Poster: Is active electromagnetic side-channel attack practical?

Satohiro Wakabayashi; Seita Maruyama; Tatsuya Mori; Shigeki Goto; Masahiro Kinugawa; Yu Ichi Hayashi

doi:10.1145/3133956.3138830

Poster: Is active electromagnetic side-channel attack practical?

Satohiro Wakabayashi, Seita Maruyama, Tatsuya Mori, Shigeki Goto, Masahiro Kinugawa, Yu Ichi Hayashi

School of Fundamental Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations (Scopus)

Abstract

Radio-frequency (RF) retroreflector attack (RFRA) is an active electromagnetic side-channel attack that aims to leak the target's internal signals by irradiating the targeted device with a radio wave, where an attacker has embedded a malicious circuit (RF retroreflector) in the device in advance. As the retroreflector consists of small and cheap electrical elements such as a field-effect transistor (FET) chip and a wire that can work as a dipole antenna, the reflector can be embedded into various kinds of electric devices that carry unencrypted, sensitive information; e.g., keyboard, display monitor, microphone, speaker, USB, and so on. Only a few studies have addressed the basic mechanism of RFRA and demonstrated the success of the attack. The conditions for a successful attack have not been adequately explored before, and therefore, assessing the feasibility of the attack remains an open issue. In the present study, we aim to investigate empirically the conditions for a successful RFRA through field experiments. Understanding attack limitations should help to develop effective countermeasures against it. In particular, with regard to the conditions for a successful attack, we studied the distance between the attacker and the target, and the target signal frequencies. Through the extensive experiments using off-the-shelf hardware including software-defined radio (SDR) equipment, we revealed that the required conditions for a successful attack are (1) up to a 10-Mbps of target signal and (2) up to a distance of 10 meters. These results demonstrate the importance of the RFRA threat in the real world.

Original language	English
Title of host publication	CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	2587-2589
Number of pages	3
ISBN (Electronic)	9781450349468
DOIs	https://doi.org/10.1145/3133956.3138830
Publication status	Published - 2017 Oct 30
Event	24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 - Dallas, United States Duration: 2017 Oct 30 → 2017 Nov 3

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
Country/Territory	United States
City	Dallas
Period	17/10/30 → 17/11/3

Keywords

Active electromagnetic side-channel attack
Hardware security
RF retroreflector attack

ASJC Scopus subject areas

Software
Computer Networks and Communications

Access to Document

10.1145/3133956.3138830

Cite this

Wakabayashi, S., Maruyama, S., Mori, T., Goto, S., Kinugawa, M., & Hayashi, Y. I. (2017). Poster: Is active electromagnetic side-channel attack practical? In CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 2587-2589). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3133956.3138830

Poster: Is active electromagnetic side-channel attack practical? / Wakabayashi, Satohiro; Maruyama, Seita; Mori, Tatsuya et al.
CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2017. p. 2587-2589 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Wakabayashi, S, Maruyama, S, Mori, T, Goto, S, Kinugawa, M & Hayashi, YI 2017, Poster: Is active electromagnetic side-channel attack practical? in CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 2587-2589, 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, United States, 17/10/30. https://doi.org/10.1145/3133956.3138830

Wakabayashi S, Maruyama S, Mori T, Goto S, Kinugawa M, Hayashi YI. Poster: Is active electromagnetic side-channel attack practical? In CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2017. p. 2587-2589. (Proceedings of the ACM Conference on Computer and Communications Security). doi: 10.1145/3133956.3138830

@inproceedings{f57375efac964cdaa751db56638bce85,

title = "Poster: Is active electromagnetic side-channel attack practical?",

abstract = "Radio-frequency (RF) retroreflector attack (RFRA) is an active electromagnetic side-channel attack that aims to leak the target's internal signals by irradiating the targeted device with a radio wave, where an attacker has embedded a malicious circuit (RF retroreflector) in the device in advance. As the retroreflector consists of small and cheap electrical elements such as a field-effect transistor (FET) chip and a wire that can work as a dipole antenna, the reflector can be embedded into various kinds of electric devices that carry unencrypted, sensitive information; e.g., keyboard, display monitor, microphone, speaker, USB, and so on. Only a few studies have addressed the basic mechanism of RFRA and demonstrated the success of the attack. The conditions for a successful attack have not been adequately explored before, and therefore, assessing the feasibility of the attack remains an open issue. In the present study, we aim to investigate empirically the conditions for a successful RFRA through field experiments. Understanding attack limitations should help to develop effective countermeasures against it. In particular, with regard to the conditions for a successful attack, we studied the distance between the attacker and the target, and the target signal frequencies. Through the extensive experiments using off-the-shelf hardware including software-defined radio (SDR) equipment, we revealed that the required conditions for a successful attack are (1) up to a 10-Mbps of target signal and (2) up to a distance of 10 meters. These results demonstrate the importance of the RFRA threat in the real world.",

keywords = "Active electromagnetic side-channel attack, Hardware security, RF retroreflector attack",

author = "Satohiro Wakabayashi and Seita Maruyama and Tatsuya Mori and Shigeki Goto and Masahiro Kinugawa and Hayashi, {Yu Ichi}",

note = "Publisher Copyright: {\textcopyright} 2017 author(s).; 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 ; Conference date: 30-10-2017 Through 03-11-2017",

year = "2017",

month = oct,

day = "30",

doi = "10.1145/3133956.3138830",

language = "English",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "2587--2589",

booktitle = "CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security",

}

TY - GEN

T1 - Poster

T2 - 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017

AU - Wakabayashi, Satohiro

AU - Maruyama, Seita

AU - Mori, Tatsuya

AU - Goto, Shigeki

AU - Kinugawa, Masahiro

AU - Hayashi, Yu Ichi

PY - 2017/10/30

Y1 - 2017/10/30

N2 - Radio-frequency (RF) retroreflector attack (RFRA) is an active electromagnetic side-channel attack that aims to leak the target's internal signals by irradiating the targeted device with a radio wave, where an attacker has embedded a malicious circuit (RF retroreflector) in the device in advance. As the retroreflector consists of small and cheap electrical elements such as a field-effect transistor (FET) chip and a wire that can work as a dipole antenna, the reflector can be embedded into various kinds of electric devices that carry unencrypted, sensitive information; e.g., keyboard, display monitor, microphone, speaker, USB, and so on. Only a few studies have addressed the basic mechanism of RFRA and demonstrated the success of the attack. The conditions for a successful attack have not been adequately explored before, and therefore, assessing the feasibility of the attack remains an open issue. In the present study, we aim to investigate empirically the conditions for a successful RFRA through field experiments. Understanding attack limitations should help to develop effective countermeasures against it. In particular, with regard to the conditions for a successful attack, we studied the distance between the attacker and the target, and the target signal frequencies. Through the extensive experiments using off-the-shelf hardware including software-defined radio (SDR) equipment, we revealed that the required conditions for a successful attack are (1) up to a 10-Mbps of target signal and (2) up to a distance of 10 meters. These results demonstrate the importance of the RFRA threat in the real world.

AB - Radio-frequency (RF) retroreflector attack (RFRA) is an active electromagnetic side-channel attack that aims to leak the target's internal signals by irradiating the targeted device with a radio wave, where an attacker has embedded a malicious circuit (RF retroreflector) in the device in advance. As the retroreflector consists of small and cheap electrical elements such as a field-effect transistor (FET) chip and a wire that can work as a dipole antenna, the reflector can be embedded into various kinds of electric devices that carry unencrypted, sensitive information; e.g., keyboard, display monitor, microphone, speaker, USB, and so on. Only a few studies have addressed the basic mechanism of RFRA and demonstrated the success of the attack. The conditions for a successful attack have not been adequately explored before, and therefore, assessing the feasibility of the attack remains an open issue. In the present study, we aim to investigate empirically the conditions for a successful RFRA through field experiments. Understanding attack limitations should help to develop effective countermeasures against it. In particular, with regard to the conditions for a successful attack, we studied the distance between the attacker and the target, and the target signal frequencies. Through the extensive experiments using off-the-shelf hardware including software-defined radio (SDR) equipment, we revealed that the required conditions for a successful attack are (1) up to a 10-Mbps of target signal and (2) up to a distance of 10 meters. These results demonstrate the importance of the RFRA threat in the real world.

KW - Active electromagnetic side-channel attack

KW - Hardware security

KW - RF retroreflector attack

UR - http://www.scopus.com/inward/record.url?scp=85041432250&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85041432250&partnerID=8YFLogxK

U2 - 10.1145/3133956.3138830

DO - 10.1145/3133956.3138830

M3 - Conference contribution

AN - SCOPUS:85041432250

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 2587

EP - 2589

BT - CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

Y2 - 30 October 2017 through 3 November 2017

ER -

Poster: Is active electromagnetic side-channel attack practical?

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this