May 23, 2016
I used a cathode ray tube (CRT) monitor on more than one computer five years ago. The switch to flat panel displays for my desktop computing happened about a decade ago; but, since many laboratory instruments are seldom used, their change of monitors happened more slowly. My early computer readouts were from octal LED displays and Impact printers, but CRTs were a de facto output device after the emergence of personal computing in the late 1970s (Apple II) and the early 1980s (IBM Personal Computer). My first CRT was a small, amber phosphor, monochrome device attached to my homebrew S-100-CP/M system.
While nearly every CRT in existence has now been recycled, everyone doing computer work had been using a CRT for several decades. All of these were based on the raster scan principle used in television receivers in which an electron beam "paints" an image on a phosphor screen by scanning a line from left to right while moving slightly down, zipping back to the right, and repeating until the screen is filled. The NTSC standard had 525 lines, interlaced with odd and even lines sent on alternating frames at a 60 Hz refresh rate. The interlace was to prevent image flicker arising from the relatively slow refresh rate.
While special viewing screen attachments were available to prevent visual eavesdropping on what you were doing (can't let the manager see that you're playing video games!), everyone was sure that their computing was private in those days before networks and the Internet. As it turned out, the regularity of the raster signal and the way that it was implemented on CRTs allowed an easy means of electronically recreating the image on any screen at a distance through use of some inexpensive circuitry.
Dutch computer scientist, Wim van Eck, whose original specialty was bioengineering, published a technique for doing what's now called van Eck phreaking in 1985. Such a vulnerability had been known to governments since World War II, when the target had been teleprinters, not computers. In 1982, the US government had implemented a standard, called Tempest, to make computer equipment immune to this technique. Van Eck had made the problem public to both hackers and concerned users alike. Van Eck phreaking is a plot element in my novel, Mother Wode.
Van Eck phreaking is an example of a side-channel attack in which information about a computing device is inferred through measurement of some property. As a recent example, some television and movie plots have as a plot device thermal imaging of security keypads to determine which keys were recently pressed by warm fingers to thereby discover the access code.
Van Eck phreaking wasn't the only side-channel vulnerability in early computer systems. Light-emitting diodes designed to show data activity on modems were often wired directly to the data line. In such cases, the light was modulated by the data stream, and an optical system would allow the data to be reconstructed. Early wireless keyboards used a simple form of encryption that was easily broken to reveal what you're typing through use of a radio receiver.
Your keyboard need not be wireless to leak information. Since different keys make slightly different sounds when pressed, an audio side-channel attack is possible. An easy method of defeating such an attack is to mask the sounds with white noise. Audio susceptible to side-channel attack might come from unusual sources. Multilayer ceramic capacitors typically use barium titanate (BaTiO3) and other ferroelectric materials as dielectrics because of their large dielectric constant.
These ferroelectric materials are also piezoelectric, which means that they will emit sound when the applied voltage is changed. While the sound emitted by a capacitor is small, the circuit board to which it's mounted will act as a loudspeaker diaphragm to increase the sound intensity. This "singing capacitor" effect has been addressed by at least one manufacturer.
Impact printers, in which characters were stamped onto paper much the way that typewriters had always done, were prevalent in the early days of computing. One computer system with which I worked used a modified version of the popular Selectric typewriter as a printing terminal device, the IBM 2741 printing computer terminal. It's easy to see how audio from such printers could be decoded in a side-channel attack. Modern inkjet printers emit less audio, but a surreptitious microphone, hidden in an ink cartridge, could allow a side-channel attack.
Document printers aren't the only printers used in modern development laboratories. 3-D printers are now used to make product prototypes. Mara Hvistendahl reported on the research of Mohammad Abdullah Al Faruque, a professor at the University of California Irvine, and his students on side-channel attacks on such printers. The Irvine research team has presented its research at the 2016 Network and Distributed System Security Symposium (February, 2016), and the 2016 ACM/IEEE International Conference on Cyber-Physical Systems (Vienna, Austria, April, 2016).[5-6]
Nearly every 3-D printer uses stepper motors for positioning; and, as any user of stepper motors knows, these motors produce a lot of audio frequency sound. In fact, the stepper motors on various devices, including computer disk drives, can play music, as demonstrated on several YouTube videos.[7-10] Says Al Faruque, "Industries spend millions of dollars to create IP (intellectual property), and you can basically steal it by listening to the machine."
The research team printed geometrical objects and a simplified house key using a Printrbot 3D printer. By recording the machine sounds at a distance of 30 cm and using audio analysis software, they were able to reproduce the source code for the key to about 92% accuracy. While the microphone placement for this exercise was near ideal, advanced techniques might make such a side-channel attack possible using a smartphone for audio detection.
While this side-channel attack reveals geometrical information, it doesn't access the printer's other parameters, such as temperature and the materials used. Just as for other audio side-channel attacks, interjection of white noise or random stepper motor noise is a good countermeasure.
|An unlikely side-channel attack, as noted by science fiction author Neal Stephenson in his novel, Cryptonomicon, is looking at the wear pattern of keys on a keyboard. Unless the keyboard is used exclusively for typing of a password, this will likely just give the frequency of letter use of the language. In the portion of one of my keyboards shown above, you see that the key for the letter T is completely worn, and there's considerable wear on other letter keys. The letter T is the second most used letter (9.1%) in English. The first is the letter E (12.7%), which doesn't appear to be worn, somewhat invalidating this side-channel attack. (Photo by author.)|
- Wim van Eck, "Electromagnetic radiation from video display units: An eavesdropping risk?" Computers & Security, vol. 4, no. 4 (December, 1985), pp. 269-286. A PDF file of this paper appears here.
- Mark Laps, Roy Grace, Bill Sloka, John Prymak, Xilin Xu, Pascal Pinceloup, Abhijit Gurav, Michael Randall, Philip Lessner, and Aziz Tajuddin, "Capacitors for Reduced Microphonics and Sound Emission," Electronic Components, Assemblies & Materials Association, CARTS 2007 Symposium Proceedings (Albuquerque, New Mexico, March, 2007).
- Mara Hvistendahl, "3D printers vulnerable to spying," Science, vol. 352, no. 6282 (April 8, 2016), pp. 132-133, DOI: 10.1126/science.352.6282.132.
- S. R. Chhetri, A. Canedo, and M. A. Al Faruque, "Poster: Exploiting Acoustic Side-Channel for Attack on Additive Manufacturing Systems", 2016 Network and Distributed System Security Symposium (February, 2016).
- M. A. Al Faruque, S. Chhetri, A. Canedo, J. Wan, "Acoustic Side-Channel Attacks on Additive Manufacturing Systems", 2016 ACM/IEEE International Conference on Cyber-Physical Systems (Vienna, Austria, April, 2016).
- Acoustic Side Channel Attack - Additive Manufacturing (3D-Printer), YouTube Video, January 5, 2016.
- Star Wars - Imperial March on Eight Floppy Drives, YouTube Video by MrSolidSnake, October 16, 2014.
- Stepmotor Super Mario Brothers, YouTube Video by Sam Buls, August 31, 2010.
- Toccata and Fugue in D Minor (On Floppy Drive Organ), YouTube Video by Sammy1Am, August 4, 2013.
- Imperial March on a CNC-Machine - Imperial March played on a Synchronous motor, YouTube Video by Dadido3, April 13, 2011.
Permanent Link to this article
Linked Keywords: Cathode ray tube; computer monitor; computer; flat panel display; desktop computer; desktop computing; decade; laboratory equipment; laboratory instrument; octal; light-emitting diode; LED; Impact printer; personal computer; personal computing; 1970s; Apple II; 1980s; IBM Personal Computer; amber color; phosphor; monochrome; homebrew; S-100 bus; CP/M; recycling; recycle; raster scan; television set; television receiver; cathode ray; electron beam; NTSC standard; interlaced video; hertz; Hz; eavesdropping; manager; video game; privacy; private; computer network; Internet; electronic circuit; circuitry; cathode ray tube; deflection; solenoid coil; electron gun; electric power; watt; magnetic field; Wikimedia Commons; Dutch; computer science; computer scientist; biological engineering; bioengineering; scientific literature; publish; van Eck phreaking; government; World War II; teleprinter; Tempest; hacker; plot narrative; plot element; novel; Mother Wode; side-channel attack; television program; film; movie; thermography; thermal imaging; electronic lock; security; keypad; access code; data; modem; modulation; modulate; data stream; optics; optical system; wireless keyboard; encryption; radio receiver; Neal Stephenson; Cryptonomicon; tribology; wear pattern; password; letter frequency; frequency of letter use; language; sound; acoustic cryptanalysis; audio side-channel attack; sound masking; white noise; audio signal; multilayer ceramic capacitor; barium titanate (BaTiO3); ferroelectricity; ferroelectric; relative permittivity; dielectric constant; piezoelectricity; piezoelectric; voltage; printed circuit board; loudspeaker; diaphragm; intensity; manufacturing; manufacturer; impact printer; ASCII; character; paper; typewriter; Selectric typewriter; computer terminal; printing terminal; IBM 2741 printing computer terminal; inkjet printer; microphone; ink cartridge; IBM; electromechanical typewriter; degrees of freedom; pitch and rotation; type; mathematical symbol; development; laboratory; 3-D printer; prototype; product; research; Mohammad Abdullah Al Faruque; professor; University of California, Irvine; postgraduate student; 2016 Network and Distributed System Security Symposium (February, 2016); 2016 ACM/IEEE International Conference on Cyber-Physical Systems (Vienna, Austria, April, 2016); stepper motor; disk storage; computer disk drive; music; YouTube; video clip; intellectual property; theft; geometry; geometrical; house key; Printrbot 3D printer; audio analysis; software; source code; accuracy; microphone; smartphone; print head; platen; Creative Tools; parameter; temperature; material; randomness; random; countermeasure.
Latest Books by Dev Gualtieri
Thanks to Cory Doctorow of BoingBoing for his favorable review of Secret Codes!
Blog Article Directory on a Single Page
- Levitation - March 27, 2017
- Soybean Graphene - March 23, 2017
- Income Inequality and Geometrical Frustration - March 20, 2017
- Wireless Power - March 16, 2017
- Trilobite Sex - March 13, 2017
- Freezing, Outside-In - March 9, 2017
- Ammonia Synthesis - March 6, 2017
- High Altitude Radiation - March 2, 2017
- C.N. Yang - February 27, 2017
- VOC Detection with Nanocrystals - February 23, 2017
- Molecular Fountains - February 20, 2017
- Jet Lag - February 16, 2017
- Highly Flexible Conductors - February 13, 2017
- Graphene Friction - February 9, 2017
- Dynamic Range - February 6, 2017
- Robert Boyle's To-Do List for Science - February 2, 2017
- Nanowire Ink - January 30, 2017
- Random Triangles - January 26, 2017
- Torricelli's law - January 23, 2017
- Magnetic Memory - January 19, 2017
- Graphene Putty - January 16, 2017
- Seahorse Genome - January 12, 2017
- Infinite c - January 9, 2017
- 150 Years of Transatlantic Telegraphy - January 5, 2017
- Cold Work on the Nanoscale - January 2, 2017
- Holidays 2016 - December 22, 2016
- Ballistics - December 19, 2016
- Salted Frogs - December 15, 2016
- Negative Thermal Expansion - December 12, 2016
- Verbal Cues and Stereotypes - December 8, 2016
- Capacitance Sensing - December 5, 2016
- Gallium Nitride Tribology - December 1, 2016
- Lunar Origin - November 27, 2016
- Pumpkin Propagation - November 24, 2016
- Math Anxiety - November 21, 2016
- Borophene - November 17, 2016
- Forced Innovation - November 14, 2016
- Combating Glare - November 10, 2016
- Solar Tilt and Planet Nine - November 7, 2016
- The Proton Size Problem - November 3, 2016
- Coffee Acoustics and Espresso Foam - October 31, 2016
- SnIP - An Inorganic Double Helix - October 27, 2016
- Seymour Papert (1928-2016) - October 24, 2016
- Mapping the Milky Way - October 20, 2016
- Electromagnetic Shielding - October 17, 2016
- The Lunacy of the Cows - October 13, 2016
- Random Coprimes and Pi - October 10, 2016
- James Cronin (1931-2016) - October 6, 2016
- The Ubiquitous Helix - October 3, 2016
- The Five-Second Rule - September 29, 2016
- Resistor Networks - September 26, 2016
- Brown Dwarfs - September 22, 2016
- Intrusion Rheology - September 19, 2016
- Falsifiability - September 15, 2016
- Fifth Force - September 12, 2016
- Renal Crystal Growth - September 8, 2016
- The Normality of Pi - September 5, 2016
- Metering Electrical Power - September 1, 2016
Deep Archive 2006-2008