CYBERSECURITYWhen the Hardware Traps Criminals

Published 4 August 2022

Up to now, protecting hardware against manipulation has been a laborious business: expensive, and only possible on a small scale. And yet, two simple antennas might do the trick.

Payment transactions, business secrets, documents that are important for national security: today, the world’s most valuable secrets are often no longer stored on paper, but rather as ones and zeros in virtual space. When we suspect that these secrets are in danger, they usually imagine a threat from afar – attackers trying to capture confidential data through cyberattacks. But there is another threat, a much more direct way to get into other people’s systems, namely by tampering with the hardware. The valuable information is ultimately nothing more than electrical currents that travel between different computer components via conductive paths. A tiny metallic object, positioned in the right place on the hardware, can be enough to tap into these data streams.

“Fraudsters have used this simple method, for example, to tap credit card data from card readers,” say Paul Staat and Johannes Tobisch.

Both are doing their PhDs at RUB and research at the Max Planck Institute for Security and Privacy in Bochum. As members of Professor Christof Paar’s team, they are developing methods to protect against hardware manipulation. They are cooperating with Dr. Christian Zenger from the RUB spin-off company PHYSEC, who laid the foundations for this technology when he was a RUB researcher.

Protection Through Radio Waves
Mechanisms designed to protect hardware from tampering do exist, of course. “Typically, it’s a type of foil with thin wires in which the hardware component is wrapped,” explains Paul Staat. “If the foil is damaged, an alarm is triggered.” However, this method can only be used to protect small components, not the whole system: it’s impossible to wrap an entire computer case in the foil, but only an individual key component like a memory element or a processor, for example. But Tobisch and Staat are working on a technology that would monitor entire systems for manipulation – and wouldn’t be so expensive.

For this purpose, the researchers employ radio waves. They install two antennas in the system that they want to monitor: a transmitter and a receiver. The transmitter sends out a special radio signal that spreads everywhere in the system and is reflected by the walls and computer components. All these reflections cause a signal to reach the receiver that is as characteristic of the system as a fingerprint.