Electromagnetic emissions from smartphones analyzed for security vulnerability

December 19, 2017

This platform, whose objective is to improve smartphone security and that of other electronic devices, was recently presented in Canada in an international conference on security and privacy on the Internet of Things (Workshop on Security and Privacy on Internet of Things).

This research focuses on "lateral movement attacks", which happen when "someone tries to take advantage of a circumstance (in this case, any electric current producing a magnetic field) for illicit purposes (in this case, the attacker tries to extract the private password from the encryption, to which he theoretically should not have access)", explained one of the researchers, José María de Fuentes, UC3M Computer Security Lab (COSEC).

Traditionally, they tried to attack the encrypted algorithm, that is, the process to protect data, which normally has a complicated mathematical base. Later, this type of lateral movement attacks have been developed to seek other ways of breaching security without having to "break" the math upon which it is based. "When the devices are on, they use energy and generate electromagnetic fields. We try to capture their traces to obtain the encryption key and at the same time, decipher the data," explained another of the researchers, Lorena González, who is also from the UC3M COSEC.

Digital vulnerability

"We want to make it known that these type of devices have vulnerabilities, because if an adversary attacks them, that is, if someone calculates the password that you are using on your cell phone, it will make you vulnerable, and your data will no longer be private," affirmed one of the other researchers, Luis Hernández Encinas. Hernández Encinas is from CSIC's Instituto de Tecnologías Físicas y de la Información - ITEFI (Institute for Physical and Information Technologies).

The basic aim of this research is to detect and make known the vulnerabilities of electronic devices and that of their chips, so that software and hardware developers can implement appropriate countermeasures to protect user security. "Our work then will be to verify is this has been carried out correctly and try to attack again to check it there is any other type of vulnerabilities," added Hernández Encinas.

The most relevant aspect of the project, according to the researchers, is that an architecture and work environment is being develop in which this type of lateral movement attacks can continue to be explored. In fact, it is possible to extract encrypted information from other data, such as variations in temperature of the device, the power consumption, and the time it takes a chip to process a calculation.

This research has been carried out in the framework of CIBERDINE (Cybersecurity: Data, Information, Risks), a R+D+i program funded by the Consejería de Educación, Cultura y Deporte (Board of Education, Culture and Sport) of the Madrid Autonomous Region and by Structural Funds from the European Union.. Its main objective is to develop technological tools aimed at making cyberspace a safe, secure and trustworthy environment for public administrations, citizens and companies. For that purpose, this research pursues three broad areas: massive analysis of data networks, cooperative cybersecurity and support systems for decision making in this area.
-end-
Bibliographic references: A Framework for Acquiring and Analyzing Traces from Cryptographic Devices. A. Blanco Blanco, J.M. de Fuentes, L. González Manzano, L. Hernández Encinas, A. Martín Muñoz, J.L. Rodrigo Oliva, I. Sánchez García. Workshop on Security and Privacy on Internet of Things (SePrIoT) 2017. 13th EAI International Conference on Security and Privacy in Communication Networks. 25th October 2017, Niagara Falls, Canada. http://www.seg.inf.uc3m.es/~lgmanzan/docs/SCAP.pdf

Further information: CIBERDINE program: http://www.seg.inf.uc3m.es/ciberdine

Video: Researchers interview https://youtu.be/ShZfVmFTOp8

Universidad Carlos III de Madrid

Related Data Articles from Brightsurf:

Keep the data coming
A continuous data supply ensures data-intensive simulations can run at maximum speed.

Astronomers are bulging with data
For the first time, over 250 million stars in our galaxy's bulge have been surveyed in near-ultraviolet, optical, and near-infrared light, opening the door for astronomers to reexamine key questions about the Milky Way's formation and history.

Novel method for measuring spatial dependencies turns less data into more data
Researcher makes 'little data' act big through, the application of mathematical techniques normally used for time-series, to spatial processes.

Ups and downs in COVID-19 data may be caused by data reporting practices
As data accumulates on COVID-19 cases and deaths, researchers have observed patterns of peaks and valleys that repeat on a near-weekly basis.

Data centers use less energy than you think
Using the most detailed model to date of global data center energy use, researchers found that massive efficiency gains by data centers have kept energy use roughly flat over the past decade.

Storing data in music
Researchers at ETH Zurich have developed a technique for embedding data in music and transmitting it to a smartphone.

Life data economics: calling for new models to assess the value of human data
After the collapse of the blockchain bubble a number of research organisations are developing platforms to enable individual ownership of life data and establish the data valuation and pricing models.

Geoscience data group urges all scientific disciplines to make data open and accessible
Institutions, science funders, data repositories, publishers, researchers and scientific societies from all scientific disciplines must work together to ensure all scientific data are easy to find, access and use, according to a new commentary in Nature by members of the Enabling FAIR Data Steering Committee.

Democratizing data science
MIT researchers are hoping to advance the democratization of data science with a new tool for nonstatisticians that automatically generates models for analyzing raw data.

Getting the most out of atmospheric data analysis
An international team including researchers from Kanazawa University used a new approach to analyze an atmospheric data set spanning 18 years for the investigation of new-particle formation.

Read More: Data News and Data Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.