Compromising emanations: overview and system analysis

Рассмотрена задача побочных электромагнитных излучений опасных сигналов в ближней, промежуточной и дальней зонах. Проанализированы экспериментальные данные побочных электромагнитных излучений различных технических средств. Предложен системный анализ для нахождения и изучения побочных электромагнитных излучений. Целью данного подхода является создание корректной теоретической базы в области технической защиты информации. Рассмотрен метод векторных нестационарных потенциалов для нахождения компонент электромагнитного поля опасных сигналов в ближней, промежуточной и дальней зонах излучения. Применение нового метода позволяет исследовать побочные электромагнитные излучения технических средств во временной и в частотной области

Optical TEMPEST

Research on optical TEMPEST has moved forward since 2002 when the first pair of papers on the subject emerged independently and from widely separated locations in the world within a week of each other. Since that time, vulnerabilities have evolved along with systems, and several new threat vectors have consequently appeared. Although the supply chain ecosystem of Ethernet has reduced the vulnerability of billions of devices through use of standardised PHY solutions, other recent trends including the Internet of Things (IoT) in both industrial settings and the general population, High Frequency Trading (HFT) in the financial sector, the European General Data Protection Regulation (GDPR), and inexpensive drones have made it relevant again for consideration in the design of new products for privacy. One of the general principles of security is that vulnerabilities, once fixed, sometimes do not stay that way.Comment: 6 pages, 2 figures; accepted to the International Symposium and Exhibition on Electromagnetic Compatibility (EMC Europe 2018), 27--30 August 2018, in Amsterdam, The Netherland

TEMPEST Font Protects Text Data against RF Electromagnetic Attack

Nowadays an electromagnetic penetration process of electronic devices has a big significance. Processed information in electronic form could be protected in different ways. Very often used methods limit the levels of valuable emissions. But such methods could not always be implemented in commercial devices. A new solution (soft tempest) is proposed. The solution is based on TEMPEST font. The font does not possess distinctive features. This phenomenon causes that at an output of Side Channel Attack the possibilities of recognition of each character which appears on the reconstructed image for sources in the form of graphic lines (VGA and DVI) are limited. In this way the TEMPEST font protects processed data against electromagnetic penetration not only for VGA and DVI standards. The data are protected during printing them on laser printers too

Information Leakage from Optical Emanations

A previously unknown form of compromising emanations has been discovered. LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated optical signal that is significantly correlated with information being processed by the device. Physical access is not required; the attacker gains access to all data going through the device, including plaintext in the case of data encryption systems. Experiments show that it is possible to intercept data under realistic conditions at a considerable distance. Many different sorts of devices, including modems and Internet Protocol routers, were found to be vulnerable. A taxonomy of compromising optical emanations is developed, and design changes are described that will successfully block this kind of "Optical TEMPEST" attack.Comment: 26 pages, 11 figure

Looking towards the future: the changing nature of intrusive surveillance and technical attacks against high-profile targets

In this thesis a novel Bayesian model is developed that is capable of predicting the probability of a range of eavesdropping techniques deployed, given an attacker's capability, opportunity and intent. Whilst limited attention by academia has focused on the cold war activities of Soviet bloc and Western allies' bugging of embassies, even less attention has been paid to the changing nature of the technology used for these eavesdropping events. This thesis makes four contributions: through the analysis of technical eavesdropping events over the last century, technological innovation is shown to have enriched the eavesdropping opportunities for a range of capabilities. The entry barrier for effective eavesdropping is lowered, while for the well resourced eavesdropper, the requirement for close access has been replaced by remote access opportunities. A new way to consider eavesdropping methods is presented through the expert elicitation of capability and opportunity requirements for a range of present-day eavesdropping techniques. Eavesdropping technology is shown to have life-cycle stages with the technology exploited by different capabilities at different times. Three case studies illustrate that yesterday’s secretive government method becomes today’s commodity. The significance of the egress transmission path is considered too. Finally, by using the expert elicitation information derived for capability, opportunity and life-cycle position, for a range of eavesdropping techniques, it is shown that it is possible to predict the probability of particular eavesdropping techniques being deployed. This novel Bayesian inferencing model enables scenarios with incomplete, uncertain or missing detail to be considered. The model is validated against the previously collated historic eavesdropping events. The development of this concept may be scaled with additional eavesdropping techniques to form the basis of a tool for security professionals or risk managers wishing to define eavesdropping threat advice or create eavesdropping policies based on the rigour of this technological study.Open Acces

누설전자파를 위한 방사 보안 레벨 및 신호 복원

학위논문 (박사)-- 서울대학교 대학원 : 전기·컴퓨터공학부, 2013. 8. 김성철.In this dissertation, reconstruction of electromagnetic emanation security (EMSEC)-channel information for video display units and printer are reconstructed using the averaging technique and proposed adaptive deringing filter. Also, emission security limits are proposed based on the analysis of the indoor EMSEC-channel. An emitted waveform from equipment which manages the important information can be detected and restored intentionally using the sensitive antenna and high performance receiver. These documents related to the EMSEC have classified by high confidentiality so that these are prohibited to publish by military organization. For this reason, reasonable emission security limits for various electronic devices dealing with significant information are necessary. Firstly, we try to identify the exact a signal characteristics and the frequency components to measure and analyze the spectrum of electromagnetic waves which are contained information on personal computer (PC) and printer. The target devices are the desktop, laptop and laser printer which is generally used in the domestic offices in this study. The printer processed a large amount of information for a short period of time, there may be leaked the information in this process. To verify the leakage of electromagnetic spectrum that contains information, we measure and analyze the whole spectrum from 100 MHz to 1000 MHz. Secondly, we represent how to build the EMSEC-system and to restore the signal leakage of electromagnetic waves on the basis of the signal characteristics of the electromagnetic wave leakage of printer and video display unit (VDU) of PC. The parameters that can improve the performance of signal recovery of the leakage electromagnetic wave, it can be given antenna sensitivity, resolution bandwidth (RBW) of the receiver, and signal processing gain. To adjust the signal processing gain, antenna which have the high antenna gain, and the use of wider RBW on receiver are improved hardware of EMSEC system. Whereas image restoration algorithm for EMSEC system as post-processing is a portion corresponding to the software of EMSEC system. Techniques for increasing signal strength and noise reduction are particularly important when trying to measure compromising emanations because the magnitude of these signals can be extremely small. Averaging technique find to achieve maximum cross correlation between recorded electromagnetic leaked signals. That method is a practical, highly effective and widely used technique for increasing the signal-to-noise ratio (SNR) of a periodic signal, such as that generated by the image-refresh circuitry in a video display system. But, the printer and facsimile exhibit aperiodicity in their EMSEC-channel information during their operation state unlike video display systems. Since the aperiodic EMSEC-channel information of equipments such as printers and faxes is not involved in processing gain, the differences between periodic- and aperiodic compromising emanations need to be considered in order to establish emission security limits. In addition to, we propose the adaptive deringing filter to reconstruct the EMSEC- channel information from PC and printer. We can obtain that the minimum peak signal-to-noise ratio (PSNR) enhancement is 2 and maximum PSNR enhancement is 10 compared with the original reconstructed image. Next, we perform the EMSEC-channel measurements in the 100?1000 MHz frequency bands. Second, we analyze the pathloss characteristics of the indoor EMSEC-channel based on these measurements. We find the frequency correlation pathloss characteristics of compromising emanations to determine the reasonable total radio attenuation (TRA). Also, the pathloss exponent value have a range from 1.06 to 2.94 depending on frequency band and the CMs, which in turn differed with propagation environments. Through this EMSEC-channel analysis, we affirm that the TRA, which is one of the key parameters for determining the security limits for compromising emanations, follows the Rician distribution. However, previous work assumed that radio attenuations would have constant values. We found that the TRA does not show significant differences depending on the frequency bands and has the following range depending on the environment, 29?41dB at CM2, a 42?57 dB at CM3, a 47?57 dB at CM4, and 24?29 at CM5. In addition to, CM3 and CM4 have greater TRA than CM2 and CM5. Based on the experimental results of this study, we propose security limits on periodic as well as aperiodic EMSEC-channel information. The proposed security limits on compromising emanations are classified into two levels according to the TRA and the level of required confidentiality. Periodic emission security limits for class A is 24, 28, 35 dBμV/m in the 100-400 MHz, 400-900 MHz and 900-1000 MHz, respectively. And periodic emission security limits for class B is 4, 1, 3, 5 dBμV/m in the 100-200 MHz, 200-600 MHz, 600-700 MHz and 700-1000 MHz, respectively. Aperiodic emission security limits are weaker than the processing gain Gp, 23 dBi than periodic emission security limits owing to the redundancy caused by repetitive signals. So, that the periodic EMSEC-channel information is easily leaked and reconstructed, which results in a potential risk. Thus, the periodic emission security limits must be stronger than the aperiodic emission security limits. We can then compare our security limits with other security limits and existing civil and military EMC standards. Future works may include characterization and reconstruction of FAX, smartcard and other electronics. And it is need to EMSEC-channel analysis in more complex environments.Chapter 1 Introduction.............................................................1 1.1 Historic background and previous work......................................3 1.2 Motivation and scope...................................................................6 Chapter 2 Detection of Compromising Emanations................9 2.1 Introduction..................................................................................9 2.2 Compromising Emanations from Video Display Units.............10 2.2.1 Property of Video Display Units ..............................................10 2.2.2 Leakage path of Video Display Units........................................11 2.2.3Measurement system...................................................................13 2.2.4 Measurement result....................................................................15 2.3 Compromising Emanations from Printer...................................17 2.3.1 Property of Printer.....................................................................17 2.3.2 Leakage path of Printer..............................................................19 2.3.3 Measurement system..................................................................20 2.3.4 Measurement result....................................................................21 2.4 Conclusion..................................................................................23 Chapter 3 Reconstruction of Compromising Emanations.....25 3.1 Introduction................................................................................25 3.2 EMSEC system for Reconstruction...........................................26 3.3 Reconstruction of Compromising Emanations from Video Display Units....................................................................................26 3.3.1 Characteristics of EMSEC-channel information from VDUs...26 3.3.2 Reconstruction result.................................................................30 3.4 Reconstruction of Compromising Emanations from Printer… 31 3.4.1 Characteristics of EMSEC-channel information from Printer..31 3.4.2 Reconstruction result.................................................................34 3.5 Adaptive Deringing Filter for EMSEC-channel information Reconstruction..................................................................................36 3.6 Conclusion..................................................................................40 Chapter 4 Characteristic of Frequency Correlation EMSEC-Channel in indoor environments............................................42 4.1 Introduction................................................................................42 4.2 Measurement methodology........................................................43 4.2.1 Measurement system..................................................................43 4.2.2 Measurement scenario and environment...................................43 4.3 Analysis of indoor EMSEC-Channel for Compromising Emanations…………………………………..................................46 4.3.1 Frequency correlation property of indoor EMSEC-Channel....47 4.3.2 Pathloss characteristics of indoor EMSEC-Channel.................52 4.4 Conclusion..................................................................................56 Chapter 5 Emission Security Limits for Compromising Emanations.............................................................................58 5.1 Introduction................................................................................58 5.2 Parameters for Emission Security Limits …………………….58 5.2.1 Total radio attenuation...............................................................60 5.2.2 Radio noise.................................................................................65 5.2.3 Antenna gain..............................................................................67 5.2.4 Signal processing gain...............................................................68 5.2.5 Minimum SNR for reconstruction.............................................69 5.2.6 Receiver noise figure.................................................................70 5.2.7 Calculation of emission security limits.....................................71 5.3 Proposed Emission Security Limits...........................................72 5.4 Comparison with Public Standards and Other Security Limits.75 5.4.1 CISPR 22 and MIL-STD-461E.................................................75 5.4.2 Security limits for Markus Kuhn...............................................76 5.4.3 ITU-T K.84 Guidelines..............................................................78 5.5 Conclusion..................................................................................84 Chapter 6 Summary and Further Study.................................86 Bibliography 90 Abstract in Korean.................................................................95Docto