Electronic fields emitted by computers during use exposes an individuals’ activity, raising issues concerning privacy. Side-channel signals are easily collected by antennas and reveal data through analysis. A group of researchers from the Georgia Institute of Technology have been redesigning hardware and software for the past three years that will prevent electronic fields and noises from being emitted from computers.
This research group studied how to stop side-channel attacks and focused their research on uncovering vulnerabilities in the hardware which makes these signals easier to gather. Researchers developed a Signal Available to Attacker (SAVAT), which measures side-channel signals.
“SAVAT quantifies the side channel signal’s dependence on instruction-level differences. The metric allows programmers to modify their code to prevent such high differences from being detected, especially when processes are underway that deal with sensitive information,” according to researchers.
During testing, 11 laptops ran all different instructions and researchers discovered some signals were stronger than others, depending on certain components.
“Two instructions executed on-chip tend to be quieter than a signal generated by an on-chip instruction that uses off-chip memory. Collecting those signal differences can reveal what an application is doing and could be used, for example, to obtain cryptographic keys without trying to break the encrypted content in other ways,” Milos Prvulovic, associate professor from Georgia Tech, said.
The research group also discovered if a computer runs a program with spellcheck turned off, it will emit less signals than a computer with spellcheck turned on. Prvulovic noted that when spellcheck runs on a computer, signals can be picked up by an AM radio, and the processing becomes so loud that a person hears it.
“Each keystroke causes the spellchecker to look up the word in a dictionary to try to catch a mistake and flag it. It turns out that spellchecking is orders of magnitude more activity than you would normally get for just a simple key press. Modern software does a lot of stuff that is convenient but horribly computationally intensive. That creates differences that can be picked up,” Prvulovic said.
