Scientists have presented a technique that can be used to detect even the smallest tampering with a complete hardware system. To do this, they read a radio signal that is given a special signature by reflection on the computer components. If the hardware changes by even a fraction of a millimeter, researchers can read it in the radio signal.
Most sensitive information like credit card details or secret documents are stored digitally these days. To prevent them from falling into the wrong hands, the system that processes them must be protected from attack. On the one hand, these can occur as a result of remote cyber attacks, on the other hand the hardware can also be manipulated on site. A tiny metal object placed in the right place in the hardware is usually sufficient to read data streams from a printed circuit board.
Until now, only individual system components, such as a particularly important memory element or a processor, can be protected against such manipulation. “Normally, this happens with a kind of thin wire foil that the hardware component is wrapped in,” explains Paul State of Ruhr University in Bochum. “If the film is damaged, the system sounds an alarm.”
Each system has a fingerprint
Together with his colleague Johannes Tobisch, Staat has now presented a technology with which not only individual components but also entire systems can be monitored at low cost. Scientists equip them with two radio antennas: a transmitter and a receiver. The transmitter emits a special radio signal into the environment, which spreads throughout the system and bounces off the walls and computer components. Through all these reflections, the receiver receives a signal that is characteristic of the system such as a fingerprint and, if the hardware is manipulated, the fingerprint also changes.
To verify the accuracy of their system, the research team equipped a conventional computer with radio antennas. They then inserted metal needles through small holes in the housing and watched to see how this felt in the system’s fingerprint. They varied the thickness of the needle, the position and the depth of penetration.
Visible down to 0.1mm
The result: With the computer running, the scientists were still able to reliably detect a 0.3 millimeter-thick needle from a penetration depth of one centimeter. Even with a 0.1mm thick needle – the size of a hair – the system continues to strike, but not in all positions. “The closer the needle is to the receiving antenna, the easier it is to detect,” says Staat. “In practice, it makes sense to think carefully about where to place the antennas,” says Tobisch. “They should be as close as possible to components that are particularly worthy of protection.”
According to the scientists, another challenge is to account for interruptions caused by the ongoing operation of the computer. “The fans are like little vacuum cleaners and the processor is like a heater,” says Staat. Since environmental conditions such as humidity and temperature also impact the system’s fingerprint, researchers need to measure and include them. This is the only way to check if a change in the signal is legitimate or was caused by a manipulation in the hardware.
Also available at low cost
Scientists see their technology used in both high-security systems and everyday objects such as automobile control units, electricity meters or medical devices. In addition to expensive, high-precision measuring instruments, they also tested those available for a few euros. According to the researchers, the success rate was lower, but the system still worked. “It’s always a trade-off between cost and accuracy,” says Staat.
In the next step, the researchers want to be able to more reliably understand the influence of environmental conditions on the radio signal. To do this, they want to rely primarily on machine learning. (IEEE Symposium on Security and Privacy, 2022; doi: 10.1109 / SP46214.2022.00067)
Source: Ruhr University of Bochum