Payment transactions, business secrets, documents that are important to national security today, the most important secrets in the world are usually no longer kept on paper, but rather as ones and zeros in the visible realm. When we suspect that these secrets are in danger, we often think of a threat from afar – hackers who try to capture confidential data about cyber attacks. But there is another threat, the most direct way to get into other people’s programs, namely by disrupting the hardware.
Important information in the end is nothing other than electric waves that run between different computer components in conductive ways. A small metal object, located in the right place on the hardware, is not enough to fit into this data stream. Fraudsters use this simple method, for example, to tap credit card data from card readers said Paul Staat and Johannes Tobisch. Both are doing their PhD studies at Ruhr-Universität Bochum (RUB) and are doing research at the Max Planck Institute for Security and Privacy. As members of Christof Paar’s group, they are developing ways to protect themselves from hardware abuse. They collaborated with Christian Zenger of RUB spin-off company PHYSEC, who laid the foundation for this technology during his time as a RUB researcher.
Radio frequency fingerprints
Ways designed to protect your computer from intrusion are available, of course. “Typically, it is a type of thin-walled foil where part of the hardware is wrapped,” explains Paul Staat, PhD student at Ruhr-Universität Bochum (RUB) and Max Planck Institute for Security and Privacy. “If the foil is damaged, the alarm is turned off.” However, this method can only be used to protect small parts, not the whole system: it is impossible to wrap the whole computer case in foil, but only the main individual element as a memory element or processor, for example. But Paul Staat and Johannes Tobisch, also a PhD student at Ruhr-Universität Bochum (RUB) and the Max Planck Institute for Security and Privacy, Christian Zenger from RUB spin-off company Physec and ChristofPaar, director of the Max Planck Institute for Security and Privacy develop technologies that can monitor all systems for misuse – and which are less expensive.
For this purpose, researchers are using radio waves. They install two antennas in the system they want to monitor: transmitter and receiver. The transmitter sends a special radio signal that spreads throughout the system and is reflected on the walls and parts of the computer. All of these displays cause the signal to reach the receiver which is a feature of the system as a fingerprint.
Technology is responding to small changes
Minor changes in the system are sufficient to have a significant effect on fingerprints, as the two researchers’ observations show: they have built their radio technology into the old computer space. The measured radio signal is displayed on a portable computer as a curve that reflects the signal strength at different frequencies in real time. Then, Staat and Tobisch unwrapped one of the screws outside the house slightly. The frequency curve responds to an unpredictable visual deviation.
“A unique feature of our approach is that we do research while using a computer,” notes Tobisch. This causes all kinds of interference. “Fans are like little hedges and the processor is like a heater,” explains Staat. These fluctuations affect the radio signal. Researchers should measure such distractions and exclude them to determine whether signal fluctuations are legal or the result of deception. IT professionals from Bochum can reliably find a 0.3-millimeter needle penetration through their system from a depth of one centimeter. The system still sees only 0.1 mm in diameter – almost the same size as wool – but not everywhere. “The closer the needle gets to the receiving stick, the easier it is to see,” explains Staat. If the needle is thin and farther away, it is more likely to be invisible. The same applies to penetration depth: the deeper the needle in the system, the easier it is to detect. “Therefore, in practical terms, it makes sense to think carefully about where to place the horns,” as Tobisch summarizes the findings. “They should be as close as possible to areas that require special protection.”
Johannes Tobisch and Paul Staat allowed their experiments to continue for ten days, thus showing that the measurement system remained stable for a long time. Later, they even extended the measurement period to a whole month. In addition to the expensive sophisticated measurement technology for recording fingerprints, they also compare radio signal to a simplified technology that sells for a few euros. They found that this technology had done the job, too, despite the relatively low beat rate. “It’s always a compromise between costs and accuracy,” said Paul Staat.
Depending on the intended use, the impact of ambient conditions will also need to be considered. After all, if the temperature in the room changes, these changes can even affect the fingers of the radio. “We hope to address such issues in the future with the help of machine learning,” expected Johannes Tobisch. The idea is that artificial intelligence can automatically learn what changes in the radio signal are caused by irrelevant changes in the environment and caused by deception.“In fact, nothing stands in the way of the widespread use of this technology suitable for both high-security and daily applications. An IT company is already using technology to prevent unauthorized exploitation of key components of infrastructure. “There are a number of other technology programs that need protection not only from remote attacks but also from hardware exploitation,” he adds. Examples include automotive control units, electric meters, medical equipment, satellites and service robots. “
Source Journal Reference: Paul Staat, Johannes Tobisch, Christian Zenger and Christof Paar, Anti-tamper radio: System-level tamper detection for computing systems, 43rd IEEE Symposium on Security and Privacy, San Francisco, USA, 2022, Conference Proceedings, https://www.mpg.de/18787930/hardware-attack-cyber-security?c=2249
READ ALSO : Digital Revolution Focus: Mobiles application developed by researchers explore behavioral issues
