The Intersection of Software-Defined Radio and Wireless Security

As early as ancient times, during the early establishment of feudal society, communication technology had already appeared, such as beacon towers and relay stations, which were commonly used communication means in ancient China. Although these methods could transmit information, they had very obvious drawbacks: the information transmitted was singular, inefficient, and easily lost. Later, with the gradual popularization of written language, pigeon post also entered human society, but its shortcomings were also very obvious, with very low controllability of information transmission and frequent losses of information. As human technology and civilization gradually developed, in 539 BC, the Persian king created an institution similar to a post office. Due to the presence of professionals, letters could be guaranteed to be delivered, but it took a particularly long time. This was the use of human power to transmit information.

In contrast, the development of electronic technology began around 600 BC, when the ancient Greek philosopher Thales discovered the existence of static electricity. In 1600, Queen Elizabeth I’s physician, William Gilbert, used the Latin word “electricus” to describe the force exerted by materials when rubbed together, and wrote a classic work, “On Magnetism,” in which he believed that electricity was generated by friction, while magnets did not require it, thus separating electricity and magnetism for many years. It wasn’t until 1820 that Danish scientist Hans Christian Oersted discovered the magnetic effect of electric current, re-establishing the relationship between electricity and magnetism. In 1821, British scientist Michael Faraday invented the electric motor and discovered electromagnetic induction in 1831, manufacturing the first generator capable of producing continuous current.

In 1837, American Samuel Morse invented Morse code and wired telegraphy, which truly established the prototype of modern communication systems. The emergence of wired telegraphy was epoch-making—it provided humanity with a brand new way of information transmission that was invisible, intangible, and inaudible, completely different from previous methods such as letters, flag signals, and beacons. In 1865, the father of communication, James Clerk Maxwell, proposed the great Maxwell equations, establishing classical electrodynamics and predicting the existence of electromagnetic waves. From then on, communication technology embarked on a fast track of development.

In 1876, Alexander Graham Bell applied for a patent for the telephone, becoming the father of the telephone. In 1888, Heinrich Hertz successfully proved the existence of electromagnetic waves experimentally, thus confirming Maxwell’s predictions. The edifice of classical electromagnetic theory was officially completed.

In 1896, Italian Guglielmo Marconi achieved the first wireless communication in human history, although the communication distance was only 30 meters, it reached 2 miles the following year. From this point on, humanity officially opened the door to the era of wireless communication.

In the time following Marconi’s invention of wireless telegraphy, both wired and wireless communication developed along their respective paths. Today, we will only discuss the development of wireless communication technology.

For a long time after Marconi’s invention, wireless communication was in a state of unidirectional communication (half-duplex communication), and broadcasting to some extent replaced newspapers, becoming the fastest way for people to obtain news.

During World War II, Motorola developed the epoch-making SCR300 military walkie-talkie, capable of achieving long-distance wireless communication up to 12.9 km. The SCR300 weighed 16 kilograms and required specialized communication soldiers to carry or could be installed in cars or airplanes.

In 1946, Bell Labs successfully manufactured the world’s first mobile phone based on this foundation, but it was enormous. The development of wireless technology was limited by the technical bottlenecks of electronic components, and there were no significant breakthroughs. As semiconductor technology matured, the foundation for rapid development of wireless communication devices began to take shape.

In April 1973, Motorola engineer Martin Cooper developed the world’s first mobile phone, which was truly portable and could be used for communication while on the move. The invention of the mobile phone marked the opening of the door to universal communication for humanity and the beginning of the era of ubiquitous mobile phones.

From 1G to 2G to now 5G and even 6G, from pagers to large mobile phones to the smartphones everyone loves today, wireless communication technology has been developing rapidly. With the changes of the times and the evolution of technology, the communication frequency, modulation styles, and encoding methods have all undergone significant differences. Different hardware platforms must be built for different frequencies, modulation styles, and encoding methods. Even without considering the cost and difficulty of hardware components, just adapting to such a variety of frequencies and modulation methods requires a wide range of hardware platforms. Is there a magic weapon in the communication system?

SDR (Software Defined Radio) technology is the answer. Its significant value lies in the fact that traditional hardware radio communication devices serve merely as the basic platform for wireless communication, while many communication functions are implemented by software, breaking the historical pattern where the communication functions of devices relied solely on hardware development. The emergence of software-defined radio technology represents the third revolution in the communication field, following the transitions from fixed communication to mobile communication and from analog communication to digital communication. Software-defined radio technology effectively avoids the shortcomings of hardware implementation. Aside from the most basic hardware architecture, such as ADC, DAC, amplifiers, and antennas, all remaining processing is done in software, allowing developers to modify the software to change the functions of the radio without altering the circuitry. In simple terms, this device can be programmed to meet the communication needs of wireless devices such as radios and routers.

The common architecture of SDR is shown below, using ADI’s Pluto software-defined radio platform as an example.

Figure 1: ADI Pluto Software Defined Radio Platform System Architecture

A standard software-defined radio station includes: a broadband antenna, front-end reception, a broadband DAC/ADC, and a general-purpose digital signal processor. Figure 1 shows its functions and the required interfaces. The mobile user unit communicates through analog interfaces (narrowband A/D and D/A) and provides voice, data, fax, and multimedia interfaces through optional mixed source encoding. Near-real-time and real-time software complete data analysis, processing, and transformation between narrowband and broadband data through programmable processors, and then broadband A/D/A completes the transformation with RF.

So what role does software-defined radio technology play in network security technology?

First, let’s mention TEMPEST electromagnetic leakage. TEMPEST (Transient Electromagnetic Pulse Emanation Surveillance Technology) is part of electromagnetic environmental security protection and includes a series of technologies for analyzing, testing, receiving, restoring, and protecting sensitive information carried by electromagnetic leakage signals.

Electronic devices generate various electromagnetic leaks while operating, and some of these electromagnetic signals may carry sensitive information. In 1972, the U.S. National Security Agency conducted a classified study codenamed TEMPEST, which was partially declassified in 2007. In 1985, Wim Van Eck published the first non-classified analysis article on the security threats posed by computer monitors, showing that by adding a $15 electronic device to a conventional television, information from a system could be stolen from hundreds of meters away.

In the 1980s, the CIA’s TEMPEST project utilized the RF leakage generated by electronic devices while working to steal information from systems, as shown in Figure 2. Among them, the most intuitive and impressive was the direct acquisition of content displayed on CRT monitors of that time: since CRT monitors required high voltage controlled by display signals to modulate the electron beam accurately to strike specific points on the screen, the modulation electrodes in every direction acted like dipole antennas that could emit electromagnetic waves. Therefore, by receiving radio signals with antennas of different polarizations and mixing them with local horizontal and vertical synchronization signals, we could obtain identical screen images on local displays. This method is known as “van Eck Phreaking,” which was revealed to the public by a BBC exposé program. In no time, white vans equipped with various antennas became the symbol of this surveillance behavior.

As modern screens have replaced original CRT displays, capturing electromagnetic leakage has become less straightforward. The risks associated with VGA interfaces have also been uncovered, as computer monitors use raster scanning for display. The signals sent by the display controller to the monitor consist of three types: video signal ROB (color), vertical synchronization signal (field sync), and horizontal synchronization signal (line sync), where both line and field sync are square wave signals (digital levels). For non-repetitive information displays, the original video signal is random. However, for static computer images or slowly changing images, the periodic scanning used in monitors results in periodic characteristics in the video signal. Over a complete time series, signal zones (display areas) and non-signal zones (line blanking areas) exist periodically but are interspersed with noise.

Figure 2: CIA TEMPEST Project Equipment

Figure 3: Basic Principle Diagram of TEMPEST Equipment

In Figures 2 and 3, it can be seen that the early devices for receiving leaked signals were quite cumbersome. In 2014, Martin Marinov from Cambridge University published a paper titled “Remote Video Eavesdropping Using a Software-Defined Radio Platform,” innovatively using the USRP B200 software-defined radio device to capture VGA signal leaks.

Figure 4: Testing Environment and Equipment of Remote Video Eavesdropping Using a Software-Defined Radio Platform

Figure 5: Test Results of Remote Video Eavesdropping Using a Software-Defined Radio Platform

In Figure 5, the results are quite ideal, and with just simple software-defined radio equipment and signal processing algorithms, the recovery of leaked signals was accomplished. Software-defined radio is not only a revolution in communication but also a powerful tool for wireless security analysis. The applications of software-defined radio devices are extensive, with applications in side-channel analysis of wireless security and verification of security frameworks, among many others.

As technology gradually develops, the trend of interdisciplinary integration becomes increasingly evident. Security issues are also comprehensive and complex. In the face of the rapid development of the security industry and the increasingly fast pace of informationization in society, various new technologies will continue to emerge and be applied. Wireless security holds infinite opportunities and challenges. As a hot research field, it has significant strategic importance, and it is believed that wireless security technology will achieve even greater development in the future.

References:

[1] https://zhuanlan.zhihu.com/p/58540779

[2] Adalm-Pluto Software Defined Radio Platform https://www.analog.com/cn/design-center/evaluation-hardware-and-software/evaluation-boards-kits/ADALM-PLUTO.html#eb-overview

[3] Giechaskiel I. Eavesdropping on and emulating MIFARE Ultralight and Classic cards using software-defined radio[J]. 2015.

Author: Zhang Zhuxiang

Editor: Xia Tian Tian

Top 5 Highlights from Previous Articles

Recent Highlights Review