In-Depth

Guarding Against Esoteric Security Leaks

Analyzing esoteric attacks highlights where security can succeed and how secure devices can fail in unforeseen ways.

• By Mathew Schwartz
• 06/22/2005

How could an attacker wrest information from your company? There are, of course, a variety of easy-to-exploit scenarios—the equivalent of finding an unlocked back door to a house. Such risks include using known vulnerabilities, sneaking Trojan code or keystroke loggers onto PCs, or just physically stealing equipment.

Yet security researchers also love to explore more esoteric alternatives, including many that some U.S. government agencies or their competitors might have already perfected.

A recent book by Polish security researcher Michal Zalewski, “Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks” (No Starch Press), explores such attacks. Zalewski tours many unknown or under-explored aspects of today’s technology, moving from narrative to technical analysis as necessary to detail where vulnerabilities exist, and how an attacker might exploit them. Thus the book is also a guide for information security professionals to defend against leading-edge attacks, where said attacks are even feasible.

One area of inquiry is signal-disclosure problems. While attackers can often reconstruct data from lost noise—electromagnetic emissions naturally given off by signals as they move through cables—there are other signal-related risks as well.

For example, Zalewski analyzes the potential threat from Tempest-style attacks, first documented by the U.S. Air Force in the 1960s and popularized by Neil Stephenson in his book Cryptonomicon. The concept involves using electronic listening devices to decode what’s being shown on a computer screen, even from a distance. (Tempest refers to technologies meant to reduce electromagnetic emissions so they can’t be read from a distance—not the type of attack itself.)

Another notable signal-emissions threat, discovered in 2002, is that an attacker could monitor LED patterns—the activation or deactivation of LEDs on networking equipment—to discern the actual data being sent over the network. As Zalewski notes, “this research caused some stir in the industry; it was eventually also both downplayed and over-hyped, and hence a great deal of confusion ensued, and very little has changed.”

Despite arguments to this day over whether the technique works, “its basic premise is simple and truly beautiful,” Zalewski continues. “The beauty of this technique is that it is trivial to devise such a device to receive the signal. The equally cheap and popular counterparts of LEDs—photodiodes and phototransistors—are easy to acquire and equally easy to interface with the computer.” Of course, unlike Tempest-style attacks, he says, which are “the subject of urban legends and pure laboratory results,” LEDs “can be directly observed and measured.”

It's easy. “The simplicity of building a snooping device makes it quite tempting to do so,” he notes, and to settle the question for himself, he builds and tests his own LED-monitoring device. The book shares plans, and his experiences, with readers. While he doesn’t reach any conclusions about the extent to which this could be a threat, it’s useful for understanding the potential danger from the threat (if attackers have access to LED lights) and ways of defending against it (notably, duct tape over the lights doesn’t work).

That do-it-yourself ethos pervades the book, and while it might seem like Zalewski is detailing outlandish threats, in fact this broad mindset can uncover major security flaws—but not where you’d think to look.

Take new research by Colin Walter, head of cryptography for Comodo Inc., which will be presented at the forthcoming IEEE Symposium on Computer Arithmetic. In his paper, Walter argues that the smart cards can actually leak the keys used to secure the smart card.

This isn’t an unheard-of phenomenon. “Partial information about secret cryptographic keys is known to leak from most cryptographic hardware as a result of voltage, timing and EMR (electromagnetic radiation) variations in particular,” he says.

Yet in the case of smart cards, he’s found that by monitoring voltage fluctuations in smart cards’ hardware multipliers, an attacker can compromise the smart card. In fact, “this is probably the major concern of smartcard manufacturers at the moment, far exceeding the risks posed by the possible discovery of mathematical attacks on the message input/output of cryptographic processes.” In other words, attackers don’t need to crack smart cards’ strong cryptographic processes, because there’s a simpler way to compromise the device.

Walter’s research and Zalewski’s book both illustrate that when security fails, it might not be in a predictable—or “security related”—way.

Related Articles:

Putting Next-Generation Smart Cards to Work
http://esj.com/security/article.aspx?EditorialsID=1263

Smart Cards Gear Up For Biometrics
http://esj.com/security/article.aspx?EditorialsID=1135