Abstract
Due to the low power of electromagnetic radiation (EMR), EM convert channel has been widely considered as a short-range attack that can be easily mitigated by shielding. This paper overturns this common belief by demonstrating how covert EM signals leaked from typical laptops, desktops and servers are decoded from hundreds of meters away, or penetrate aggressive shield previously considered as sufficient to ensure emission security. We achieve this by designing EMLoRa - a super resilient EM covert channel that exploits memory as a LoRa-like radio. EMLoRa represents the first attempt of designing an EM covert channel using state-of-the-art spread spectrum technology. It tackles a set of unique challenges, such as handling complex spectral characteristics of EMR, tolerating signal distortions caused by CPU contention, and preventing adversarial detectors from demodulating covert signals. Experiment results show that EMLoRa boosts communication range by 20x and improves attenuation resilience by up to 53 dB when compared with prior EM covert channels at the same bit rate. By achieving this, EMLoRa allows an attacker to circumvent security perimeter, breach Faraday cage, and localize air-gapped devices in a wide area using just a small number of inexpensive sensors. To countermeasure EMLoRa, we further explore the feasibility of uncovering EMLoRa's signal using energy- and CNN-based detectors. Experiments show that both detectors suffer limited range, allowing EMLoRa to gain a significant range advantage. Our results call for further research on the countermeasure against spread spectrum-based EM covert channels.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2021 IEEE Symposium on Security and Privacy |
| Subtitle of host publication | SP 2021 |
| Publisher | IEEE |
| Pages | 1304-1317 |
| ISBN (Electronic) | 9781728189345 |
| ISBN (Print) | 978-1-7281-8935-2 |
| DOIs | |
| Publication status | Published - 2021 |
| Externally published | Yes |
| Event | 42nd IEEE Symposium on Security and Privacy (SP 2021) - Virtual, San Francisco, United States Duration: 24 May 2021 → 27 May 2021 |
Publication series
| Name | Proceedings - IEEE Symposium on Security and Privacy |
|---|---|
| ISSN (Print) | 1081-6011 |
| ISSN (Electronic) | 2375-1207 |
Conference
| Conference | 42nd IEEE Symposium on Security and Privacy (SP 2021) |
|---|---|
| Country/Territory | United States |
| City | San Francisco |
| Period | 24/05/21 → 27/05/21 |
Funding
We are grateful to anonymous reviewers and our shepherd, Aanjhan Ranganathan, for their insightful comments. This research was supported, in part, by funds from BvTech S.p.A. and the members of the Cybersecurity at MIT Sloan (CAMS) consortium (https://cams.mit.edu) Fig. 18: From top to bottom: frequency spectrum features of Ubuntu Bionic Beaver, video player, Google Chrome, and EMLoRa.