Conference Agenda

Side-channel information leakage on cables connected to cryptographic modules is a threat to cryptographic security because it increases the attack surface. Evaluation of side-channel leakage on cables can be difficult to reproduce because of the probe connection for triggering. When the trigger signal is output in GPIO and synchronized with the cryptographic process during encryption, side-channel leakage modulates and superimposes on the trigger signal and propagates to the power cable through the probe. However, since the trigger signal is not used during an actual attack, the results obtained with the evaluation environment may differ from those of actual attacks.

The authors conducted a side-channel attack resistance evaluation through the common-mode current using ArmFrogs-ALICE, a general-purpose embedded board for industrial use, to investigate the effect of the triggering probe connection. As a result, it was confirmed that the probe connection induced the side-channel leakage in the common mode. We also demonstrated that the impact of the probe connection can be removed by sufficiently shifting the trigger pulse out of the duration of the cryptographic process.

We demonstrate methods to enhance the reconstruction of displayed information from the compromising emanations of HDMI or DVI video cables. Using a software-defined radio receiver, we acquire multiple recordings of such emissions for the same displayed image, at adjacent, overlapping reception bands. We first perform frequency alignment and coherent periodic averaging on each of these recordings individually. We then mutually align the resulting frames such that we can extract colour-identifying features for each displayed pixel across multiple reception bands. These features then go into a clustering algorithm to classify the signals emitted by different TMDS symbols. Finally, we build a graph data structure of the most common transitions between such symbols, and identify loops in this graph as candidates of pixel colours that cycle through multiple symbols due to the DC-balancing algorithm applied by the TMDS encoding. This can enhance the readability of eavesdropped text with some colour combinations, as we demonstrate for signals recorded at 12 metres distance.

Electromagnetic cybersecurity is becoming a major concern due to the increasing number of EM vulnerabilities, exploited either through passive listening to EM leakage or active data retrieval, with or without a hardware Trojan. In this work, we focus on RF retroreflector attacks, where a passive hardware Trojan is implanted within the target. Specifically, we extend this concept to a multi-Trojan attack by leveraging spectral diversity to distinguish between different Trojans. This approach is demonstrated by attacking the three color components of a VGA link, enabling the recovery of colored images. Additionally, we introduce a diode-based Trojan architecture as an alternative to the existing transistor-based design.

As a countermeasure against information leakage through electromagnetic waves, a time-varying frequency-selective shield (TVFSS) using active frequency selective surface has been proposed. The TVFSS can falsify information contained in electromagnetic waves. As an example of information leakage, this research targets eavesdropping on a display. In this article, the results of an experiment in which the TVFSS is applied to an actual display are presented. It is confirmed that images reconstructed from electromagnetic waves transmitted through the TVFSS are falsified. Furthermore, it is shown that the mechanism of the falsification can be explained based on the behavior of the TVFSS. These facts demonstrate that the TVFSS can falsify reconstructed images.