Parameters optimization filter for signal processing USB keyboard enamation comprimising

— Computer peripherals such as monitors, keyboards can be targets to exploit information through electromagnetic radiation side chanel attacks. In order to be able to perform these attacks on these devices, it is necessary to use appropriate digital filters to select the frequency band and reduce the effect of noise on the useful radiated signal. The article will introduce the parameter optimization process of the digital filter in recovering keystrokes from the radiated signal of the USB keyboard.. xạ điện Để có thể thực hiện được các tấn công kênh kề này lên các thiết bị này cần sử dụng các bộ lọc số thích hợp để chọn băng tần và làm giảm hiệu ích thu được. Bài báo sẽ giới thiệu quá trình tối ưu tham số của bộ lọc số trong việc khôi phục phím gõ từ tín hiệu bức xạ của bàn phím USB.

The above studies focus on general introduction of methods used to analyze keyboard keys. However, the effectiveness of the attack on electromagnetic radiation is greatly influenced by the signal processing technique. The objective of the paper is to compare the efficiency of digital filters when dealing with USB keyboard radiation.
This article is divided into 5 main parts. Part I gives a general introduction. Part II conducted the radiation measurement from the USB keyboard. Part III presents the design of a digital filter for processing of radiated signal. Part IV presents the results of using filters in keystroke analysis and the parameter optimization capabilities of those filters. Finally, conclusions and comments are given in the V section. To be able to catch radiated signals, it is necessary to have a system of measuring and preprocessing equipment combined with a signal processing program. The hardware system consists of the first three components of model 1 above: the antenna/probe unit, the low-noise amplifier, the ADC (Analog to Digital Converter) and the computer interface. Including the tempest receiver and antenna/transducer set to catch electromagnetic signals from free space. That signal includes USB keyboard radiation and noise. However the USB keyboard used a differential mode signal with a small amplitude, additional low-noise amplifiers are required. Those amplifiers are responsible for enhancing the useful signal at the required frequency ranges. The ADC converts the analog signal into a digital form and then sends it to a signal processing program for analysis. Based on the model shown in figure 1, the probe is measured at various positions of the keyboard to determine the radiation location as well as the corresponding field strength. Through calculating statistics for USB keyboards, its processing circuit generates electromagnetic radiation related to keystrokes that are processed inside. Thus the position of the signal probe is placed on the microcontroller of the USB keyboard to collect radiation during the operation of the keyboard, see figure 2 below. The test uses a HZ-15 probe connected to a 30dB HZ-16 amplifier with the frequency range from 30MHz to 3GHz. The R&S ESR26 receiver acts as an ADC and also communicates with the control computer. The article conducts a test for the Dell SK-8115 USB keyboard.
The method of identifying keystrokes by finding radiation peaks is based on analysis techniques and locates peaks in the radiated signal. The applicability of this method depends on finding the exact position of the peaks corresponding to the radiation of the keystroke signal. Using AMPD (Automatic Multiscale-Based Peak Detection) algorithm for the above radiated signals [1]. The input x is the pre-processed radiated signal, the output P is the signal with the list of detected radiation peaks. Due to the limitation of the paper, we will not go into detail about the operation of the AMPD algorithm. The peak analysis results will then be used to analyze the corresponding scancode of the keystroke. Compare with scancode of USB keyboard to restore keypress.
The results of measuring and recovering radiated signals of some keypress of this keyboard are shown in figure 4:

Raw Signal
Radiated Signal Scancode = 4 => Keystroke "A" The above results of the analysis program are performed with the following measurement setup: • The program collects 2000000 points of radiated signal samples at a rate of 10Msps, equivalent to a reception time of 200 ms.
• The center frequency is 222MHz for the DELL SK-8115 keyboard.
• Capturing each keystroke (letter and number) and check the accuracy of the recovery program.
Through the above results, it can be confirmed that the Dell SK-8115 USB keyboard has radiation when operating and has the ability to recover keystroke information based on the received radiation.

III. DESIGNING DIGITAL FILTERS USED IN ANALYSIS OF ELECTROMAGNETIC RADIATIONS
As we know the received signal always includes noise from the external environment. By comparing the spectrum of the keystroke and non-keystroke signal, it is possible to identify the signal components and noise components in the background of the received spectrum. Figure 5 below depicts the spectrum of the received raw signal: The filter performs the processing of components on the spectrum of the signal. Digital filters are usually described by the following components: adder block, multiplier block and delay block. The adder block has two inputs and one output, its function is to add two input signals together. The multiplier block is an amplifier element that multiplies the input signal by a constant. The delay block implements delaying the input signal by one sample, see figure 5 below [10]: With the above basic blocks, it is possible to build two different basic filter structures. The filter corresponding to these two structures is called: infinite impulse response (IIR -Infinite Impulse Response) and finite impulse response (FIR -Finite Impulse Response).
The LPF (Low Pass Filter) filters used include: LPF FIR and MA (Moving Average). FIR filter is chosen because FIR filter design will be easier in the initial stage. This design slows down the input signal without distorting its phase. In addition, the FIR filter is easy to set up and calculate the FIR in all signal processing software. The MA filter is the most commonly used form of LPF in practical applications. They are optimized to reduce random noise while ensuring the slope of the frequency response function and have good smoothing effect in the time domain. In addition, the MA filter is easy to design by coefficients without taking into account the signal multiplier blocks.
The formula describing the relationship between the output signal, the input signal and the frequency response of the MA filter has the following form: The radiated signal of the USB keyboard consists of many different frequency components. The characteristics of the low frequency components represent the average energy of the signals transmitted in the keyboard.
It can be understood simply that the larger the keyboard signal is, the lower frequency components in the radiated signal also increase accordingly. The LPF FIR filter will be used to separate these components for the average energy analysis of the USB keyboard signal. Based on the characteristics of the received radiated signal, the parameters of the LPF filter can be selected in the range as follows: • Sampling frequency:  According to documents [1, 2, 3] and from experimental results, it is found that these spectral components are concentrated at mid frequencies in the range of 1.5 MHz; 3 MHz; 4.5 MHz… after the radiated signal has been converted to the baseband. With DSP System Toolbox to design BF filters can use designfilt function. Thus, to separate and integrate these useful spectral components, it is necessary to use a BF FIR bandpass filter around the 3MHz center frequency with the following parameters: • Sampling frequency: The optimal parameter value of the filter will be selected through running the allowable range. The analysis program evaluates the keystroke recognition results to find the optimal value for the filters.

IV. RESULTS OF ANALYZING KEYPRESS WITH DIFFERENT DIGITAL FILTERS
It is possible through the experimental method to choose the optimal parameter value for these filters. The program flowchart to determine the optimal value for the filter parameters designed in Part III has the form shown in figure 9 below: Figure 9. Flowchart of the program to choose the optimal value of the filter.
Using the above method, it is possible to calculate the successful keyspress recovery rate depending on the order of the MA filter with the form shown in figure 9 below: The success rate of keypress recovery depends on the order of the FIR LPF filter, as shown in figure 11 below: Figure 11. Relationship of keypress recovery rate and LPF filter order.
The successful keystroke recovery rate depends on the order of the FIR BF filter, as shown in figure 12 below: Through the keypress analysis results, it can be seen that the order of MA filter has the optimal value range from 600 to approximately 1200. LPF filter needs at least order N > 70 or higher, the recovery rate will reach 70%. For a BF filter it is necessary to use N > 110 or more for a recovery rate of approximately 70%.

V. CONCLUSION
The article presented the process of performing electromagnetic radiation measurement for the DELL SK-8115 USB keyboard. Through the received radiated signal, it is analyzed and restored to the corresponding keypress. The article also uses experiments to find the dependence of the basic parameters of the filters on the successful recovery rate. From there, it is possible to choose the optimal value of the filters when restoring keypress. Selecting the optimal value increases the USB keyboard's keystroke recovery success rate, approximately 70% with of the R&S HZ-15 probe.