Poster

Is active electromagnetic side-channel attack practical?

Satohiro Wakabayashi, Seita Maruyama, Tatsuya Mori, Shigeki Goto, Masahiro Kinugawa, Yu Ichi Hayashi

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    2 Citations (Scopus)

    Abstract

    Radio-frequency (RF) retroreflector attack (RFRA) is an active electromagnetic side-channel attack that aims to leak the target's internal signals by irradiating the targeted device with a radio wave, where an attacker has embedded a malicious circuit (RF retroreflector) in the device in advance. As the retroreflector consists of small and cheap electrical elements such as a field-effect transistor (FET) chip and a wire that can work as a dipole antenna, the reflector can be embedded into various kinds of electric devices that carry unencrypted, sensitive information; e.g., keyboard, display monitor, microphone, speaker, USB, and so on. Only a few studies have addressed the basic mechanism of RFRA and demonstrated the success of the attack. The conditions for a successful attack have not been adequately explored before, and therefore, assessing the feasibility of the attack remains an open issue. In the present study, we aim to investigate empirically the conditions for a successful RFRA through field experiments. Understanding attack limitations should help to develop effective countermeasures against it. In particular, with regard to the conditions for a successful attack, we studied the distance between the attacker and the target, and the target signal frequencies. Through the extensive experiments using off-the-shelf hardware including software-defined radio (SDR) equipment, we revealed that the required conditions for a successful attack are (1) up to a 10-Mbps of target signal and (2) up to a distance of 10 meters. These results demonstrate the importance of the RFRA threat in the real world.

    Original languageEnglish
    Title of host publicationCCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
    PublisherAssociation for Computing Machinery
    Pages2587-2589
    Number of pages3
    VolumePart F131467
    ISBN (Electronic)9781450349468
    DOIs
    Publication statusPublished - 2017 Oct 30
    Event24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 - Dallas, United States
    Duration: 2017 Oct 302017 Nov 3

    Other

    Other24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
    CountryUnited States
    CityDallas
    Period17/10/3017/11/3

    Fingerprint

    Radio equipment
    Dipole antennas
    Radio waves
    Microphones
    Field effect transistors
    Experiments
    Display devices
    Wire
    Hardware
    Networks (circuits)
    Side channel attack

    Keywords

    • Active electromagnetic side-channel attack
    • Hardware security
    • RF retroreflector attack

    ASJC Scopus subject areas

    • Software
    • Computer Networks and Communications

    Cite this

    Wakabayashi, S., Maruyama, S., Mori, T., Goto, S., Kinugawa, M., & Hayashi, Y. I. (2017). Poster: Is active electromagnetic side-channel attack practical? In CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (Vol. Part F131467, pp. 2587-2589). Association for Computing Machinery. https://doi.org/10.1145/3133956.3138830

    Poster : Is active electromagnetic side-channel attack practical? / Wakabayashi, Satohiro; Maruyama, Seita; Mori, Tatsuya; Goto, Shigeki; Kinugawa, Masahiro; Hayashi, Yu Ichi.

    CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Vol. Part F131467 Association for Computing Machinery, 2017. p. 2587-2589.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Wakabayashi, S, Maruyama, S, Mori, T, Goto, S, Kinugawa, M & Hayashi, YI 2017, Poster: Is active electromagnetic side-channel attack practical? in CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. vol. Part F131467, Association for Computing Machinery, pp. 2587-2589, 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, United States, 17/10/30. https://doi.org/10.1145/3133956.3138830
    Wakabayashi S, Maruyama S, Mori T, Goto S, Kinugawa M, Hayashi YI. Poster: Is active electromagnetic side-channel attack practical? In CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Vol. Part F131467. Association for Computing Machinery. 2017. p. 2587-2589 https://doi.org/10.1145/3133956.3138830
    Wakabayashi, Satohiro ; Maruyama, Seita ; Mori, Tatsuya ; Goto, Shigeki ; Kinugawa, Masahiro ; Hayashi, Yu Ichi. / Poster : Is active electromagnetic side-channel attack practical?. CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Vol. Part F131467 Association for Computing Machinery, 2017. pp. 2587-2589
    @inproceedings{f57375efac964cdaa751db56638bce85,
    title = "Poster: Is active electromagnetic side-channel attack practical?",
    abstract = "Radio-frequency (RF) retroreflector attack (RFRA) is an active electromagnetic side-channel attack that aims to leak the target's internal signals by irradiating the targeted device with a radio wave, where an attacker has embedded a malicious circuit (RF retroreflector) in the device in advance. As the retroreflector consists of small and cheap electrical elements such as a field-effect transistor (FET) chip and a wire that can work as a dipole antenna, the reflector can be embedded into various kinds of electric devices that carry unencrypted, sensitive information; e.g., keyboard, display monitor, microphone, speaker, USB, and so on. Only a few studies have addressed the basic mechanism of RFRA and demonstrated the success of the attack. The conditions for a successful attack have not been adequately explored before, and therefore, assessing the feasibility of the attack remains an open issue. In the present study, we aim to investigate empirically the conditions for a successful RFRA through field experiments. Understanding attack limitations should help to develop effective countermeasures against it. In particular, with regard to the conditions for a successful attack, we studied the distance between the attacker and the target, and the target signal frequencies. Through the extensive experiments using off-the-shelf hardware including software-defined radio (SDR) equipment, we revealed that the required conditions for a successful attack are (1) up to a 10-Mbps of target signal and (2) up to a distance of 10 meters. These results demonstrate the importance of the RFRA threat in the real world.",
    keywords = "Active electromagnetic side-channel attack, Hardware security, RF retroreflector attack",
    author = "Satohiro Wakabayashi and Seita Maruyama and Tatsuya Mori and Shigeki Goto and Masahiro Kinugawa and Hayashi, {Yu Ichi}",
    year = "2017",
    month = "10",
    day = "30",
    doi = "10.1145/3133956.3138830",
    language = "English",
    volume = "Part F131467",
    pages = "2587--2589",
    booktitle = "CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security",
    publisher = "Association for Computing Machinery",

    }

    TY - GEN

    T1 - Poster

    T2 - Is active electromagnetic side-channel attack practical?

    AU - Wakabayashi, Satohiro

    AU - Maruyama, Seita

    AU - Mori, Tatsuya

    AU - Goto, Shigeki

    AU - Kinugawa, Masahiro

    AU - Hayashi, Yu Ichi

    PY - 2017/10/30

    Y1 - 2017/10/30

    N2 - Radio-frequency (RF) retroreflector attack (RFRA) is an active electromagnetic side-channel attack that aims to leak the target's internal signals by irradiating the targeted device with a radio wave, where an attacker has embedded a malicious circuit (RF retroreflector) in the device in advance. As the retroreflector consists of small and cheap electrical elements such as a field-effect transistor (FET) chip and a wire that can work as a dipole antenna, the reflector can be embedded into various kinds of electric devices that carry unencrypted, sensitive information; e.g., keyboard, display monitor, microphone, speaker, USB, and so on. Only a few studies have addressed the basic mechanism of RFRA and demonstrated the success of the attack. The conditions for a successful attack have not been adequately explored before, and therefore, assessing the feasibility of the attack remains an open issue. In the present study, we aim to investigate empirically the conditions for a successful RFRA through field experiments. Understanding attack limitations should help to develop effective countermeasures against it. In particular, with regard to the conditions for a successful attack, we studied the distance between the attacker and the target, and the target signal frequencies. Through the extensive experiments using off-the-shelf hardware including software-defined radio (SDR) equipment, we revealed that the required conditions for a successful attack are (1) up to a 10-Mbps of target signal and (2) up to a distance of 10 meters. These results demonstrate the importance of the RFRA threat in the real world.

    AB - Radio-frequency (RF) retroreflector attack (RFRA) is an active electromagnetic side-channel attack that aims to leak the target's internal signals by irradiating the targeted device with a radio wave, where an attacker has embedded a malicious circuit (RF retroreflector) in the device in advance. As the retroreflector consists of small and cheap electrical elements such as a field-effect transistor (FET) chip and a wire that can work as a dipole antenna, the reflector can be embedded into various kinds of electric devices that carry unencrypted, sensitive information; e.g., keyboard, display monitor, microphone, speaker, USB, and so on. Only a few studies have addressed the basic mechanism of RFRA and demonstrated the success of the attack. The conditions for a successful attack have not been adequately explored before, and therefore, assessing the feasibility of the attack remains an open issue. In the present study, we aim to investigate empirically the conditions for a successful RFRA through field experiments. Understanding attack limitations should help to develop effective countermeasures against it. In particular, with regard to the conditions for a successful attack, we studied the distance between the attacker and the target, and the target signal frequencies. Through the extensive experiments using off-the-shelf hardware including software-defined radio (SDR) equipment, we revealed that the required conditions for a successful attack are (1) up to a 10-Mbps of target signal and (2) up to a distance of 10 meters. These results demonstrate the importance of the RFRA threat in the real world.

    KW - Active electromagnetic side-channel attack

    KW - Hardware security

    KW - RF retroreflector attack

    UR - http://www.scopus.com/inward/record.url?scp=85041432250&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85041432250&partnerID=8YFLogxK

    U2 - 10.1145/3133956.3138830

    DO - 10.1145/3133956.3138830

    M3 - Conference contribution

    VL - Part F131467

    SP - 2587

    EP - 2589

    BT - CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

    PB - Association for Computing Machinery

    ER -