1 / 17

Compromising Electromagnetic Emanations of Wired and Wireless Keyboards

Compromising Electromagnetic Emanations of Wired and Wireless Keyboards . Written By: Martin Vuagnoux and Sylvain Pasini. Presented By: Justin Rilling. Introduction Paper Contributions Experimental Setup Description of Attacks Results Countermeasures Comments Questions.

Audrey
Télécharger la présentation

Compromising Electromagnetic Emanations of Wired and Wireless Keyboards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compromising Electromagnetic Emanations of Wired and Wireless Keyboards Written By: Martin Vuagnoux and Sylvain Pasini Presented By: Justin Rilling

  2. Introduction • Paper Contributions • Experimental Setup • Description of Attacks • Results • Countermeasures • Comments • Questions Outline

  3. This paper evaluates four types of keyboards (PS/2, USB, laptop, and wireless) • Defines four types of attacks. All the keyboards tested where vulnerable to at least one type of attack (One attack recovered 95% of keystrokes 20m from the keyboard through walls) • Tests electromagnetic vulnerability in different environmental scenarios (Low noise, office, adjacent office, and building) Introduction

  4. Determined the practical feasibility of eavesdropping on keystrokes • Used the “Full Spectrum Acquisition Method” to detect electromagnetic radiation that may be missed by traditional methods Contribution

  5. Experimental Setup

  6. Scan Code 0x24 = ‘E’ Start Bit Odd Parity Bit Falling Edge Transition Technique (FETT) Stop Bit 000 1 00 1 00 1 1

  7. Were able to detect the falling edges of the PS/2 data line • On average, can reduce the keystroke to 2.42 possible keys Falling Edge Transition Technique (FETT)

  8. A band-pass (105-165MHz) filter is used to improve the SNR which allows the authors to extract the rising and falling edges of the data line The Generalized Transition Technique (GTT) 0 0 0 1 0 0 1 0 0 1 1 Threshold Line

  9. They were also able to find frequency and amplitude modulated harmonics at 124MHz that correspond to the data and clock signals • This attack is able to fully recover all keystrokes • These types of electromagnetic waves are interesting because they carry further than those discussed in the previous two attacks The Modulation Technique (MT)

  10. Driver Driver Driver The Matrix Scan Technique (MST) … q w e Detector … a s d Detector … z x c Detector

  11. This attack worked on almost every keyboard • On average, could reduce the keystroke to 5.14 possible keys The Matrix Scan Technique (MST)

  12. GTT - Able to recover all keystrokes correctly MT - Able to recover all keystrokes correctly FETT - Can reduce the keystroke to 2.42 possible keys on average MST - Can reduce the keystroke to 5.14 possible keys on average Accuracy

  13. Effectiveness on Various Types of Keyboards

  14. Range of Attack Low Noise Scenario Office Scenario

  15. Shield keyboard, cable, motherboard and room • Encrypt bi-directional (PS/2) serial cable • Obfuscate scan matrix loop routine Countermeasures

  16. Very thorough testing • Could improve the explanation of the building test scenario • Would have been interesting if they tested the outlined countermeasures Comments

  17. Questions ???

More Related