180 likes | 430 Views
Compromising Electromagnetic Emanations of Wired and Wireless Keyboards . Written By: Martin Vuagnoux and Sylvain Pasini. Presented By: Justin Rilling. Introduction Paper Contributions Experimental Setup Description of Attacks Results Countermeasures Comments Questions.
E N D
Compromising Electromagnetic Emanations of Wired and Wireless Keyboards Written By: Martin Vuagnoux and Sylvain Pasini Presented By: Justin Rilling
Introduction • Paper Contributions • Experimental Setup • Description of Attacks • Results • Countermeasures • Comments • Questions Outline
This paper evaluates four types of keyboards (PS/2, USB, laptop, and wireless) • Defines four types of attacks. All the keyboards tested where vulnerable to at least one type of attack (One attack recovered 95% of keystrokes 20m from the keyboard through walls) • Tests electromagnetic vulnerability in different environmental scenarios (Low noise, office, adjacent office, and building) Introduction
Determined the practical feasibility of eavesdropping on keystrokes • Used the “Full Spectrum Acquisition Method” to detect electromagnetic radiation that may be missed by traditional methods Contribution
Scan Code 0x24 = ‘E’ Start Bit Odd Parity Bit Falling Edge Transition Technique (FETT) Stop Bit 000 1 00 1 00 1 1
Were able to detect the falling edges of the PS/2 data line • On average, can reduce the keystroke to 2.42 possible keys Falling Edge Transition Technique (FETT)
A band-pass (105-165MHz) filter is used to improve the SNR which allows the authors to extract the rising and falling edges of the data line The Generalized Transition Technique (GTT) 0 0 0 1 0 0 1 0 0 1 1 Threshold Line
They were also able to find frequency and amplitude modulated harmonics at 124MHz that correspond to the data and clock signals • This attack is able to fully recover all keystrokes • These types of electromagnetic waves are interesting because they carry further than those discussed in the previous two attacks The Modulation Technique (MT)
Driver Driver Driver The Matrix Scan Technique (MST) … q w e Detector … a s d Detector … z x c Detector
This attack worked on almost every keyboard • On average, could reduce the keystroke to 5.14 possible keys The Matrix Scan Technique (MST)
GTT - Able to recover all keystrokes correctly MT - Able to recover all keystrokes correctly FETT - Can reduce the keystroke to 2.42 possible keys on average MST - Can reduce the keystroke to 5.14 possible keys on average Accuracy
Range of Attack Low Noise Scenario Office Scenario
Shield keyboard, cable, motherboard and room • Encrypt bi-directional (PS/2) serial cable • Obfuscate scan matrix loop routine Countermeasures
Very thorough testing • Could improve the explanation of the building test scenario • Would have been interesting if they tested the outlined countermeasures Comments