Screen reading: electromagnetic information leakage from the computer monitor

Milena M. Grdović; Danijela D. Protić; Vladimir D. Antić; Boriša Ž. Jovanović

doi:10.5937/vojtehg70-38930

Milena M. Grdović Vojska Srbije, Generalštab, Uprava za telekomunikacije i informatiku (J-6), Centar za primenjenu matematiku i elektroniku, Beograd, Republika Srbija https://orcid.org/0000-0003-4310-7935
Danijela D. Protić Vojska Srbije, Generalštab, Uprava za telekomunikacije i informatiku (J-6), Centar za primenjenu matematiku i elektroniku, Beograd, Republika Srbija https://orcid.org/0000-0003-0827-2863
Vladimir D. Antić Vojska Srbije, Generalštab, Uprava za telekomunikacije i informatiku (J-6), Centar za primenjenu matematiku i elektroniku, Beograd, Republika Srbija https://orcid.org/0000-0001-9843-0743
Boriša Ž. Jovanović Vojska Srbije, Generalštab, Uprava za telekomunikacije i informatiku (J-6), Centar za primenjenu matematiku i elektroniku, Beograd, Republika Srbija https://orcid.org/0000-0002-9353-724X

DOI: https://doi.org/10.5937/vojtehg70-38930

Ključne reči: elektromagnetna emisija, curenje informacija, monitor

Sažetak

Uvod/cilj: Bezbednost sistema može biti ugrožena kompromitujućim zračenjem. U radu je prikazan pregled napada na informacije koje zrači monitor računara. Praćenjem zračenja sa ekrana računara, nove tehnologije se mogu koristiti za eksfiltraciju osetljivih podataka. Emisiona bezbednost predstavlja način za sprečavanje napada elektromagnetnih signala koji nastaju zračenjem ili se prenose.

Metode: U radu se ispituje uticaj side-channel napada koji presreće kompromitovane informacije sa ekrana računara. Objašnjeno je „curenje” podataka usled elektromagnetnog zračenja. Softverski definisani radio opisan je kako bi bili objašnjeni zlonamerni napadi na monitore.

Rezultati: Izvor elektromagnetnog signala određuje prirodu informacija koje one nose. Najpoznatiji problem povezan sa otkrivanjem emisija jeste mogućnost presretanja vizuelnih informacija prikazanih na monitorima računara.

Zaključak: Vizuelni podaci prikazani na monitorima mogu biti presretnuti softverski definisanim radiom, koji može digitalizovati željeni spektar direktno sa antene, u digitalnom obliku ga predstaviti procesoru i proslediti aplikaciji za otkrivanje osetljivih podataka. Za sprečavanje curenja podataka mogu se koristiti razne protivmere zaštite, kao što su zoniranje, soft TEMPEST i slične tehnike.

Reference

Agrawal, D., Archambeault, B., Rao, J. & Rohatgi, P. 2003. The EM Side—Channel(s). In: Kaliski, B.S., Koç, ç.K. & Paar, C. (Eds.) Cryptographic Hardware and Embedded Systems - CHES 2002. CHES 2002. Lecture Notes in Computer Science, 2523, pp.29-45. Berlin, Heidelberg: Springer. Available at: https://doi.org/10.1007/3-540-36400-5_4>

Asonov, D. & Agrawal, R. 2004. Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy, Berkeley, CA, USA, pp.3-11, May 12. Available at: https://doi.org/10.1109/SECPRI.2004.1301311>

Backes, M., Chen, T., Duermuth, M., Lensch, H.P.A. & Welk, M. 2009. Tempest in a Teapot: Compromising Reflections Revisited. In: 2009 30th IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp.315-327, May 17-20. Available at: https://doi.org/10.1109/SP.2009.20>

Backes, M. Dürmuth, M., Gerling, S., Pinkal, M. & Sporleder, C. 2010. Acoustic side-channel attacks on printers. In: 19th USENIX Security Symposium (USENIX Security 10), Washington, DC, pp.307-322, August 11-13 [online]. Available at: https://www.usenix.org/legacy/event/sec10/tech/full_papers/Backes.pdf [Accessed: 25 June 2022].

Backes, M., Dürmuth, M. & Unruh, D. 2008. Compromising Reflections-or-How to Read LCD Monitors around the Corner. In: 2008 IEEE Symposium on Security and Privacy (sp 2008), Oakland, CA, USA, pp.158-169, May 18-22. Available at: https://doi.org/10.1109/SP.2008.25>

Barthe, G., Gregorie, B. & Laporte, V. 2018. Secure Compilation of Side-Channel Countermeasures: The Case of Cryptographic “Constant-Time”. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), Oxford, UK, pp.328-343, July 9-12. Available: https://doi.org/10.1109/CSF.2018.00031

-Bastille Networks. 2020. Top Internet of Radios Vulnerabilities [online]. Available at: https://www.bastille.net/research/top-10-internet-of-radios-vulnerabilities [Accessed: 25 June 2022].

Benks, J. 2016. Using Software Defined Radio for Faster Speeds And Increased Bandwidth. Technology white paper. Curtis-Wright Defence Solutions [online]. Available at: https://www.curtisswrightds.com/resources/white-papers/using-software-defined-radio-for-faster-speeds-and-increased-bandwidth [Accessed: 25 June 2022].

Berger, Y, Wool, A. & Yeredor, A. 2006. Dictionary attacks using keyboard acoustic emanations. In: CCS '06: Proceedings of the 13th ACM conference on Computer and communications security, Alexandria, Virginia, USA, pp.245-254, October 30. Available at: https://doi.org/10.1145/1180405.1180436>

Bernstein, D.J. 2005. Cache-timing attacks on AES [online]. Available at: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.140.2835&rep=rep1&type=pdf [Accessed: 25 June 2022].

Chamran, M.K., Yau, K.-L.A., Noor, R.M.D. & Wong, R. 2020. A Distributed Testbed for 5G Scenarios: An Experimental Study. Sensors, 20(1), art.number:18. Available at: https://doi.org/10.3390/s20010018>

-Cryptome. 2008. NSTISSAM TEMPEST/1-92 [online]. Available at: https://cryptome.org/nt1-92-1-5.htm [Accessed: 25 June 2022].

-Cryptome. 2000. NSTISSAM TEMPEST/2-95 [online]. Available at: https://cryptome.org/tempest-2-95.htm [Accessed: 25 June 2022].

De Meulemeester, P., Scheers, B.&Vandenbosch, G.A.E. 2020. Eavesdropping a (Ultra-)High-Definition Video Display from an 80 Meter Distance Under Realistic Circumstances. In: 2020 IEEE International Symposium on Electromagnetic Compatibility & Signal/Power Integrity (EMCSI), Reno, NV, USA, pp.517-522, July 28-August 28. Available at: https://doi.org/10.1109/EMCSI38923.2020.9191457

Doychev, G. 2016. Tools for evaluation of choice of countermeasures against side-channel attacks. PhD Thesis. Madrid: Universidad Politecnica de Madrid. Escuela Tecnica Superior de Ingenieros Informaticos. Available at: https://doi.org/10.20868/UPM.thesis.42965.>

Duc, A., Faust, S. & Standaert, F-X. 2019. Making Masking Security Proofs Concrete (Or How to Evaluate the Security of Any Leaking Device), Extended Version. Journal of Cryptology, 32, pp.1263-1297. Available at: https://doi.org/10.1007/s00145-018-9277-0>

Elibol, F., Sarac, U. & Erer, I. 2012. Realistic eavesdropping attacks on computer displays with low-cost and mobile receiver system. In: 2012 Proceedings of the 20th European Signal Processing Conference (EUSIPCO), Bucharest, Romania, pp.1767-1771, August 27-31 [online]. Available at: https://ieeexplore.ieee.org/abstract/document/6334179 [Accessed: 25 June 2022].

-EverySpec. 2015. MIL-STD-461G, Department of Defense Interface Standard: Requirements for the Control of Electromagnetic Interference Characteristics of Subsystems and Equipment [online]. Available at: http://everyspec.com/MIL-STD/MIL-STD-0300-0499/MIL-STD-461G_53571/ [Accessed: 25 June 2022].

Garcia Reis, A.L., Barros, A.F., Gusso Lenzi, K., Pedroso Meloni, L.G. & Barbin, S.E. 2012. Introduction to the Software-defined Radio Approach. IEEE Latin America Transactions, 10(1), pp.1156-1161. Available at: https://doi.org/10.1109/TLA.2012.6142453>

Genkin, D., Pattani, M., Schuster, R. & Tromer, E. 2019. Synesthesia: Detecting screen content via remote acoustic side channels. In: IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp.853-869, May 19-23. Available at: https://doi.org/10.1109/SP.2019.00074>

Genkin, D., Pipman, I. & Tromer, E. 2015. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. Journal of Cryptographic Engineering, 5(2), pp.95-112. Available at: https://doi.org/10.1007/s13389-015-0100-7>

Genkin, D., Shamir, A. & Tromer, E. 2014. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis. In: Garay, J.A., Gennaro, R. (Eds.) Advances in Cryptology – CRYPTO 2014. CRYPTO 2014. Lecture Notes in Computer Science, 8616, pp.444–461. Berlin, Heidelberg: Springer. Available at: https://doi.org/10.1007/978-3-662-44371-2_25>

Goller, G. & Sigl, G. 2015. Side channel attacks on smartphones and embedded devices using standard radio equipment. In: Mangard, S., Poschmann, A. (Eds.) Constructive Side-Channel Analysis and Secure Design. COSADE 2015. Lecture Notes in Computer Science, 9064, pp.255-270. Springer, Cham. Available at: https://doi.org/10.1007/978-3-319-21476-4_17>

-Great scott gadgets. 2021. HackRF [online]. Available at: https://greatscottgadgets.com/hackrf/one/ [Accessed: 25 June 2022].

Hayashi, Y., Homma, N., Miura, M., Aoki, T. & Sone, H. 2014. A Threat for Tablet PCs in Public Space: Remote Visualization of Screen Images Using EM Emanation. In: CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, USA, pp.954-965, November 3-7. Available at: https://doi.org/10.1145/2660267.2660292>

-ITU. 2014. K.84: Test methods and guide against information leaks through unintentional electromagnetic emission [online]. Available at: https://www.itu.int/rec/T-REC-K.84/en [Accessed: 25 June 2022].

Jonsson, J. & Kalinski, B. 2003. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 [online]. Available at: https://datatracker.ietf.org/doc/html/rfc3447 [Accessed: 25 June 2022].

Kinugawa, M., Fujimoto, D. & Hayashi, Y. 2019. Electromagnetic Information Extortion from Electronic Devices Using Interceptor and Its Countermeasure. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(4), pp.62-90. Available at: https://doi.org/10.13154/tches.v2019.i4.62-90>

Kocher, P.C. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (Ed.) Advances in Cryptology — CRYPTO ’96. CRYPTO 1996. Lecture Notes in Computer Science, 1109, pp.104-113. Berlin, Heidelberg: Springer. Available at: https://doi.org/10.1007/3-540-68697-5_9>

Kocher, P., Jaffe, J., Jun, B. & Rohatgi, P. 2011. Introduction to differential power analysis. Journal of Cryptographic Engineering, 1, pp.5-27. Available at: https://doi.org/10.1007/s13389-011-0006-y>

Kubiak, I. 2020. Electromagnetic Eavesdropping. In: Mitra, P. (Ed.) Recent Trends in Communication Networks, pp.593-653. London, UK: IntechOpen. Available at: https://doi.org/10.5772/intechopen.83215

Kuhn, M.G. 2002. Optical Time-Domain Eavesdropping Risks of CRT Displays. In: Proceedings 2002 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, pp.3-18, May 12-15. Available at: https://doi.org/10.1109/SECPRI.2002.1004358>

Kuhn, M.G. 2005. Security Limits for Compromising Emanations. In: Rao, J.R., Sunar, B. (Eds.) Cryptographic Hardware and Embedded Systems – CHES 2005. CHES 2005. Lecture Notes in Computer Science, 3659, pp.265-279. Springer, Berlin, Heidelberg. Available at: https://doi.org/10.1007/11545262_20>

Kuhn, M. G. 2006. Eavesdropping attacks on computer displays [online]. Available at: https://www.semanticscholar.org/paper/Eavesdropping-attacks-on-computer-displays-Kuhn/96c1ddf18dbadfa3a9e81ef0bf238511292cab8f [Accessed: 25 June 2022].

Kuhn, M. & Anderson, R. 1998. Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations. In: Aucsmith, D. (Ed.) Information Hiding. IH 1998. Lecture Notes in Computer Science, 1525, pp.124-142. Berlin, Heidelberg: Springer. Available at: https://doi.org/10.1007/3-540-49380-8_10>

Lavaud, C., Gerzaguet, R., Gautier, M., Berder, O., Nogues, E. & Molton, S. 2021. Whispering Devices: A Survey on How Side-channels Lead to Compromised Information. Journal Hardware and Systems Security, 5, pp.143-168. Available at: https://doi.org/10.1007/s41635-021-00112-6>

Lee, H., Sim, K., Oh, S. & Yook, J-G. 2016. Analysis of the Electromagnetic Leakage from Liquid Crystal Display Monitors. The Journal of Korean Institute of Electromagnetic Engineering and Science, 27(9), pp.844-853. Available at: https://doi.org/10.5515/KJKIEES.2016.27.9.844>

Levina, A., Mostovoi, R., Sleptsova, D. & Tcvetkov, L. 2019. Physical model of sensitive data leakage from PC-based cryptographic systems. Journal of Cryptographic Engineering, 9, pp.393-400. Available at: https://doi.org/10.1007/s13389-019-00215-5>

-Lime microsystems. 2021. LimeSDR Mini [online]. Available at: https://limemicro.com/products/boards/limesdr-mini/ [Accessed: 25 June 2022].

Liu, Z., Samwel, N., Weissbart, L., Zhao, Z., Lauret, D., Batina, L. & Larson, M. 2021. Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel. In: Network and Distributed System Security (NDSS) Symposium, virtual, pp.1-15, February 21-25. Available at: https://doi.org/10.14722/ndss.2021.23021

Mangard, S., Oswald, E. & Popp, T. 2007. Power analysis attack: revealing the secrets of smart cards. Springer-Verlag US. Available at: https://doi.org/10.1007/978-0-387-38162-6>

Mao, J., Liu, P., Liu, J. & Han, Z. 2017. Method for detecting electromagnetic information leakage from computer monitor. Mechatronic System and Control, 45. Available at: http://doi.org/10.2316/Journal.201.2017.1.201-2791

Markagić, M.S. 2018. Compromising electromagnetic radiation: Challenges, threats and protection. Vojnotehnički glasnik/Military Technical Courier, 66(1), pp.143-153. Available at: https://doi.org/10.5937/vojtehg66-8691

Molina-Tenorio, Y., Perieto-Guerrero, A. & Aguilar-Gonzales, R. 2021. Real-Time Implementation of Multi-Band Spectrum Sensing Using SDR Technology. Sensors, 21(10), art.number:3506, pp.1-21. Available at: http://doi.org/10.3390/s21103506

Molyneux-Child, J.W. 1997. EMC Shielding Materials, Second Edition: A design guide 2nd Edition. Oxford, UK: Newnes. ISBN-13: 978-0750635486.

-Nooelec. 2021. NESDR SMArt v4 SDR—Premium RTL-SDR w/Aluminum Enclosure, 0.5PPM TCXO, SMA Input. RTL2832U & R820T2-Based—Software Defined Radio [online]. Available at: https://www.nooelec.com/store/sdr/nesdr-smart-sdr.html [Accessed: 25 June 2022].

Ometov, A., Levina, A., Borisenko, P., Mostovoy, R., Orsino, A. & Andreev, S. 2017. Mobile social networking under side-channel attacks: Practical security challenges. IEEE Access, 5, pp.2591-2601. Available at: https://doi.org/10.1109/ACCESS.2017.2665640>

Prouff, E. & Rivian, M. 2013. Masking against Side-Channel Attacks: A Formal Security Proof. In: Johanson, T. & Nguyen, P.Q. (Eds.) Advances in Cryptology EUROCRYPT 2013. Lecture Notes in Computer Science, 7881, pp.142-159.Berlin, Hiedelberg: Springer. Available at: https://doi.org/10.1007/978-3-642-38348-9_9

Przybysz, A. Grzesiak, K. & Kubiak, I. 2021. Electromagnetic Safety of Remote Communication Devices – Videoconference. Symmetry, 13(2), art.number:323. Available at: https://doi.org/10.3390/sym13020323>

Rowe, N.C. 2006. Electronic protection II-7. In: Bidgoli, H. (Ed.) The Handbook of Information Security. New York: Wiley [online]. Available at: https://faculty.nps.edu/ncrowe/eprotect_final.htm [Accessed: 25 June 2022].

-RTL-SDR. 2017. TempestSDR: An SDR tool for eavesdropping on computer screens via unintentionally radiated RF [online]. Available at: https://www.rtl-sdr.com/tempestsdr-a-sdr-tool-for-eavesdropping-on-computer-screens-via-unintentionally-radiated-rf/ [Accessed: 25 June 2022].

Rugeles Uribe, J.J., Gullien, E.P. & Cardoso, L.S. 2021. A technical review of wireless security for the internet of things: Software defined radio perspective. Journal of King Saud University - Computer and Information Sciences, 34(7), pp. 4122-4134. Available at: https://doi.org/10.1016/j.jksuci.2021.04.003>

Sayakkara, A., Le-Khac, N-A. & Scanlon, M. 2018. Accuracy Enhancement of Electromagnetic Side-Channel Attacks on Computer Monitors. In: ARES 2018: Proceedings of the 13th International Conference on Availability, Reliability and Security, Hamburg, Germany, August 27-30. Available at: https://doi.org/10.1145/3230833.3234690

Sekiguchi, H. 2010. Information leakage of input operation on touch screen monitors caused by electromagnetic noise. In: 2010 IEEE International Symposium on Electromagnetic Compatibility, Fort Lauderdale, FL, USA, pp.127-131, July 25-30. Available at: https://doi.org/10.1109/ISEMC.2010.5711258>

Stewart, R.W., Crockett, L., Atkinson, D., Barlee, K., Crawford, D., Chalmers, I., Mclernon, M. & Sozer, E. 2015. A low-cost desktop software defined radio design environment using MATLAB, simulink, and the RTL-SDR. IEEE Communications Magazine. 53(9), pp.64-71. Available at: https://doi.org/10.1109/MCOM.2015.7263347>

Van Eck, W. 1985. Electromagnetic radiation from video display units: An eavesdropping risk? Computers & Security, 4(4), pp.269-286. Available at: https://doi.org/10.1016/0167-4048(85)90046-X>

Warne, L.K. & Chen, K.C. 1992. A simple transmission line model for narrow slot apertures having depth and losses. IEEE Transactions on Electromagnetic Compatibility, 34(3), pp.173-182. Available at: https://doi.org/10.1109/15.155827

Will, M.A. & Ko, R.K.L. 2015. Chapter 5 - A guide to homomorphic encryption. In: Ko, R. & Choo, K-K.R. (Ed.) The Cloud Security Ecosystem Technical, Legal, Business and Management Issues, pp.101-127. Available at: https://doi.org/10.1016/B978-0-12-801595-7.00005-7>

Čitanje sa ekrana: curenje elektromagnetnih informacija sa monitora računara

Sažetak

Reference

Vojnotehnički glasnik omogućava otvoreni pristup i, u skladu sa preporukom CEON-a, primenjuje Creative Commons odredbe o autorskim pravima:

Autori koji objavljuju u Vojnotehničkom glasniku pristaju na sledeće uslove: