Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ShieldBypass: On the Persistence of Impedance Leakage Beyond EM Shielding

Md Sadik Awal, Md Tauhidur Rahman

Abstract

Electromagnetic (EM) shielding is widely used to suppress radiated emissions and limit passive EM side-channel leakage. However, shielding does not address active probing, where an adversary injects external radio-frequency (RF) signals and observes the device's reflective response. This work studies whether such impedance-modulated backscattering persists when radiated emissions are suppressed by shielding. By injecting controlled RF signals and analyzing the reflections, we demonstrate that state-dependent impedance variations remain observable at frequencies outside the shields' primary attenuation band. Using processors implemented on FPGA and microcontroller prototypes, and evaluating workload profiles under three industry-standard shields, we find that passive EM measurements lose discriminative power under shielding, while backscattering responses remain separable. These results indicate that active RF probing can expose execution-dependent behavior even in shielded systems, motivating the need to consider active impedance-based probing within hardware security evaluation flows.

ShieldBypass: On the Persistence of Impedance Leakage Beyond EM Shielding

Abstract

Electromagnetic (EM) shielding is widely used to suppress radiated emissions and limit passive EM side-channel leakage. However, shielding does not address active probing, where an adversary injects external radio-frequency (RF) signals and observes the device's reflective response. This work studies whether such impedance-modulated backscattering persists when radiated emissions are suppressed by shielding. By injecting controlled RF signals and analyzing the reflections, we demonstrate that state-dependent impedance variations remain observable at frequencies outside the shields' primary attenuation band. Using processors implemented on FPGA and microcontroller prototypes, and evaluating workload profiles under three industry-standard shields, we find that passive EM measurements lose discriminative power under shielding, while backscattering responses remain separable. These results indicate that active RF probing can expose execution-dependent behavior even in shielded systems, motivating the need to consider active impedance-based probing within hardware security evaluation flows.
Paper Structure (8 sections, 2 equations, 3 figures, 1 table)

This paper contains 8 sections, 2 equations, 3 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related Works
  3. Background & Motivation
  4. Threat Model
  5. Experimental Setup
  6. Results and Analysis
  7. Discussion on Countermeasures
  8. Conclusion

Figures (3)

  • Figure 1: Overview of experimental setup.
  • Figure 2: Comparison of PCA projections across three shield types.
  • Figure 3: ICA of backscattered signals under different shielding materials.