Computer ‘emissions’ raise privacy worries

Georgia Tech couple at work to thwart ‘side-channel’ attacks
Alenka Zajic is one half of the Tech team exploring how computers leak information without even being online.

Credit: Rob Felt/Special

Credit: Rob Felt/Special

Alenka Zajic is one half of the Tech team exploring how computers leak information without even being online.

They were drawn together by romance, rotting eggs and radiation.

Georgia Tech professors Alenka Zajic and Milos Prvulovic, committed both by research and marriage, have been studying how machines emit unseen, electromagnetic energy. They want to know more about how these devices are giving away key details of a computer’s activity.

It’s a pivotal inquiry for governments securing state secrets; corporations guarding against espionage; and cypherpunks hellbent on privacy.

The issue: In the same way clicking keyboard sounds could give indications of what a person is typing, a machine emits frequency waves that provides much better tips. That means a “Russian radio” antenna taped underneath a desk, for instance, can detect what a person is doing on a laptop that isn’t plugged in, connected to the internet, or wirelessly communicating.

Such “side channel” attacks have helped researchers copy the key fobs of modern cars or eavesdrop on encrypted VOIP calls.

Still, the Georgia Tech couple - who first caught each other’s eye two decades ago in their native Serbia - said device and software engineers are woefully unprepared for such dangers.

Progress on the problem has been slow.

“[Because] none of us knows enough basically,” Milos, 42, says in an excited, Eastern European staccato, in a lab on the fourth-floor of the Technology Square Research Building on 5th Street in Midtown.

Alenka, 37, who specializes in electromagnetics and telecommunications, smiles at her husband and interrupts.

“One reason why this area isn’t as well developed as others is because it is really hard,” she says in her own melodic accent.

“It requires expertise in electromagnetics, power, signal processing, telecommunication, software architecture, computer engineering, and it spans many schools and multiple people.”

The question Milos said they are trying to solve: “Is there a way to assess the vulnerability to these sorts of attacks?”

A ‘tempest’ brews

The National Security Agency has been aware since the 1960s that machines leak radiation, a phenomenon it dubbed “Tempest” for Transient Electromagnetic Pulse Emanation Standard.

The government created specifications still being used today in walled-off areas meant to quiet computers and secure communications, called SCIFs (Sensitive Compartmented Information Facility).

At least two of those rooms are housed in Georgia Tech’s Research Institute. It’s the equivalent of putting sensitive computers and important people in a soundproof, lead box.

Businesses are interested in securing side-channels, too.

Premium entertainment companies, for instance, are worried about people using similar techniques to steal pay-per-view programming, said Jasper van Woudenberg, the North American chief technology officer of penetration testing company Riscure in San Francisco.

The good news is, common thieves aren’t really interested in side-channels as a way to steal, say, your online banking credentials, said Colin O’Flynn, a Canadian cyber security researcher who is creating developer’s tools to stem the proliferation of the problem “I think it’s too complicated, at this point, to be worthwhile,” he said.

But that could change as companies close other security gaps making side-channel vulnerabilities more economically attractive to criminals.

Most of today’s research centers on finding new kinds of attacks, or on post-attack patches.

Alenka’s and Milos’ research is different, though. It’s aimed at evaluating what computer processes and applications give off the most electromagnetic energy.

They’ve created a metric to analyze the side-channel signals. They call it “Signal Available to Attacker,” or SAVAT.

They hope they will be able to help computer engineers find programming techniques and processor architecture to put computers into what some folks might call stealth mode.

Working together

Alenka said neither of them had any idea of side-channel attacks before they began dreaming up topics to tackle together several years ago.

“This was one of the topics that was interesting to both of us,” Alenka says.

Their zeal to work together may stem from the fact that the two — who bonded over their mutual disgust for expired eggs served at the Petnica Science Center, during a then-Yugoslavian camp for gifted high school students — spent years apart.

Milos left to get his doctorate in the U.S., leaving Alenka behind at the University of Belgrade. Then, Alenka finished her PhD at Georgia Tech and took a yearlong position at the Naval Research Lab in Washington, D.C.

Alenka tells a story about how, during the NATO bombings of Belgrade, she once saw a cruise missile flash past her family’s apartment window before destroying a nearby building. Milos sheepishly says his days at the University of Illinois at Urbana-Champaign paled in comparison.

So far, the couple has raised $1.6 million through grants from the National Science Foundation and the Air Force. It’s enough to employ five doctoral students and buy a few computers and an Oscilloscope, a device used to measure the frequency of an electrical signal over time.

One of their first research papers on the topic was published in December.

The couple trade glances constantly when talking about the potential of making this research full time. They hope to eventually build a business of creating safer computers.

“What security used to be is leave [a computer] in a locked room,” Milos says. And now, new, innovative cyber attacks are proving that no device is ever truly safe.