Exposing security vulnerabilities in terahertz data links

Mittleman and colleagues from Brown, Rice University and the University at Buffalo set out to test that notion. They set up a direct line-of-site terahertz data link between a transmitter and receiver, and experimented with devices capable of intercepting signal. They were able show several strategies that could steal signal without being detected — even when the data-carrying beam is very directional, with a cone angle of less than 2 degrees (in contrast to microwave transmission, where the angle is often as large as 120 degrees).  

One set of strategies involves placing objects at the very edge of a beam that is capable of scattering a tiny portion of the beam. In order for a data link to be reliable, the diameter of the beam must be slightly larger than the aperture of the receiver. That leaves a sliver of signal for an attacker to work with without casting a detectable shadow on the receiver.

The researchers showed that a flat piece of metal could redirect a portion of the beam to a secondary receiver operated by an attacker. The researchers were able to acquire a usable signal at the second receiver with no significant loss of power at the primary receiver.

The team showed an even more flexible approach (from the attacker’s perspective) by using a metal cylinder in the beam instead of a flat plate.

“Cylinders have the advantage that they scatter light in all directions, giving an attacker more options in setting up a receiver,” said Josep Jornet, an assistant professor of electrical engineering at Buffalo and a study co-author. “And given the physics of terahertz wave propagation, even a very small cylinder can significantly scatter the signal without blocking the line-of-sight path.”

The researchers went on to demonstrate another type of attack involving a lossless beam splitter that would also be difficult, if not impossible, to detect. The beam splitter placed in front of a transmitter would enable an attacker to steal just enough to be useful, yet not so much that it would set off alarm bells among network administrators.

The bottom line, the researchers say, is that while there are inherent security enhancements associated with terahertz links in comparison with lower frequencies, these security improvements are still far from foolproof.

“Securing wireless transmission from eavesdroppers has been a challenge since the days of Marconi,” said Edward Knightly, professor of electrical and computer engineering at Rice University and a study coauthor. “While terahertz bands take a huge leap in this direction, we unfortunately found that a determined adversary can still be effective in intercepting the signal.”

The research was funded in part by the National Science Foundation, the Army Research Office, the Air Force Office of Scientific Research, and the W. M. Keck Foundation. Other coauthors on the paper were Jianjun Ma, Rabi Shrestha and Jacob Adelberg from Brown University; Chia-Yi Yeh and Edward Knightly from Rice University; and Zahed Hossain from Buffalo.

— Read more in Jianjun Ma et al., “Security and eavesdropping in terahertz wireless links,” Nature (15 October 2018) (DOI: 10.1038/s41586-018-0609-x)