New Attacks and Defenses Leveraging Electromagnetic Side-channel Information
When an activity is conducted in a computing device, not only does it take CPU time and memory, but it also consumes power, issues heat, emits electromagnetic (EM) radiation, and possibly produces sound as well as light. These physical side effects of computation, often referred to as physical side-channel information, can in effect reveal a certain amount of knowledge about the ongoing activity. In the past, such information has been extensively exploited to form attacks to breach confidentiality. However, it has been recently realized that such information can also be leveraged to help build security defenses. This dissertation presents two new EM side-channel attacks developed by us. The first attack is to exfiltrate data at high speed over long distances across air-gapped computers that may even be enclosed in a room having thick concrete walls. This attack highlights the extraordinary high data exfiltration bandwidth, which is 75 times higher than the fastest existing physical covert channels. The second attack is to steal sensitive information (e.g., which websites are browsed by a user and when keys are being pressed by a user) from GPUs at a distance. This is the first long-distance EM side-channel attack on GPUs. More notably, this dissertation presents the first work utilizing EM side-channel information to our advantage for creating a novel detection-based defense system against a class of powerful attacks that exploit a widely existing hardware vulnerability known as the rowhammer bug. Experiments show that our system can effectively and robustly detect any potential rowhammer attacks, including the extremely elusive ones hidden inside encrypted and isolated environments like Intel SGX enclaves.