Preventing Side-Channel Attacks with an RF-Shielded Rack

Posted by Enconnex Team on February 4, 2021

Most people think of computing in terms of logical inputs and outputs. But computers are also machines that operate based upon physical properties. Systems use more power when executing complex commands, and hard drives and monitors emit different electric signals depending on the information being read, stored, or displayed.

Engineers at Bell Labs discovered in 1943 that typing on a teletype machine would change the readings on a nearby oscilloscope. They recognized that spurious emissions could enable smart attackers to extract sensitive information from a system by some means other than the intended input and output channels — a so-called “side-channel attack.”

Such attacks are a very real threat to modern computer equipment. In 2020, researchers demonstrated a power side-channel attack on systems with Intel and AMD chips that would allow remote access to sensitive data with unprecedented accuracy. The attack exploits an interface that monitors the energy consumption of CPUs.

Side-channel attacks involving electromagnetic emissions are even more likely. With many of today’s devices incorporating Wi-Fi, Bluetooth and other wireless technologies, attackers with the right equipment can intercept data from up to 1,000 feet away. Organizations that process highly sensitive data must shield equipment to prevent side-channel attacks.


What Is a Side-Channel Attack?

In a side-channel attack, a hacker attempts to assess the state of a device and its contents by analyzing information gained from the system itself rather than any software bugs. Information could be intercepted before it is encrypted, or the cryptographic algorithm potentially deciphered. In 1985, computer researcher Wim Van Eck documented a side-channel attack involving electromagnetic emissions, which became known as “Van Eck phreaking.”

In 2016, a team at Tel Aviv University published a paper describing an attack in which a decryption key could be extracted from an offline laptop in another room. The attack could be carried out in seconds by intercepting the electromagnetic emissions produced by the decryption process.

The U.S. government established the TEMPEST (Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions) program to study and address the security risks associated with electromagnetic emissions. Although many of the details remain classified, TEMPEST standards specify minimum shielding requirements for various electromagnetic frequencies depending on how close an attacker might get to the electronic devices.


The DefenseShield™ RF-Shielded Rack from Enconnex

Traditionally, government agencies and contractors would use TEMPEST-certified equipment to meet regulatory requirements for securing highly sensitive data. However, TEMPEST equipment is expensive and may not be able to support the latest applications. A better approach is to place equipment inside a properly shielded cabinet. The right RF-shielded rack enables the use of off-the-shelf electronics by attenuating electromagnetic emissions.

The DefenseShield Electromagnetic Compatibility (EMC) Hardened Enclosure from Enconnex uses special copper-lined paint to effectively block signals from 1MHz to 18GHz. It also features a robust power line filter to mitigate the risk of power analysis side-channel attacks.

DefenseShield provides granular, sectionalized signal and physical security for up to 1,000 devices, and can be scaled to meet growing requirements by simply adding more racks. Its standard footprint, 42U height, and lightweight make it easy to integrate into any data center environment. Ten 235CFM fans provide more than 10kW of cooling to quickly dissipate heat in dense configurations.

Side-channel attacks exploit the natural electromagnetic emissions of IT equipment to intercept highly sensitive data. The Enconnex DefenseShield EMC Hardened Enclosure delivers military-grade protection against side-channel attacks for high-security environments.

Posted by Enconnex Team on February 4, 2021

Learn more about Enconnex

Get to know Enconnex with a customized fit-out