Screaming Channels: When TEMPEST Meets Side Channels and Wireless Security

Thu 24Jun2021

Giovanni Camurati, ETH Zürich

From 12:30 until 13:30

At Zoom:


TEMPEST attacks are a well-known threat that consists of spying on an electronic device through its unintended physical emissions. Physical emissions are also used by side-channel attacks to break cryptographic implementations. However, while TEMPEST attacks have been demonstrated at large distances (e.g., several meters), side-channel attacks generally work only in the proximity of the target (e.g., mm to 1m) as they rely on very weak signals.

In this talk, we will see that mounting side-channel attacks at a large distance is sometimes possible. This happens when the radio signals intentionally emitted by a wireless interface accidentally contain side-channel information about the digital activity of the chip. Indeed, modern connected devices often use a mixed-signal architecture where analog/radio-frequency components lay on the same silicon die as the digital blocks and suffer from their interference. We call this novel side-channel vector “Screaming Channels”, because of the strength of the signal compared to the low “whisper” of conventional side-channel emissions.

By giving the attackers the ability to break cryptography “over-the-air", Screaming Channels introduces a new threat to the security of wireless communications. In this talk we will first provide some background, then present our latest results on this topic. They include an in-depth analysis of the leakage on a BLE chip and attacks that are more and more realistic. As of now, we have demonstrated an attack at 15m reusing a profile built on a different device in more convenient conditions, and a proof-of-concept attack against the authentication of Google Eddystone beacons. 

Join the Zoom meeting at 12:30 on Thursday, June 24th:

Download Event to Calendar