Séminaire ICE « Can security be broken by software-defined radio leakage? »

Abstract
When software runs on an electronic device, it produces noise in the form of electromagnetic leakage. This brings several security issues, because this noise carries information about software execution. A notable example are side-channels attacks, that leverage this leakage to recover cryptographic secrets. Previous work has also shown how to apply simple modulation schemes to this leakage, to transmit data without access to any communication device (e.g., to exfiltrate sensitive information from air-gapped devices disconnected from any network). In this talk we will present Noise-SDR, a novel approach that achieves software-defined arbitrary modulation of the electromagnetic leakage, thus letting the attacker transmit information using a wide range of radio protocols. Despite some limitations in bandwidth and frequency, Noise-SDR brings flexibility and performance. Its security applications range from exfiltration and tracking to injection in another victim receiver.

Bio
Dr. Giovanni Camurati is a postdoctoral researcher in Pr. Srdjan Capkun’s System Security Group at ETH Zurich. Before, he defended his Ph.D. at EURECOM, under the supervision of Pr. Aurélien Francillon and Pr. Ludovic Apvrille. He explores the security issues that arise from the interplay of hardware, software, and radio transceivers in embedded and mobile devices. They include novel side channel attacks against wireless devices (Screaming Channels), arbitrary modulation of electromagnetic noise from software (Noise-SDR) and distance-reduction attacks against UWB ranging (Ghost Peak). He is also interested in dynamic firmware analysis (Inception), hardware design (internship in Arm), and security in automation (NCCR Automation). His research was published at IEEE S&P, ACM CCS, USENIX Security, IACR TCHES, and it was covered by The Register and Le Monde. Visit https://giocamurati.github.io/ for more information.