The field of information security deals with methods and mechanisms to protect sensitive information. Some of these methods and mechanisms deal with the problem of maintaining the integrity of information while it is in storage or in transit, others deal with the issue of ensuring that the information is available only to authorized entities and access is denied to entities that are not authorized. Over the years, a number of different techniques and mechanisms have been developed and implemented to achieve these goals.
It is well known that computing devices and their peripherals such as displays, keyboards and printers (hereafter referred to as computer equipment) emit electromagnetic radiation consisting of electrical and magnetic fields when they are used. This has mostly been viewed as a nuisance since it can adversely affect the functioning of other electrical/electronic equipment in the same geographical vicinity. In fact, there are a number of international laws that have been passed by various countries (including USA, Canada, EU, France and Japan) that limit the amount of electromagnetic emanations from computing equipment and that also specify the amount of emanation that such equipment should be able to tolerate while still functioning correctly. It is fairly standard for all computing equipment to be tagged with a note about its compliance with international regulations on the amount of electromagnetic emanations.
Although it is known that data being presented or sent to a peripheral device can be reconstructed to some extent using the electromagnetic emanations, the extent and nature of information leakage from a computing equipment about the state of the computing equipment and function being performed on the equipment is not known. This is true even for the state and functions being performed by ancillary processors such as those embedded in computer peripherals. This is especially a source of great concern when computations are dealing with sensitive information and security critical data. Using information from electromagnetic emanations, an adversary may gain complete knowledge of a targeted computing equipment. The techniques and technology for protecting against such attacks are also not known. Furthermore, there are no guidelines or standards for securing computing equipment that provide protection from such attacks. As a consequence, most computing equipment sold commercially, even those advertised to be secure, are highly insecure in practice due to leakage of sensitive information through electromagnetic emanations.
Recently, a small amount of information on EM vulnerability and analysis has been declassified by the US government (see the NSA Tempest series at http://cryptome.org/nsa-tempest.htm). Even so, this provides no information on how one can assemble the equipment to monitor, collect, and aggregate such emanations, how one can analyze these emanations to extract the sensitive information, and finally and most importantly, how one can design equipment, at both the hardware and the software level to prevent the leakage of sensitive information from computing equipment. Thus, there is no known way of assessing the nature and extent of information leakage via electromagnetic emanations and no known way of protecting against this information leakage.
Many mechanisms and countermeasures are known in prior art that have been proposed to reduce the electromagnetic emanations in some constrained information processing devices. These fall into two main categories. In the first category are the physical protection methods which try to reduce the amount of emanations from the device itself, e.g., the use of physical shielding and hardware design which minimize the emanations. Use of these techniques results in computing equipment which inherently leaks less emanations than the equipment which is not thus protected, however the emanations are not entirely eliminated. The critical aspect missed by all these mechanisms is that a reduction in the strength of electromagnetic emanations does not translate directly to a corresponding reduction in the amount of information leakage within the remaining emanations. Thus, in most situations, even after the application of these physical protections, there is enough information content in the remaining emanations to render computing equipment susceptible to security attacks. To overcome this problem, there is a second category of protection mechanisms that are based on reducing the effectiveness of the information that leaks in emanations despite physical shielding. These techniques attempt to artificially change the emanations by the addition of other electromagnetic signals to mask and hide the original emanations from the equipment.
The protection methods described above suffer from many serious drawbacks: they cannot quantify how much information about the state and functioning of computing equipment is still contained in remaining electromagnetic emanations. Furthermore, the primary focus of these protection methods is not to reduce sensitive information contained in emanations but rather to reduce the emanations themselves or to add other emanations. The methods which focus on reducing emanations by physical shielding can be rendered significantly less effective, for example, by using more powerful sensors, better positioned sensors, etc., thus providing sensitive information. Similarly, protection methods which focus on adding other emanations can be compromised in a variety of ways, such as additional signal processing, using more samples, physically removing sources of extra emanations, etc.
Therefore, it would be advantageous to be able to design hardware countermeasures that are based on reducing overall information leakage as opposed to countermeasures that only reduce emanations and countermeasures that only rely on extra emanations.