Radio waves for the detection of hardware tampering

As far as data security is concerned, there is an even greater danger than remote cyberattacks: namely tampering with hardware that can be used to read out information – such as credit card data from a card reader. Researchers in Bochum have developed a new method to detect such manipulations. They monitor the systems with radio waves that react to the slightest changes in the ambient conditions.

Unlike conventional methods, they can thus protect entire systems, not just individual components – and they can do it at a lower cost. The RUB’s science magazine Rubin features a report by the team from Ruhr-Universität Bochum (RUB), the Max Planck Institute for Security and Privacy and the IT company PHYSEC.

Paul Staat and Johannes Tobisch presented their findings at the IEEE Symposium on Security and Privacy, which took place in the USA from 23 to 25 May 2022. Both researchers are doing their PhDs at RUB and conducting research at the Max Planck Institute for Security and Privacy in Bochum in Professor Christof Paar’s team. For their research, they are cooperating with Dr. Christian Zenger from the RUB spin-off company PHYSEC.

Protection through radio waves

Data is ultimately nothing more than electrical currents that travel between different computer components via conductive paths. A tiny metallic object, located in the right place on the hardware, can be enough to tap into the information streams. To date, only individual components of systems, such as a crucial memory element or a processor, can be protected from such manipulations. “Typically, this is done with a type of foil with thin wires in which the hardware component is wrapped,” explains Paul Staat. “If the foil is damaged, an alarm is triggered.”

The radio wave technology from Bochum, however, can be used to monitor an entire system. To this end, the researchers install two antennas in the system: a transmitter and a receiver. The transmitter sends out a special radio signal that spreads everywhere in the system and is reflected by the walls and computer components. All these reflections cause a signal to reach the receiver that is as characteristic of the system as a fingerprint.

Technology reacts to the slightest changes

Tiny changes to the system are enough to have a noticeable effect on the fingerprint, as the team demonstrated in experiments. The IT experts equipped a conventional computer with radio antennas and punctured its housing with holes at regular intervals. Through these holes, the researchers let a fine metal needle penetrate the inside of the system and checked whether they notice the change in the radio signal. In the process, they varied the thickness of the needle, the position and the depth of penetration.

With the computer running, they reliably detected the penetration of a needle 0.3 millimetres thick with their system from a penetration depth of one centimetre. The system still detected a needle that was only 0.1 millimetres thick – about as thick as a hair – but not in all positions. “The closer the needle is to the receiving antenna, the easier it is to detect, explains Staat. “Therefore, in practical applications, it makes sense to think carefully about where you place the antennas,” adds Tobisch. “They should be as close as possible to the components that require a high degree of protection.”

Basically, the technology is suitable for both high-security applications and everyday problem. The IT company PHYSEC already uses it to prevent unauthorised manipulation of critical infrastructure components.

Detailed article in science magazine Rubin

You can find a detailed article on this topic in the IT Security special issue of the science magazine Rubin. For editorial purposes, the texts on the website may be used free of charge provided the source “Rubin – Ruhr-Universität Bochum” is named, and images from the download page may be used free of charge provided the copyright is mentioned and the terms of use are complied with.

DOI: 10.1109/SP46214.2022.00067
Article Title: Anti-tamper radio: System-level tamper detection for computing systems