TEMPEST is the name of a technology involving the monitoring and shielding of devices that emit electromagnetic radiation in a manner that can be used to reconstruct intelligible data.Electronic and electro-mechanical information processing equipment can produce unintentional intelligence bearing emanations. If intercepted and analyzed, these emanations may disclose information transmitted, received, handled, or otherwise processed by the equipment. This type of attacks are known as side channel attacks.
What Are Side Channel Attacks?
Side channel attacks make up some of the most interesting ways to compromise an electronic system. Methods of accessing your systems and devices that would have sounded laughable just a couple years ago are now used widely by marketers. Unfortunately, protecting against every known attack vector is impossible if you want to use your device in any normal fashion.
Side channel attacks utilize novel emissions from hardware generated by digital devices in their day to day usage. Many of them are hardware-dependent, though at this point the hardware that remains vulnerable includes things like all smartphones with a microphone, computers with LED indicators, and machines with a CPU made before 2018 by Intel, IBM, AMD, or ARM. Some of the methods used include:
- Audio-based attacks (e.g. ultrasonic beacons; acoustic cryptanalysis)
- Cache & Timing Attacks
- Power Analysis/Monitoring
- Electromagnetic Emission Monitoring
- Differential fault analysis
- Data remanence (e.g. cold boot attacks)
- Software-initiated fault attacks (e.g. RowHammer)
- Optical attacks
The History of Side Channel Attacks
In the 1950s, the CIA discovered they could recover plaintext of supposedly ‘secure’ military communications on the Model 131-B2 over ¼ mile away on power lines — a secure Army and Navy communication encryption machine using ‘unbreakable’ one-time tapes (one-time pads are still considered the only ‘unbreakable’ form of cryptography). This was after the machine had already been modified in the 1940s — the original version showed up to 75% of keys pressed to be decipherable on an oscilloscope nearby in a lab — leaks were caused by radio frequency emissions from the electrical contacts in the relays, induction signals on the communications network up to one mile away, and electromagnetic leakage from the coils in the relays to a distance of about 30 feet.
Around the same time, Russian intelligence services began to issue instructions to their personnel to guide them through minimizing their side channel attack exposure.
In 1964, U.S. counter-intelligence found 64 microphones and a large metal grid in the ceiling of their embassy in Moscow. All of this led to the development of TEMPEST and combined with the Russian intelligence agency’s publication of how to prevent electromagnetic side channel attacks the beginning of research into these attack methods and their prevention. The countermeasures first developed by intelligence agencies from the end of WWII through the cold war still form the basis of side channel attack mitigation — low power, shielding, and a secure environment.
In the following four posts, we will discuss the types of side channel attacks.
Edited by Mario Vulcano