Screaming Channels: When TEMPEST Meets Side Channels and Wireless Security
Event submitted on Wednesday, March 31st 2021, approved by Charles Villanueva ✓
This event has been tagged as follows:
- Cyber Physical
- Government Level
- Government UK
- Government USA
- Hacker Conference
- Machine Learning
- SCADA/ ICS
[edit this info]
Whilst we here at Concise AC (the folks behind this directory, infosec-conferences.com) are no experts at this subject-matter, we read into it and it is really fascinating stuff. TEMPEST “hacking” is a technique that helps an intruder (“hacker”) spy on electronic devices remotely by using equipment that detects side-band electromagnetic transmissions. It’s pretty technical stuff but we’ve listed a bunch of InfoSec events by Riscure in the past and they all come highly recommended. If you work with any aspect of Cryptography then you’ll likely get a lot of value from the event.
Conference Event Summary
The following description was either submitted by the Conference Organizer on Wednesday, March 31st 2021, or created by us.
TEMPEST attacks are a well-known threat that consists of spying on an electronic device through its unintended physical emissions. Physical emissions are also used by side-channel attacks to break cryptographic implementations.
However, while TEMPEST attacks have been demonstrated at large distances (e.g., several meters), side-channel attacks generally work only in the proximity of the target (e.g., mm to 1m) as they rely on very weak signals. In this talk, we will see that mounting side-channel attacks at a large distance is sometimes possible. This happens when the radio signals intentionally emitted by a wireless interface accidentally contain side-channel information about the digital activity of the chip. Indeed, modern connected devices often use a mixed-signal architecture where analog/radio-frequency components lay on the same silicon die as the digital blocks and suffer from their interference.
We call this novel side-channel vector “Screaming Channels”, because of the strength of the signal compared to the low “whisper” of conventional side-channel emissions. By giving the attackers the ability to break cryptography “over-the-air”, Screaming Channels introduces a new threat to the security of wireless communications. In this talk we will first provide some background, then present our latest results on this topic. They include an in-depth analysis of the leakage on a BLE chip and attacks that are more and more realistic. As of now, we have demonstrated an attack at 15m reusing a profile built on a different device in more convenient conditions, and a proof-of-concept attack against the authentication of Google Eddystone beacons.