Oldalsávi információszivárgás mint valós fenyegetettség

Fazekas Gábor

doi:10.32567/hm.2024.2.8

Side-Channel Attack is a Real Threat

Fazekas Gábor
https://orcid.org/0009-0003-8904-6231

doi: 10.32567/hm.2024.2.8

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Abstract

One of the key tasks of the defense industry of our time is information security, of which human and machine dependencies are extremely diverse. The IT systems of companies or government agencies require continuous supervision, development and audits, which also extend to the human resource. One of the reasons for this is that the market demand for mobile and other entertainment electronic devices subvert the industrial balance of power years before the emergence of the coronavirus, starting from the production of electronic components, through telecommunication protocols and artificial intelligence to development methodologies. This led to a continuous transformation of the industry, which entailed the shortening of the development time of electronic devices. As a result, high-quality hardware, software and methodological tools became widely available to the civilian population, which raised a phenomenon that had been treated as a myth to a real vulnerability. In my work, I present a segment of emission security, the leakage of passive electromagnetic information, and the growing trend and causes of the threat. The purpose of this publication is to illustrate through my own R&D, that with the help of COTS (Commercial Off the Shelf) devices, software and modern model-based development practices that are accessible and affordable to the civilian population, the observation techniques used exclusively by professional services in the 1950s, has now become a real threat.

Keywords:

EMSEC information security MBD SDR TEMPEST

How to Cite

Fazekas, G. (2024). Side-Channel Attack is a Real Threat. Military Engineer, 19(2), 97–106. https://doi.org/10.32567/hm.2024.2.8

References

ECK, Wim Van (1985): Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk. Computers & Security, 4(4), 269–286. Online: https://doi.org/10.1016/0167-4048(85)90046-X

KINUGAWA, Masahiro – FUJIMOTO, Daisuke – HAYASHI, Yuichi (2019): Electromagnetic Information Extortion from Electronic Devices Using Interceptor and Its Countermeasure. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(4), 62–90. Online: https://doi.org/10.46586/tches.v2019.i4.62-90

KITAZAWA, Taiki et al. (2022): TEMPEST Attack Against High-Resolution Displays Using Differences in the Transfer Function of EM Waves. 2022 3rd URSI Atlantic and Asia Pacific Radio Science Meeting (AT-AP-RASC), Gran Canaria, Spain, 1–4. Online: https://doi.org/10.23919/AT-AP-RASC54737.2022.9814293

KUHN, Markus G. (2003): Compromising Emanations: Eavesdropping Risks of Computer Displays. Technical Report 577. Cambridge: University of Cambridge. Online: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdf

KUHN, Markus G. (2005): Electromagnetic Eavesdropping Risks of Flat-Panel Displays. Lecture Notes in Computer Science, 3424, 88–107. Online: https://doi.org/10.1007/11423409_7

KUHN, Markus G. – ANDERSON, Ross J. (1998): Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations. In Aucsmith, David (szerk.): Information Hiding. Lecture Notes in Computer Science, 1525. Springer, 124–142. Online: https://doi.org/10.1007/3-540-49380-8_10

KURIS Zoltán (2010): A komplex információvédelem új irányai a nemzeti minősített adatok védelmével összefüggésben. Hadmérnök, 5(4), 182–200. Online: https://real.mtak.hu/40796/

MARINOV, Martin (2014): Remote Video Eavesdropping Using a Software-Defined Radio Platform. Cambridge: University of Cambridge.

National Security Agency (NSA) titkosítás alól feloldott Tempest: A signal problem című anyaga (1972). Online: https://www.nsa.gov/portals/75/documents/news-features/declassified-documents/cryptologic-spectrum/tempest.pdf

Nemzeti Biztonsági Felügyelet (NBF): TEMPEST. Online: https://www.nbf.hu/hasznos-informaciok/tempest/

PENNESI S. – SEBASTIANI S. (2005): Information Security and Emissions Control. 2005 International Symposium on Electromagnetic Compatibility, Chicago, IL, USA, 777–781. Vol. 3. Online: https://doi.org/10.1109/ISEMC.2005.1513629

SHOPINA, Iryna et al. (2020): Cybersecurity: Legal and Organizational Support in Leading Countries, NATO and EU Standards. Journal of Security and Sustainability, 9, 977–992. Online: https://doi.org/10.9770/jssi.2020.9.3(22)