Introduction to the electromagnetic and radioelectric spectrum, how does it affect security?

Governments and the private sector around the world are known to spend billions of dollars on countermeasures to protect their communication systems from eavesdropping and interference. But many other times they themselves use devices to disrupt the communication channels of third parties. A police department, for example, in some cases uses jammers , to interrupt the communication of criminals, as well as in prisons to prevent inmates from using smuggled cell phones. The military uses jammers to disrupt radar communications, prevent remote IED activation or radio communications. The private sector uses jammers to disrupt boardroom espionage and protect VIPs from explosive devices.

What if there was a way to communicate freely without knowing the point of origin and immune to jamming devices?

This question was asked by Chris Rock at the start of his talk entitled Killer Hertz at DEFCON 2022.

Krasukha-4 with its Russian sensor module captured by the Ukrainian defense. This vehicle belonged to the electronic warfare division, and is capable of jamming the communications of drones, satellites and low orbit missiles.

Introduction

To begin this post it is necessary to have an idea of electromagnetic compatibility ( EMC), in any manual without going into much detail and in several pages of the web we find the following definition:

This is a branch of electrical, electronic and telecommunications engineering that studies the mechanisms to eliminate, diminish and prevent the effects of coupling between an electrical or electronic equipment and its electromagnetic environment, even from its design, based on standards and regulations, ensuring the reliability and safety of all types of systems in the place where they are installed and under a specific electromagnetic environment/surrounding environment (i.e. vegetation, animals or people). With respect to human health, this discipline addresses the issue of possible harm caused by certain electronic equipment.

In addition, EMC sets standards to prevent some highly sensitive or vital equipment from being affected by electromagnetic pollution, as is the case of medical implements and/or devices or auxiliary equipment in aeronautics.

With this small definition, a new question arises:

If I know what "activities" affect these devices, could these be caused with premeditation for a particular offensive/defensive purpose?

The answer is yes, and we call that electronic countermeasure, or ECCMthis can be an electrical or electronic device designed, and following the previous example, to deceive or circumvent radars, sonars or other detection systems such as infrared or laser. It can be used both offensively and defensively to prevent the "enemy" from identifying its targets. It is commonly used by air forces to protect aircraft from missile attacks. They have also been deployed on warships and recently on advanced combat vehicles to deceive laser or infrared guided missiles.

Beyond its military use, how could we use an ECCM to communicate bypassing all these protections (communication being understood as the transmission and reception of information, not just a voice channel)?

Chris explains that using a custom made Tx/Rx, and taking advantage of the Earth's crust, an H-field Near Field Communication (NFC) channel could be generated covering 1 to 11 km in the sub 9 kHz range to communicate encrypted messages in a jammed/controlled environment, in his demo he manages to trigger an explosive object remotely bypassing the "guarded" channels. If this last paragraph seemed a bit more advanced to you, we are going to detail some concepts below, if not, you can jump directly to the "Earth and Sea as Hardware" section.

Required equipment developed by Chris

Electromagnetic Waves

Electromagnetic waves are produced by the oscillation or acceleration of an electric charge; these waves have electric and magnetic components and their theoretical aspects are related to the waveform solution supported by Maxwell's equations.

The electromagnetic wave is the way in which energy (electromagnetic radiation) propagates through space thanks to the electrons that release them under certain conditions; thanks to this, technologies that can send information through space such as Bluetooth, Wi-Fi, AM, FM, among others, are possible.

Unlike mechanical waves, electromagnetic waves do not need a material medium to propagate and travel in a vacuum at a speed of c = 300,000 km/s. All radiations of the electromagnetic spectrum exhibit the typical properties of wave motion, such as diffraction and interference. Wavelengths range from billionths of a meter to many kilometers. The wavelength (λ) and frequency (f) of electromagnetic waves, related by the expression λ-f = c, are important in determining their energy, visibility, penetrating power and other characteristics.

Characteristics of an electromagnetic wave

Amplitude (A):It is the measure of the magnitude of the maximum disturbance of the medium produced by the wave. The amplitude defines the power of the wave.

Wavelength (λ):
The distance between the start and end points of a cycle as the wave travels in a given medium.

λ = c / f
Frequency (f): Number of cycles per unit time.

f = c / λ
Period (T): Time it takes for the wave to complete a full cycle.

T = 1 / f
Velocity (v) Waves travel at a speed that depends on the nature of the wave and the medium through which they move. In the case of light, for example, the velocity in a vacuum is denoted by the letter c and is 299,792,458 m/s (approximately 3*108 m/s).

v = λ * f

Polarization: An EM wave can be linearly, circularly or elliptically polarized. A linearly polarized wave has an electric field whose orientation is constant throughout its path. The orientation of the electric field in space is an important property of EM waves because it determines the absorption of the wave in biological bodies.

Energy: In most cases, an EM wave can be studied as a plane wave propagating perpendicular to the plane formed by the two field vectors (E and H). It is also characterized by the fact that E and H decay in a ratio of 1/r, where r is the distance to the source. The energy transported per unit time, by an EM wave, is calculated through the power density at a point, performing the vector product of the intensity of the electric and magnetic field:

S = E x H where S is called the Poynting vector, which represents the power density and direction of energy propagation. S varies in a ratio of 1/r2 where r is the distance to the source.

Near field and far field: The radiation field of a source emitting EM waves is divided into two regions: far field and near field. The region of space where the radiated wave behaves as a plane wave is defined as the far field. The region of space contained between the source and the far field is called the near field. In the near field, the electric and magnetic fields are not necessarily perpendicular and, therefore, do not behave as plane waves.

Electromagnetic spectrum

The electromagnetic waves, suitably treated and modulated (usually by varying the amplitude, phase and/or frequency of the original wave) can be used for the transmission of information, giving rise to a form of telecommunication.

Nowadays, electromagnetic waves of different frequencies are massively used for the transmission of information by guided media (twisted pair, coaxial cable, optical fiber, etc.) and by unguided media (usually air or vacuum). The frequencies used in each case depend on their behavior in the different materials used as transmission media, as well as on the desired transmission speed.

In the particular case where the propagation of electromagnetic waves is carried out by unguided means, this form of telecommunication is called radiocommunication or wireless communication. Thus, the part of the electromagnetic spectrum used primarily for radio communications is called the radio spectrum.

Image taken from a report of the CSN - Consejo de Seguridad Nuclear - Spain.

On previous occasions we addressed this same concept, but with another perspective, I invite you to read Trojan detection in hardware approached from the visible spectrum, and side channel attack consisting of a reversing based on the magnetic field created by some encrypted Eeproms.

In summary, the spectrum can be divided as follows:

• Radio waves : are the result of charges being accelerated through conducting wires. They are generated by electronic devices, such as LC oscillators, and are used in radio and television communication systems.


• Microwaves: have wavelengths ranging from about 1 mm to 30 cm and are also generated by electronic devices. Due to their short wavelength, they are quite suitable in radar systems used in air navigation.


• Infrared waves: have wavelengths ranging from approximately 1 mm to the longest wavelength of visible light, 7*10-7 m. These waves are produced by hot bodies and molecules and are rapidly absorbed by most materials.


• Visible light : is the part of the electromagnetic spectrum that the human eye can detect. The various lengths of visible light are classified with colors ranging from violet (4*10-7 m) to red (7*10-7 m).


• Ultraviolet light : comprises wavelengths ranging from approximately 380 nm to 60 nm. This type of wave is not used in telecommunications; its applications are frequent in the medical field.


• X-rays : are electromagnetic waves with wavelengths in the range of approximately 10-8 nm to 10-10 nm. The common source of X-rays is the deceleration of high-energy electrons bombarding a metal target.


• Gamma rays : are electromagnetic waves emitted by radioactive nuclei and during certain nuclear reactions. They have wavelengths ranging from approximately 10-10 m to minus 10-14 m. They are highly penetrating and produce serious damage when absorbed by living tissue.

On the other hand, electromagnetic fields are a combination of electric and magnetic force fields. These are generated by natural phenomena, but also by human activities, mainly by the use of electricity. Some of these human-generated electromagnetic fields mentioned above are known as electromagnetic radiation. Let's focus on the ones we are most interested in to better understand Chris' statement at the beginning of the post.

• Extremely Low Frequencies: ELF, these are those in the range of 3 to 30 Hz. This range is equivalent to those sound frequencies in the lowest (low) part of the range of perception of the human ear. It should be noted here that the human ear perceives sound waves, not electromagnetic waves; however, the analogy is established to make a better comparison.


• Super Low Frequencies: SLF are those in the range of 30 to 300 Hz. This range includes electromagnetic waves with a frequency equivalent to the low frequency sounds perceived by the typical human ear.


• Ultra Low Frequencies: ULF are those in the range of 300 to 3000 Hz. This is the range equivalent to the normal sound frequency for most of the human voice.


• Very Low Frequencies: VLF Frequencies from 3 to 30 kHz can be included here. The VLF range is typically used in government and military communications.


• Low Frequencies: LF, are those in the range of 30 to 300 kHz. The main communications services working in this range are aeronautical and marine navigation.


• Medium Frequencies: MF are in the range of 300 to 3000 kHz. The most important waves in this range are those of AM broadcasting (530 to 1605 kHz).


• High Frequencies: HF are those contained in the range of 3 to 30 MHz. These are also known as "short waves". It is in this range that there is a wide range of types of radio communications such as broadcasting, government and military communications. Amateur and civilian band communications also occur in this part of the spectrum.


• Very High Frequencies: VHF, ranging from 30 to 300 MHz. It is a popular range used for many services, such as mobile radio, marine and aeronautical communications, FM radio transmission (88 to 108 MHz) and TV channels 2 to 12 [according to CCIR (Standard B+G Europe)]. There are also several amateur radio bands in this range.


• Ultra High Frequencies: UHF, ranging from 300 to 3000 MHz, include UHF television channels, i.e. from 21 to 69 [according to CCIR (Standard B+G Europe)] and are also used in mobile ground communication services, cellular telephone services and military communications.


• Super High Frequencies: SHF are those between 3 and 30 GHz and are widely used for satellite communications and terrestrial radio links. In addition, they are intended to be used in very short range high data rate communications via UWB. They are also used for military purposes, for example in UWB-based radars.


• Extremely High Frequencies: EHF, ranging from 30 to 300 GHz. The equipment used to transmit and receive these signals is more complex and expensive, so it is not yet widespread.

Summary of characteristics of the frequency bands.
Propagation
The propagation modes of an electromagnetic wave depend on its frequency and the electrical characteristics of the underlying ground and atmosphere. Different propagation modes or wave types can be distinguished:

Surface wave

• For frequencies below 30 MHz, with long ranges and high signal stability. Soil characteristics have a significant influence on propagation.

Ionospheric wave

• For frequencies between 3 and 30 MHz. Propagation is by reflection of the waves in the ionosphere (ionized layer of the atmosphere). Large ranges, but some degree of signal instability.

Space wave

• For frequencies above 30 MHz. Propagation is through the lower layers of the earth's atmosphere (troposphere) and may eventually take in part of the ground.


• Stable wave, although approximately limited to the direct field of view, and can be affected by signal fades.

Three sub-modes are distinguished:

• Direct wave, linking transmitter and receiver.
• Reflected wave, which connects the transmitter and receiver through a reflection in the underlying ground.
• Multipath waves, which reach the receiver after undergoing reflections in tropospheric stratum boundary layers.

Tropospheric scattering wave:

• Propagation is based on reflections caused by discontinuities due to turbulent variations in the physical constants of the troposphere (in particular the refractive index, causing a dispersive reflection).
• Very high losses, subject to deep fading.

The transmission medium influences the propagation of electromagnetic waves through physical phenomena such as reflection, refraction, diffraction, scattering or absorption, among others. Their effects depend on the medium (type of terrain, conditions and layers of the atmosphere), as well as the frequency and polarization of the emitted wave. For example, at certain high frequencies, waves can pass through layers of the atmosphere, enabling communications with outer space using space satellites for communications.


Radio propagation in the ionosphere is affected by a number of different physical factors: cosmic rays, atomic particles, solar radiation. Image from Practical Antenna HandBook Fourth Edition Joseph J. Carr

Land and Sea as Hardware

Subradio or subhertz waves are those belonging to band 3 and below, i.e. frequencies below 3 kHz. According to ITU-R nomenclature, it includes ULF, SLF and ELF waves. Sub-radio waves are hardly used in communications, as they have clear disadvantages.

Their transmission rate is very low, due to the fact that they are very small bandwidths, so unmanageable antennas are needed. The optimum power of an antenna for a frequency is presented for antenna lengths equal to half the wavelength of the signal to be emitted, for example, for a frequency of 10 Hz, an antenna length of 15,000 km would be needed for optimum radiation.

Due to the electrical conductivity of seawater, submarines are isolated from the vast majority of electromagnetic communications. However, very low frequency signals (ELF and SLF, few tens of Hz) can penetrate much deeper.

This fact, together with the possibility of reducing the size of the antennas, due to electrical elongation phenomena, has been used in the military field for communications with submarines.

In practice, these communications have been one-way and very short messages, e.g., instructing the submarine to surface at shallow levels to establish communications in some other way. The Earth emits ELF waves naturally due to the resonant cavity formed between the ionosphere and the surface. The Earth's ELF waves are initiated by electric rays oscillating electrons in the atmosphere. In uses other than radio communications for electromagnetic waves in the ELF band, the most important is the transport of electrical energy: the frequencies of 50 and 60 Hz are used all over the world to provide electricity to any point on the planet.

ULF band frequencies are common in the Earth's magnetosphere. This band is used for communication in mines ( TTE –Through The Earth–system, limited to short text messages in a paging service, due to the existing low bandwidth), as it can penetrate the earth's crust.
For this same reason, it has been used in the military for secure communications across the ground. This ULF band is also sometimes used by radio amateurs for limited range communications.

Proof of concept
Now that we have reviewed all the concepts and have knowledge of the TTE system, we can refocus on the statement that Chris gave us.

... "using a tailor-made Tx/Rx, and taking advantage of the Earth's crust, an H-field Near Field Communication (NFC) channel could be generated covering 1 to 11 km in the range below 9 kHz"....

For this purpose, we provide a list with the elements necessary to establish such a channel and the schematic to do it:

Schematics for reference, you can get the pdf at the end of the post.


Collection of images of the antenna and electrodes.

Conclusion and Use Cases
After several simulations in software such as ANSYS HFSS 3D to simulate electromagnetic behavior RES2Mod for geophysical simulations and CST Studio a high performance EM analyzer, several conclusions could be reached that encouraged the construction of the POC that we saw above, (We recommend reading the full presentation where these results are discussed in more depth). The test achieved the following results and characteristics according to the author:

• Send messages within a radius of 11 km at 2 kHz
• Correct operation in the 1- 4 kHz bands
• Runs in Near Field Magnetic Field (H Field) not Far Field
• TX operation was from 20 Watts to 3600 Watts and could be amplified to 20 kWatts
• The tests were performed with an RX at 20 Watts
• The device is equipped with impedance adapter
• Encryption libraries can be used in the Arduino software
• Ability to modify the Modulation
• Jammer proof

In the original video of this exhibition you can see how to activate an explosive charge at a distance without being detected or uninterrupted by known jammers this could compromise any type of infrastructure or even human lives, but beyond this implementation and although this channel can be used only to send one-way messages of a few characters as we saw in the example of submarines, it can be implemented in as many ways as you can imagine, from the agricultural sector, for example as a possible substitute for Lora Wan, to beacons for espionage practices. Once again we can highlight the value of reinventing relatively simple technologies created many years ago, since many of these technologies escape modern standards and security frameworks. It is very likely that if an implementation is not yet thought out, it is even less likely to be thought out how to protect against it.

Other links and interesting readings

• DEF CON 30 - Chris Rock - Killer Hertz
• https://www.microwavejournal.com/ext/resources/BGDownload/0/f/cst-studio-suite-2011-brochure-low.pdf?1612490377
• https://www.thedrive.com/the-war-zone/44879/ukraine-just-captured-part-of-one-of-russias-most-capable-electronic-warfare-systems