compilation of Side-Channel Countermeasures: The Case of Cryptographic “Constant-Time”. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), Oxford, UK, pp.328-343, July 9-12. Available: https://doi.org/10.1109/CSF.2018.00031
-Bastille Networks. 2020. Top Internet of Radios Vulnerabilities [online]. Available at: https://www.bastille.net/research/top-10-internet-of-radios-vulnerabilities [Accessed: 25 June 2022].
Benks, J. 2016. Using Software Defined Radio for Faster Speeds And Increased Bandwidth. Technology white paper. Curtis-Wright Defence Solutions [online]. Available at: https://www.curtisswrightds.com/resources/white-papers/using-software-defined-radio-for-faster-speeds-and-increased-bandwidth [Accessed: 25 June 2022].
Berger, Y, Wool, A. & Yeredor, A. 2006. Dictionary attacks using keyboard acoustic emanations. In: CCS '06: Proceedings of the 13th ACM conference on Computer and communications security, Alexandria, Virginia, USA, pp.245-254, October 30. Available at: https://doi.org/10.1145/1180405.1180436>
Bernstein, D.J. 2005. Cache-timing attacks on AES [online]. Available at: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.140.2835&rep=rep1&type=pdf [Accessed: 25 June 2022].
Chamran, M.K., Yau, K.-L.A., Noor, R.M.D. & Wong, R. 2020. A Distributed Testbed for 5G Scenarios: An Experimental Study. Sensors, 20(1), art.number:18. Available at: https://doi.org/10.3390/s20010018>
-Cryptome. 2008. NSTISSAM TEMPEST/1-92 [online]. Available at: https://cryptome.org/nt1-92-1-5.htm [Accessed: 25 June 2022].
-Cryptome. 2000. NSTISSAM TEMPEST/2-95 [online]. Available at: https://cryptome.org/tempest-2-95.htm [Accessed: 25 June 2022].
De Meulemeester, P., Scheers, B.&Vandenbosch, G.A.E. 2020. Eavesdropping a (Ultra-)High-Definition Video Display from an 80 Meter Distance Under Realistic Circumstances. In: 2020 IEEE International Symposium on Electromagnetic Compatibility & Signal/Power Integrity (EMCSI), Reno, NV, USA, pp.517-522, July 28-August 28. Available at: https://doi.org/10.1109/EMCSI38923.2020.9191457
Doychev, G. 2016. Tools for evaluation of choice of countermeasures against side-channel attacks. PhD Thesis. Madrid: Universidad Politecnica de Madrid. Escuela Tecnica Superior de Ingenieros Informaticos. Available at: https://doi.org/10.20868/UPM.thesis.42965.>
Duc, A., Faust, S. & Standaert, F-X. 2019. Making Masking Security Proofs Concrete (Or How to Evaluate the Security of Any Leaking Device), Extended Version. Journal of Cryptology, 32, pp.1263-1297. Available at: https://doi.org/10.1007/s00145-018-9277-0>
Elibol, F., Sarac, U. & Erer, I. 2012. Realistic eavesdropping attacks on computer displays with low-cost and mobile receiver system. In: 2012 Proceedings of the 20th European Signal Processing Conference (EUSIPCO), Bucharest, Romania, pp.1767-1771, August 27-31 [online]. Available at: https://ieeexplore.ieee.org/abstract/document/6334179 [Accessed: 25 June 2022].
-EverySpec. 2015. MIL-STD-461G, Department of Defense Interface Standard: Requirements for the Control of Electromagnetic Interference Characteristics of Subsystems and Equipment [online]. Available at: http://everyspec.com/MIL-STD/MIL-STD-0300-0499/MIL-STD-461G_53571/ [Accessed: 25 June 2022].
Garcia Reis, A.L., Barros, A.F., Gusso Lenzi, K., Pedroso Meloni, L.G. & Barbin, S.E. 2012. Introduction to the Software-defined Radio Approach. IEEE Latin America Transactions, 10(1), pp.1156-1161. Available at: https://doi.org/10.1109/TLA.2012.6142453>
Genkin, D., Pattani, M., Schuster, R. & Tromer, E. 2019. Synesthesia: Detecting screen content via remote acoustic side channels. In: IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp.853-869, May 19-23. Available at: https://doi.org/10.1109/SP.2019.00074>
Genkin, D., Pipman, I. & Tromer, E. 2015. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. Journal of Cryptographic Engineering, 5(2), pp.95-112. Available at: https://doi.org/10.1007/s13389-015-0100-7>
Genkin, D., Shamir, A. & Tromer, E. 2014. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis. In: Garay, J.A., Gennaro, R. (Eds.) Advances in Cryptology – CRYPTO 2014. CRYPTO 2014. Lecture Notes in Computer Science, 8616, pp.444–461. Berlin, Heidelberg: Springer. Available at: https://doi.org/10.1007/978-3-662-44371-2_25>
Goller, G. & Sigl, G. 2015. Side channel attacks on smartphones and embedded devices using standard radio equipment. In: Mangard, S., Poschmann, A. (Eds.) Constructive Side-Channel Analysis and Secure Design. COSADE 2015. Lecture Notes in Computer Science, 9064, pp.255-270. Springer, Cham. Available at: https://doi.org/10.1007/978-3-319-21476-4_17>
-Great scott gadgets. 2021. HackRF [online]. Available at: https://greatscottgadgets.com/hackrf/one/ [Accessed: 25 June 2022].
Hayashi, Y., Homma, N., Miura, M., Aoki, T. & Sone, H. 2014. A Threat for Tablet PCs in Public Space: Remote Visualization of Screen Images Using EM Emanation. In: CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, USA, pp.954-965, November 3-7. Available at: https://doi.org/10.1145/2660267.2660292>
-ITU. 2014. K.84: Test methods and guide against information leaks through unintentional electromagnetic emission [online]. Available at: https://www.itu.int/rec/T-REC-K.84/en [Accessed: 25 June 2022].
Jonsson, J. & Kalinski, B. 2003. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 [online]. Available at: https://datatracker.ietf.org/doc/html/rfc3447 [Accessed: 25 June 2022].
Kinugawa, M., Fujimoto, D. & Hayashi, Y. 2019. Electromagnetic Information Extortion from Electronic Devices Using Interceptor and Its Countermeasure. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(4), pp.62-90. Available at: https://doi.org/10.13154/tches.v2019.i4.62-90>
Kocher, P.C. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (Ed.) Advances in Cryptology — CRYPTO ’96. CRYPTO 1996. Lecture Notes in Computer Science, 1109, pp.104-113. Berlin, Heidelberg: Springer. Available at: https://doi.org/10.1007/3-540-68697-5_9>
Kocher, P., Jaffe, J., Jun, B. & Rohatgi, P. 2011. Introduction to differential power analysis. Journal of Cryptographic Engineering, 1, pp.5-27. Available at: https://doi.org/10.1007/s13389-011-0006-y>
Kubiak, I. 2020. Electromagnetic Eavesdropping. In: Mitra, P. (Ed.) Recent Trends in Communication Networks, pp.593-653. London, UK: IntechOpen. Available at: https://doi.org/10.5772/intechopen.83215
Kuhn, M.G. 2002. Optical Time-Domain Eavesdropping Risks of CRT Displays. In: Proceedings 2002 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, pp.3-18, May 12-15. Available at: https://doi.org/10.1109/SECPRI.2002.1004358>
Kuhn, M.G. 2005. Security Limits for Compromising Emanations. In: Rao, J.R., Sunar, B. (Eds.) Cryptographic Hardware and Embedded Systems – CHES 2005. CHES 2005. Lecture Notes in Computer Science, 3659, pp.265-279. Springer, Berlin, Heidelberg. Available at: https://doi.org/10.1007/11545262_20>
Kuhn, M. G. 2006. Eavesdropping attacks on computer displays [online]. Available at: https://www.semanticscholar.org/paper/Eavesdropping-attacks-on-computer-displays-Kuhn/96c1ddf18dbadfa3a9e81ef0bf238511292cab8f [Accessed: 25 June 2022].
Kuhn, M. & Anderson, R. 1998. Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations. In: Aucsmith, D. (Ed.) Information Hiding. IH 1998. Lecture Notes in Computer Science, 1525, pp.124-142. Berlin, Heidelberg: Springer. Available at: https://doi.org/10.1007/3-540-49380-8_10>
Lavaud, C., Gerzaguet, R., Gautier, M., Berder, O., Nogues, E. & Molton, S. 2021. Whispering Devices: A Survey on How Side-channels Lead to Compromised Information. Journal Hardware and Systems Security, 5, pp.143-168. Available at: https://doi.org/10.1007/s41635-021-00112-6>
Lee, H., Sim, K., Oh, S. & Yook, J-G. 2016. Analysis of the Electromagnetic Leakage from Liquid Crystal Display Monitors. The Journal of Korean Institute of Electromagnetic Engineering and Science, 27(9), pp.844-853. Available at: https://doi.org/10.5515/KJKIEES.2016.27.9.844>
Levina, A., Mostovoi, R., Sleptsova, D. & Tcvetkov, L. 2019. Physical model of sensitive data leakage from PC-based cryptographic systems. Journal of Cryptographic Engineering, 9, pp.393-400. Available at: https://doi.org/10.1007/s13389-019-00215-5>
-Lime microsystems. 2021. LimeSDR Mini [online]. Available at: https://limemicro.com/products/boards/limesdr-mini/ [Accessed: 25 June 2022].
Liu, Z., Samwel, N., Weissbart, L., Zhao, Z., Lauret, D., Batina, L. & Larson, M. 2021. Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel. In: Network and Distributed System Security (NDSS) Symposium, virtual, pp.1-15, February 21-25. Available at: https://doi.org/10.14722/ndss.2021.23021
Mangard, S., Oswald, E. & Popp, T. 2007. Power analysis attack: revealing the secrets of smart cards. Springer-Verlag US. Available at: https://doi.org/10.1007/978-0-387-38162-6>
Mao, J., Liu, P., Liu, J. & Han, Z. 2017. Method for detecting electromagnetic information leakage from computer monitor. Mechatronic System and Control, 45. Available at: http://doi.org/10.2316/Journal.201.2017.1.201-2791
Markagić, M.S. 2018. Compromising electromagnetic radiation: Challenges, threats and protection. Vojnotehnički glasnik/Military Technical Courier, 66(1), pp.143-153. Available at: https://doi.org/10.5937/vojtehg66-8691
Molina-Tenorio, Y., Perieto-Guerrero, A. & Aguilar-Gonzales, R. 2021. Real-Time Implementation of Multi-Band Spectrum Sensing Using SDR Technology. Sensors, 21(10), art.number:3506, pp.1-21. Available at: http://doi.org/10.3390/s21103506
Molyneux-Child, J.W. 1997. EMC Shielding Materials, Second Edition: A design guide 2nd Edition. Oxford, UK: Newnes. ISBN-13: 978-0750635486.
-Nooelec. 2021. NESDR SMArt v4 SDR—Premium RTL-SDR w/Aluminum Enclosure, 0.5PPM TCXO, SMA Input. RTL2832U & R820T2-Based—Software Defined Radio [online]. Available at: https://www.nooelec.com/store/sdr/nesdr-smart-sdr.html [Accessed: 25 June 2022].
Ometov, A., Levina, A., Borisenko, P., Mostovoy, R., Orsino, A. & Andreev, S. 2017. Mobile social networking under side-channel attacks: Practical security challenges. IEEE Access, 5, pp.2591-2601. Available at: https://doi.org/10.1109/ACCESS.2017.2665640>
Prouff, E. & Rivian, M. 2013. Masking against Side-Channel Attacks: A Formal Security Proof. In: Johanson, T. & Nguyen, P.Q. (Eds.) Advances in Cryptology EUROCRYPT 2013. Lecture Notes in Computer Science, 7881, pp.142-159.Berlin, Hiedelberg: Springer. Available at: https://doi.org/10.1007/978-3-642-38348-9_9
Przybysz, A. Grzesiak, K. & Kubiak, I. 2021. Electromagnetic Safety of Remote Communication Devices – Videoconference. Symmetry, 13(2), art.number:323. Available at: https://doi.org/10.3390/sym13020323>
Rowe, N.C. 2006. Electronic protection II-7. In: Bidgoli, H. (Ed.) The Handbook of Information Security. New York: Wiley [online]. Available at: https://faculty.nps.edu/ncrowe/eprotect_final.htm [Accessed: 25 June 2022].
-RTL-SDR. 2017. TempestSDR: An SDR tool for eavesdropping on computer screens via unintentionally radiated RF [online]. Available at: https://www.rtl-sdr.com/tempestsdr-a-sdr-tool-for-eavesdropping-on-computer-screens-via-unintentionally-radiated-rf/ [Accessed: 25 June 2022].
Rugeles Uribe, J.J., Gullien, E.P. & Cardoso, L.S. 2021. A technical review of wireless security for the internet of things: Software defined radio perspective. Journal of King Saud University - Computer and Information Sciences, 34(7), pp. 4122-4134. Available at: https://doi.org/10.1016/j.jksuci.2021.04.003>
Sayakkara, A., Le-Khac, N-A. & Scanlon, M. 2018. Accuracy Enhancement of Electromagnetic Side-Channel Attacks on Computer Monitors. In: ARES 2018: Proceedings of the 13th International Conference on Availability, Reliability and Security, Hamburg, Germany, August 27-30. Available at: https://doi.org/10.1145/3230833.3234690
Sekiguchi, H. 2010. Information leakage of input operation on touch screen monitors caused by electromagnetic noise. In: 2010 IEEE International Symposium on Electromagnetic Compatibility, Fort Lauderdale, FL, USA, pp.127-131, July 25-30. Available at: https://doi.org/10.1109/ISEMC.2010.5711258>
Stewart, R.W., Crockett, L., Atkinson, D., Barlee, K., Crawford, D., Chalmers, I., Mclernon, M. & Sozer, E. 2015. A low-cost desktop software defined radio design environment using MATLAB, simulink, and the RTL-SDR. IEEE Communications Magazine. 53(9), pp.64-71. Available at: https://doi.org/10.1109/MCOM.2015.7263347>
Van Eck, W. 1985. Electromagnetic radiation from video display units: An eavesdropping risk? Computers & Security, 4(4), pp.269-286. Available at: https://doi.org/10.1016/0167-4048(85)90046-X>
Warne, L.K. & Chen, K.C. 1992. A simple transmission line model for narrow slot apertures having depth and losses. IEEE Transactions on Electromagnetic Compatibility, 34(3), pp.173-182. Available at: https://doi.org/10.1109/15.155827
Will, M.A. & Ko, R.K.L. 2015. Chapter 5 - A guide to homomorphic encryption. In: Ko, R. & Choo, K-K.R. (Ed.) The Cloud Security Ecosystem Technical, Legal, Business and Management Issues, pp.101-127. Available at: https://doi.org/10.1016/B978-0-12-801595-7.00005-7>
Copyright (c) 2022 Milena M. Grdović, Danijela D. Protić, Vladimir D. Antić, Boriša Ž. Jovanović
This work is licensed under a Creative Commons Attribution 4.0 International License.
Proposed Creative Commons Copyright Notices
Proposed Policy for Military Technical Courier (Journals That Offer Open Access)
Authors who publish with this journal agree to the following terms:
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).