and describes a framework for measuring how bad side channel risks are (using custom software that tries to create a worst-case scenario by intentionally signaling to the outside world). They then turn out to be pretty bad, in the intentional case, but a big part of the researchers' contribution is that perhaps this is quantifiable, for each particular kind of side channel that one wants to examine.
This paper did not introduce any new kind of side channel, and extensively cites literature in which other people introduced (and often demonstrated) the side channel and emanations risks. These risks are often very bad, governments have studied them intensively since at least the 1960s, and it's a great thing that academic researchers are now helping make the public familiar with them. Hopefully that will lead to some techniques for mitigating them in practice other than living and working in a SCIF.
Indeed, for timing-channel attacks there are lots of important mitigations that software developers are now learning about (having to do with performing operations in constant-time). Maybe this research can point to ways of making some operations (approximately) constant-power, so power and RF-related information leakages will be attenuated.
You're right. Maybe I should just say that this research provides a possible way to measure how effective mitigations have been, if we believe that their metric is meaningful.
Most of these attacks can be mitigated through physical separation; the official standards specify allowable signal strengths at perimeter for spurious emanations. (Obviously attackers can use directional/high gain antennas, but there are RF limitations.) The stuff Cryptography Research does vs. Android phones to extract keys from tens of feet is pretty terrifying. http://www.cryptography.com/technology/dpa/dpa-qa.html
One interesting extension beyond the classical 1960s TEMPEST/Van Eck stuff is: If you can run malware on the target computer, you can obviously increase the effective gain through a variety of techniques.
What I'd be super interested in would be active RF attacks -- similar to the NSA toolkit with the passive external-RF-powered transmitter for implants, but ideally without modifications. Either causing specific errors or something else. Forcing resets might be enough. It'd be sort of a crossover between EMP and TEMPEST. Knowing, for instance, that the target security system controller is the only device connected to an 18.2m long wire within a facility might make it profitable to do a targeted attack on a certain frequency.
This type of attack is often mitigated by making the entire room a faraday cage. I know that many SCIF[1] facilities where top secret information is kept have more or less faraday cages as part of the walls to conform with the TEMPEST standards.
Yes, and there was once a Tempest-qualified DEC VT100 terminal. Fine wire mesh over the CRT face, an RF-tight metal case, and fiber optic I/O. It looked much like a regular VT100.
The US military tests their gear for this. Their test facility: (http://www.epg.army.mil/e3tf.aspx) has RF anechoic chambers big enough for a tank. They're interested in both "can it be eavesdropped upon" and "can it be interfered with".
Modern electronics is much RF-quieter than older stuff. This is because so much of it has radios inside. If your device generates much RF hash, the WiFi, Bluetooth, and cellular radios will all have much-reduced range. In the early days of personal computing, some devices were very noisy. A Radio Shack TRS-80 and a Milton Bradly Big Trak toy would both crash if operated near each other. We're way beyond that now.
The FCC's requirements on RF noise from electronics helped a lot. There was much grumbling at the time from hobbyists about RFI compliance requirements interfering with their freedom to tinker. The FCC was right, though. Today, almost no consumer electronics interferes with other consumer electronics. You can use a cell phone inside a data center and receive clear calls. Cell phones themselves have several radios, all going at once.
This is a remarkable achievement in RF compatibility. For a sense of how bad it once was, see the Marine Radio Society, (http://www.radiomarine.org/), which has restored an abandoned ship-to-shore radio station in Marin County, CA. All the receivers are in one building. The transmitters are in another building, several miles away, to keep them from interfering with the receivers.
http://en.wikipedia.org/wiki/Van_Eck_phreaking is the means of essentially viewing everything on someone's screen via the EM the monitor emits. It is said that Mossad has a van eck device the size of a normal suitcase that can view monitors from across a street. I actually believe it.
The same can be said for keyboards and mice as well, especially wireless ones. The solution is a faraday cage.
"...up to six meters away..." this is more about indirect access attacks, e.g., leader at a conference using a laptop or close proximity to a device during a facility tour, etc.
Where indirect access attacks include Mallory asking Alice if she can run her calibration program on the laptop or facility device before Eve strolls by.
A year or so ago there was a security researcher who claimed that he had machines which were being compromised through some sort of side-channel attack like this. It was reported on a couple times on Ars Technica I know, and there was debate in the security community whether he was on to something or whether he had simply snapped and was being paranoid. As I understood it he was a well-respected guy in the field. What ever happened to him? After reading a couple reports, and that he was going to be sending hard drives to some colleagues to get a second opinion, I never saw any followup. Anybody know?
You have to have a program running on the computer under attack for this to work, because it has to execute specific instruction patterns. It can only send blind; it can't receive. The main situation in which this would be useful is when attack software has been placed on a laptop, then used by then target.
RF attacks on serial connections (which includes not just serial ports but USB and Ethernet) are much easier. All the bits you want are right there. Historically, Teletypes generated RF which was easy to monitor, and the Friden Flexowriter could be monitored from half a mile away.
This sure seems like a problem for servers that are hosted in a Colocation facility where all of the hardware belongs to datacenter customers. You could easily outfit your server with equipment to pick up signals from nearby servers. Makes me wonder if any spy agencies have used this technique.
This explains how malware might get information out of an air-gapped computer, but how do you infect the machine in the first place? That would seem to be the harder problem.
Self-synchronous logic does not have this kind of RF patterns. Or, at least, has it in a much more smoother way.
Self-synchronous logic does not have global clock and operations have different timings.
As an example, in a synchronous logic one has to use carry-ahead variant of adder to get worst case time to O(logN). In a self-synchronous logic regular ripple-carry adder will suffice and produce result in O(logN) time in average case (yes, O(N) in worst case, which will met with probability p=1/2^N). Even more, adding small integers of K bits will result in O(logK) operations.
This means that each operation will have different completion time in self-synchronous logic. This is due to variance in inputs and/or temperature variance.
This, in turn, means that radio emission from operation completion in self-synchronous CPU will be much more smooth than for regular CPU.
I prefer this one: "RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis"
"The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away."
EDIT: Should have just linked to the paper instead. It looks like their primary contribution was an ability to measure the susceptibility of a device to these kinds of attacks.
There are all kinds of exposed wires on a computer system that extend beyond the case. Even shielded, you could still get RF/EM off of something. To protect a system from this kind of an attack vector requires deliberate design choices and testing. You're not going to get it "by accident"
http://users.ece.gatech.edu/~az30/Downloads/Micro14.pdf
and describes a framework for measuring how bad side channel risks are (using custom software that tries to create a worst-case scenario by intentionally signaling to the outside world). They then turn out to be pretty bad, in the intentional case, but a big part of the researchers' contribution is that perhaps this is quantifiable, for each particular kind of side channel that one wants to examine.
This paper did not introduce any new kind of side channel, and extensively cites literature in which other people introduced (and often demonstrated) the side channel and emanations risks. These risks are often very bad, governments have studied them intensively since at least the 1960s, and it's a great thing that academic researchers are now helping make the public familiar with them. Hopefully that will lead to some techniques for mitigating them in practice other than living and working in a SCIF.
Indeed, for timing-channel attacks there are lots of important mitigations that software developers are now learning about (having to do with performing operations in constant-time). Maybe this research can point to ways of making some operations (approximately) constant-power, so power and RF-related information leakages will be attenuated.