High Quality
Open the downloaded document, and select print from the file menu (PDF reader required).
213
TANAKA Hidema et al.
1 Introduction
In recent studies on encryption and otherinformation security technologies, moreresearchers are focusing on countermeasuresagainst attacks aimed at gaining confidentialinformation by methods other than electroniceavesdropping on communication channels. In“side-channel attacks”, attackers interceptinformation revealed unintentionally throughphysical processes or gain confidential infor-mation by exploiting hardware defects. Side-channel attacks are classified depending onwhether attackers establish access to attack tar-gets, and on whether attackers sabotage attack targets to cause the targeted devices to operatein ways other than originally intended
[1]
.Vari-ous physical properties are exploited byattackers for side-channel attacks, includingthe amount of power consumed, emissions of light, electromagnetic waves, or ultrasonicwaves, etc. Additionally, various methods of attack are available: methods in which nophysical contact is made with the targeteddevice, destructive methods based on somemechanism within the device, and methodsthat involve some combination of the two. Akey task when assessing these potentialattacks is to measure observable physicalproperties in a realistic environment and toevaluate these properties in detail. In contrastwith computation-theory security models,Micali and Reyzin have formulated and pro-posed a model of security against physicallyobservable attacks that exploit informationleaked from physical processes
[2]
. Their aimwas to show, within a logical framework, thesort of cryptographic primitives that can beused to enable secure encrypted communica-tion given certain observable physical proper-ties. Achieving this aim requires measuringand confirming observable physical properties
3-13 A Trial of the Interception of DisplayImage using Emanation of Electromag-netic Wave
TANAKA Hidema, TAKIZAWA Osamu, and YAMAMURA Akihiro
This paper describes the experiments and analysis of the interception of personal comput-er’s display image using emanation of electromagnetic wave. We used personal computers asthe targets and experimented on reconstruction of screen information under the following equip-ments and environments; (1) using a near magnetic field probe, (2) using an antenna from awayplace, (3) using an injection probe over power supply cable. From the result of (1), we show thatthe slight difference in the synchronous frequency of video signal among PCs will become thekey which recognizes the target. In the experiment (2), we succeeded from about 4 meters awayplace with frequency which is inside of VCCI regulations. In the experiment (3), we succeededfrom about 30 meters away place, and we found that the position relation between a probe andAC adapter is dependent on results.
Keywords
Electro-magnetic wave, Side-channel attack, TEMPEST, Security, EMC
214
Journal of the National Institute of Information and Communications Technology
Vol.52 Nos.1/2 2005
in a real-world environment.Electromagnetic waves are generated bythe operation of equipment comprised of high-frequency circuits such as personal computers(referred to simply as “computers” below);these waves emanate from the equipment.Electromagnetic emissions can be consideredto pose two threats to information security.First, there is the risk that signals may beintercepted during encryption processing, pro-viding attackers a key in cryptanalysis. Sec-ond, in a risk unrelated to cryptanalysis, confi-dential user information may be intercepteddirectly.This paper reports on the results of experi-ments on potential threats of the second type.If screen images on computers can be inter-cepted, confidential information from othercomputers on the network can also be inter-cepted, rendering network security policiespowerless. Methods of intercepting screenimages from CRT monitors and the like havebeen known for quite some time, and themethods themselves are regarded as highlyconfidential information. This consideration—and the fact that experimental results dependgreatly on the equipment and environment,making quantitative analysis difficult—account for the scarcity of published docu-ments featuring detailed procedures (includingspecific measurement values) and clearresults. Specifically, it is indispensable that thequality and quantity of leaked data, the equip-ment, and methods of the experiment be clari-fied when discussing security that addressesthe model of physically observable attacksproposed by Micali and Reyzin. Thus, in thispaper we discuss the results of experimentsusing actual equipment, reporting on a proce-dure for intercepting electromagnetic wavesthat reveals computer-screen images. Our aimwas to provide an index of technical factorsinvolving the emission of the waves, the quali-ty and quantity of leaked information, the costof staging attacks, and the cost of defensivemeasures.
2 Classification of electromagnet-ic emission interception
Content subject to leaking and contentsubject to interception through electromagnet-ic emission are classified in terms of equip-ment input and output data. These are summa-rized in tables 1 and 2
[3]
. In addition to screenimages, keyboard strokes and printed text arealso at risk of interception. This means, forexample, that even passwords not displayedon-screen may be intercepted.Screen images and keystroke signals in thefinal link of the human-machine interface oncomputers and other information and commu-nication devices represent information provid-ed directly to users. Thus, these signals cannotbe encrypted, and if they are emitted as elec-tromagnetic waves, conventional security pro-tection technology cannot prevent intercep-tion. Proposals have thus called for device-based measures that maintain electromagneticemissions from information and communica-tion equipment below a prescribed level, aswell as measures for electromagnetic shieldingof buildings and more secure methods of equipment installation and setup
[3]
.
Table 1
Interception of output information
Table 2
Interception of input information
215
TANAKA Hidema et al.
3 Experimental equipment andtargets
With respect to the means of interceptiondescribed in Table 1, we conducted experi-ments to intercept electromagnetic emissionsfrom computers and to recreate screen imagesfrom targeted computers. In the experiments,we used a Rohde & Schwarz FSET22 testreceiver (Fig.1) and SystemWare FrameCon-trol Ver. 4.24 as an image-processing applica-tion. The test receiver specifications are givenin Table 3. FrameControl supports processingof input signals from the test receiver at 256frames/3 sec. Real-time image processing isavailable by averaging up to 256 frames. Asthe near-magnetic field probe, an AnritsuMA2601B (frequency bandwidth: 5 MHz to 1GHz) was used; as an antenna, an AnritsuMP666A log-periodic antenna (frequencybandwidth: 20 to 2000 MHz) was used; and asthe injection probe, an NEC Tokin EIP-100(frequency bandwidth: 80 kHz to 30 MHz)was employed (Figs.2 and 3). The MA2601Boffers conversion coefficient values for mag-netic field strength to measured voltage of 35dB at 5 MHz, 12 dB at 100 MHz, 8 dB at 500MHz, and 10 dB at 1 GHz
[4]
. Meanwhile, theMP666A offers conversion coefficient valuesfor magnetic field strength to measured volt-age of +3 dB at 100 MHz, -14 dB at 500MHz, and -21 dB at 1 GHz
[4]
.We used desktop and notebook computersas interception targets. The experiments wereconducted on desktop computers equippedwith three types of video cards (ATI Radeon9700, NVIDIA GeForce2 MX/MX400 PCI,and NVIDIA GeForce3 Ti500) and a notebook computer equipped with a graphics controller
Fig.1
Test receiver used in the experi- ments
Table 3
Specifications of test receiver used in the experiments
Fig.2
Equipment used
Fig.3
Method used
Add a Comment