The switching activity of digital circuits unintentionally generates electromagnetic signals, which may leak sensitive information processed by the device to nearby radio receivers. This problem, known as compromising emanations or TEMPEST, has been demonstrated for computer displays using analog video interfaces (VGA) and older digital interfaces (LVDS, HDMI, DVI). DisplayPort is a newer interface with a significantly more complex signal structure, and in particular uses a linear-feedback shift register to scramble the transmitted pixel data. Due to scrambling, images produced by applying previously published eavesdropping techniques to DisplayPort appear as random noise, and the interface is thought to be a far more difficult target.

I start by showing that DisplayPort is vulnerable to electromagnetic eavesdropping, assuming that the displayed image mainly consists of a small set of colours. The attack starts by recovering scrambler timing parameters and synthesising a replica of the scrambler synchronised with the target. This replica is then used to build templates for each of the expected colours, and to identify pixel colours from short-term cross-correlation between the received signal and templates.

The two main limitations of this initial attack are limited accuracy of the reset-timing model and a requirement that the attacker already knows which colours are present in the image. I address the former by designing a scrambler tracking algorithm based on a phase-locked loop that keeps the local replica closely synchronised with the target. For the latter, I exploit several properties of the 8b/10b encoding used together with this accurate scrambler alignment to efficiently enumerate colours and produce a list of candidate colours likely to be present in the image.

Finally, I extend the tracking algorithm to also align signal phase across frames, which enables coherent periodic averaging of template correlations. This averaging technique further improves the signal-to-noise ratio in the reconstructed image and thus increases eavesdropping range. Accurate time alignment additionally improves horizontal resolution over that achieved using the simpler timing model. I demonstrate that the algorithms developed in this thesis can be used to recover clearly readable text from 8 m distance in realistic circumstances, even using a software-defined radio receiver with a bandwidth that is an order of magnitude lower than the bitrate used in the DisplayPort video link.