Schneier on Security

Clive Robinson • June 8, 2016 5:18 AM

@ Vesselin Bontchev • June 8, 2016 2:23 AM

How exactly is this new attack different from… just about the same thing written by pretty much the same authors two and a half years ago?

It’s not, and I made comment on this on the Squid Page it came up on a few days ago.

To be kind, let’s just say they are a little bit like non-theoretical physicists, coming up with experiments to demonstrate what is already well known but considered theoretical.

The use of magneto constriction to both radiate and receive signals is actually very well known. Research into practical applications with it started in ernest during WWI (yes a hundred years ago). Not only to try and find German U-Boats with what we now call sonar, but also to detect underground “mining” under the trenches, where tunnels were dug as quietly as possible under enemy trenches. This was for either “listening in” for intel or to make culverts which would be filled with large quantities of high explosives which is where the term “land-mine” originated from.

Clive Robinson • June 8, 2016 10:14 AM

@ Bob Paddock,

Frequently such ‘whine’ has nothing to do with coils at all.

It tends to be frequency and physical size dependent but yes capacitors even without ceramic or other energy storage element do vibrate in sympathy with the change in charge storage.

In older style LF switchmode PSU’s it tended to be the inductors, now in more modern series resonant PSU’s at HF frequencies it’s the capacitors, which also has the side effect of a greater “carrier” bandwidth.

@ All,

For those wondering why, components should whine ultimately at the lowest level it’s down to inefficient energy storage and transportation. That is you don’t get 100% of the power out that you put in and the difference has to go somewhere, ultimately it becomes heat.

But inbetween it can go through many transformations. Not least of these transformations is into mechanical energy which is it’s self an ineficient energy storage mechanism. A side effect of this is it stresses the mechanical component which causes it to move or vibrate. This in turn transports energy out in the form of sonic waves that are the problem in this particular case.

The closer the acoustic transformation is to the changing energy input, the wider it’s effective signal bandwidth is thus the greater it’s information carrying capacity (this reduction in information is due to the energy becoming less coherent with each transformation in line with the laws of thermodynamics thus it’s entropy or uncertainty becomes greater).

A few years ago with LF switching PSUs etc, the basic energy storage bandwidth was insufficient to carry much detailed information, which kind of made the idea a bit of a curiosity. Similar in many respects to earlier times when computer clocks were in or below the Medium wave band, thus you could turn the computer into a low power transmiter by getting it to loop at different frequencies and thus crudely play a tune you could recieve on a radio. These days some power supplies work up above the Medium Wave band and change frequency in response to the load, thus you can do the same trick of playing tunes but this time with a Narow Band Frequency Modulated reciever in the VHF and UHF bands.

But there is also a “manufacturing cost” implication to the much higher switchin frequencies, in that the required “smoothing” effect can be obtained with very small values of capacitance and inductance, with the consequence that the information carrying bandwidth is many many times higher. Even though it is not enough for individual CPU operations to be identified directly, certain patterns of instructions can be identified directly, and by an averaging process changes such as branching can be located and identified sufficiently to determin the results of mathmatical and some logical operations. Which if sufficient samples are available will leak key bit information…

As Bruce had noted in the past, attacks do not get worse with time, which is possibly why just over a decade and a half after Differential Power Analysis hit the news with smart cards this is now hitting the news with laptops and pads etc (which due to size and weight considerations tend to use the higest PSU frequencies they can, with the absolute minimum –or less– of filtering and shielding etc).

Clive Robinson • June 8, 2016 12:16 PM

@ Albert,

For experts: Aside from power supplies, what are the functions of large-valued inductors and electrolytic capacitors on motherboards?

One such is “roofing filters” for sampaling systems with analog inputs. Another is to keep signals from one part out of another part, ie harsh digital noise getting into analog circuits like audio and RF.

In older more conservatively designed systems, they would be used for EMC reasons on inputs and outputs which include serial lines, video lines, power supply lines etc.

In more modern desktop PCs you will also find inductors being used for both power supply noise reduction and fuses on USB power lines. The same is true for pad systems, where suddenly the battery stops charging as the inductor has fried O/C.

Clive Robinson • June 12, 2016 1:24 AM

@ Leon Wolfeson,

It would seem possible, for far less, to have a small device which produced semi-random coil whine which render the monitoring useless.

This attack is just one of many arising from the same problem brought to fame in the Smart Card security via the Differential Power Analysis paper of 1999 (the author of which has tried to corner thus stymied research via patents). As I’ve noted before, the reality is that Van Eek Freaking and even the old “British GPO Television Detector Vans” from years ago got there long before the patents arising from DPA. All of them work by the same fundemental basic principle “doing work is not efficient” and the waste energy carries information impressed / modulated upon it.

For those working on smart card security back the 1990’s it was a major issue, and one of the methods tried was what you might call randomizers. For various reasons they all kind of failed. You could say because they “only added energy”, not limited the information bandwidth or reduced the level of the many and varied signals that have the information impressed upon them.

Eventually the smart card industry realised they had to redesign the process creating the information leak such that whilst it still created waste energy that energy did not have usable information as readily impressed upon it.

If you think about things a little the waste energy from a PC style computer is inherently very very broadband ranging from just a few KHz of the audio band well into the low GHz of the microwave bands. And it’s quite high power certainly in the tens of Watts range well above that of mobile phones two way radios etc. Creating a “jammer” –which is what the randomizer is– to cover all of that bandwidth effectively is at best problematic. Becasuse as long as the attacker can get just one signal of enough strength to synchronize with the CPU activities they can over a period of time average out the randomizer jamming signal. You can look up something called “processing gain” from Spread Spectrum / CDMA techniques along with “jamming margin” to get a feel for why a randomizer will not be an effective solution.

In the US they actualy regarded what are generaly called TEMPEST techniques as being so important, they used regulatory processes to limit the availability of materials you would use to make equipment radiate less waste energy. Which fell right into the law of unintended consequences of equipment interfering with other equipment. Which in Europe gave rise to the EMC legislation and the tricks that have arisen from it’s emissions masks to “mask” not remove “harmfull emissions”. The masking techniques used arise from a process called “whitening” from the telecommunications industry, and are in fact “spread spectrum” techniques, whereby the energy from signal spurs, instead of being on one frequency are spread acoss many thereby reducing the energy per Hz. Unfortunatly if you know the spreading code and can sync to it you can reverse the spreading process. It’s something I’ve mentioned on this blog before, and it has other consequences such as spreading any jamming signal energy out of the receiver.

Whilst TEMPEST and EmSec are still supposadly “clasified” in the US and some other places, they are not in others thus the likes of the NSA are fighting a rearguard action against the information becoming common place.

The thing that suprises me is back in the 1980’s I independently discovered many EmSec techniques some of which I’ve mentioned on this blog in the past. I know from other engineers that they have done similar going back into the late 60’s, so there is nothing special about TEMPEST / EmSec techniques. It’s just for some reason that it’s only now some half century later that academia is turning it’s gaze in that direction. And aside from saying to them “Welcome to the party” I guess I’d also say, “There’s a lot to learn” in the way of specific attacks. But it’s realy just a new sub group of applied physics, most of the theoretical ground work was done and dusted a hundred years or more ago.