누설전자파를 위한 방사 보안 레벨 및 신호 복원

학위논문 (박사)-- 서울대학교 대학원 : 전기·컴퓨터공학부, 2013. 8. 김성철.In this dissertation, reconstruction of electromagnetic emanation security (EMSEC)-channel information for video display units and printer are reconstructed using the averaging technique and proposed adaptive deringing filter. Also, emission security limits are proposed based on the analysis of the indoor EMSEC-channel. An emitted waveform from equipment which manages the important information can be detected and restored intentionally using the sensitive antenna and high performance receiver. These documents related to the EMSEC have classified by high confidentiality so that these are prohibited to publish by military organization. For this reason, reasonable emission security limits for various electronic devices dealing with significant information are necessary. Firstly, we try to identify the exact a signal characteristics and the frequency components to measure and analyze the spectrum of electromagnetic waves which are contained information on personal computer (PC) and printer. The target devices are the desktop, laptop and laser printer which is generally used in the domestic offices in this study. The printer processed a large amount of information for a short period of time, there may be leaked the information in this process. To verify the leakage of electromagnetic spectrum that contains information, we measure and analyze the whole spectrum from 100 MHz to 1000 MHz. Secondly, we represent how to build the EMSEC-system and to restore the signal leakage of electromagnetic waves on the basis of the signal characteristics of the electromagnetic wave leakage of printer and video display unit (VDU) of PC. The parameters that can improve the performance of signal recovery of the leakage electromagnetic wave, it can be given antenna sensitivity, resolution bandwidth (RBW) of the receiver, and signal processing gain. To adjust the signal processing gain, antenna which have the high antenna gain, and the use of wider RBW on receiver are improved hardware of EMSEC system. Whereas image restoration algorithm for EMSEC system as post-processing is a portion corresponding to the software of EMSEC system. Techniques for increasing signal strength and noise reduction are particularly important when trying to measure compromising emanations because the magnitude of these signals can be extremely small. Averaging technique find to achieve maximum cross correlation between recorded electromagnetic leaked signals. That method is a practical, highly effective and widely used technique for increasing the signal-to-noise ratio (SNR) of a periodic signal, such as that generated by the image-refresh circuitry in a video display system. But, the printer and facsimile exhibit aperiodicity in their EMSEC-channel information during their operation state unlike video display systems. Since the aperiodic EMSEC-channel information of equipments such as printers and faxes is not involved in processing gain, the differences between periodic- and aperiodic compromising emanations need to be considered in order to establish emission security limits. In addition to, we propose the adaptive deringing filter to reconstruct the EMSEC- channel information from PC and printer. We can obtain that the minimum peak signal-to-noise ratio (PSNR) enhancement is 2 and maximum PSNR enhancement is 10 compared with the original reconstructed image. Next, we perform the EMSEC-channel measurements in the 100?1000 MHz frequency bands. Second, we analyze the pathloss characteristics of the indoor EMSEC-channel based on these measurements. We find the frequency correlation pathloss characteristics of compromising emanations to determine the reasonable total radio attenuation (TRA). Also, the pathloss exponent value have a range from 1.06 to 2.94 depending on frequency band and the CMs, which in turn differed with propagation environments. Through this EMSEC-channel analysis, we affirm that the TRA, which is one of the key parameters for determining the security limits for compromising emanations, follows the Rician distribution. However, previous work assumed that radio attenuations would have constant values. We found that the TRA does not show significant differences depending on the frequency bands and has the following range depending on the environment, 29?41dB at CM2, a 42?57 dB at CM3, a 47?57 dB at CM4, and 24?29 at CM5. In addition to, CM3 and CM4 have greater TRA than CM2 and CM5. Based on the experimental results of this study, we propose security limits on periodic as well as aperiodic EMSEC-channel information. The proposed security limits on compromising emanations are classified into two levels according to the TRA and the level of required confidentiality. Periodic emission security limits for class A is 24, 28, 35 dBμV/m in the 100-400 MHz, 400-900 MHz and 900-1000 MHz, respectively. And periodic emission security limits for class B is 4, 1, 3, 5 dBμV/m in the 100-200 MHz, 200-600 MHz, 600-700 MHz and 700-1000 MHz, respectively. Aperiodic emission security limits are weaker than the processing gain Gp, 23 dBi than periodic emission security limits owing to the redundancy caused by repetitive signals. So, that the periodic EMSEC-channel information is easily leaked and reconstructed, which results in a potential risk. Thus, the periodic emission security limits must be stronger than the aperiodic emission security limits. We can then compare our security limits with other security limits and existing civil and military EMC standards. Future works may include characterization and reconstruction of FAX, smartcard and other electronics. And it is need to EMSEC-channel analysis in more complex environments.Chapter 1 Introduction.............................................................1 1.1 Historic background and previous work......................................3 1.2 Motivation and scope...................................................................6 Chapter 2 Detection of Compromising Emanations................9 2.1 Introduction..................................................................................9 2.2 Compromising Emanations from Video Display Units.............10 2.2.1 Property of Video Display Units ..............................................10 2.2.2 Leakage path of Video Display Units........................................11 2.2.3Measurement system...................................................................13 2.2.4 Measurement result....................................................................15 2.3 Compromising Emanations from Printer...................................17 2.3.1 Property of Printer.....................................................................17 2.3.2 Leakage path of Printer..............................................................19 2.3.3 Measurement system..................................................................20 2.3.4 Measurement result....................................................................21 2.4 Conclusion..................................................................................23 Chapter 3 Reconstruction of Compromising Emanations.....25 3.1 Introduction................................................................................25 3.2 EMSEC system for Reconstruction...........................................26 3.3 Reconstruction of Compromising Emanations from Video Display Units....................................................................................26 3.3.1 Characteristics of EMSEC-channel information from VDUs...26 3.3.2 Reconstruction result.................................................................30 3.4 Reconstruction of Compromising Emanations from Printer… 31 3.4.1 Characteristics of EMSEC-channel information from Printer..31 3.4.2 Reconstruction result.................................................................34 3.5 Adaptive Deringing Filter for EMSEC-channel information Reconstruction..................................................................................36 3.6 Conclusion..................................................................................40 Chapter 4 Characteristic of Frequency Correlation EMSEC-Channel in indoor environments............................................42 4.1 Introduction................................................................................42 4.2 Measurement methodology........................................................43 4.2.1 Measurement system..................................................................43 4.2.2 Measurement scenario and environment...................................43 4.3 Analysis of indoor EMSEC-Channel for Compromising Emanations…………………………………..................................46 4.3.1 Frequency correlation property of indoor EMSEC-Channel....47 4.3.2 Pathloss characteristics of indoor EMSEC-Channel.................52 4.4 Conclusion..................................................................................56 Chapter 5 Emission Security Limits for Compromising Emanations.............................................................................58 5.1 Introduction................................................................................58 5.2 Parameters for Emission Security Limits …………………….58 5.2.1 Total radio attenuation...............................................................60 5.2.2 Radio noise.................................................................................65 5.2.3 Antenna gain..............................................................................67 5.2.4 Signal processing gain...............................................................68 5.2.5 Minimum SNR for reconstruction.............................................69 5.2.6 Receiver noise figure.................................................................70 5.2.7 Calculation of emission security limits.....................................71 5.3 Proposed Emission Security Limits...........................................72 5.4 Comparison with Public Standards and Other Security Limits.75 5.4.1 CISPR 22 and MIL-STD-461E.................................................75 5.4.2 Security limits for Markus Kuhn...............................................76 5.4.3 ITU-T K.84 Guidelines..............................................................78 5.5 Conclusion..................................................................................84 Chapter 6 Summary and Further Study.................................86 Bibliography 90 Abstract in Korean.................................................................95Docto

Compromising emanations: overview and system analysis

Рассмотрена задача побочных электромагнитных излучений опасных сигналов в ближней, промежуточной и дальней зонах. Проанализированы экспериментальные данные побочных электромагнитных излучений различных технических средств. Предложен системный анализ для нахождения и изучения побочных электромагнитных излучений. Целью данного подхода является создание корректной теоретической базы в области технической защиты информации. Рассмотрен метод векторных нестационарных потенциалов для нахождения компонент электромагнитного поля опасных сигналов в ближней, промежуточной и дальней зонах излучения. Применение нового метода позволяет исследовать побочные электромагнитные излучения технических средств во временной и в частотной области

TEMPEST Font Protects Text Data against RF Electromagnetic Attack

Nowadays an electromagnetic penetration process of electronic devices has a big significance. Processed information in electronic form could be protected in different ways. Very often used methods limit the levels of valuable emissions. But such methods could not always be implemented in commercial devices. A new solution (soft tempest) is proposed. The solution is based on TEMPEST font. The font does not possess distinctive features. This phenomenon causes that at an output of Side Channel Attack the possibilities of recognition of each character which appears on the reconstructed image for sources in the form of graphic lines (VGA and DVI) are limited. In this way the TEMPEST font protects processed data against electromagnetic penetration not only for VGA and DVI standards. The data are protected during printing them on laser printers too

Information Leakage from Optical Emanations

A previously unknown form of compromising emanations has been discovered. LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated optical signal that is significantly correlated with information being processed by the device. Physical access is not required; the attacker gains access to all data going through the device, including plaintext in the case of data encryption systems. Experiments show that it is possible to intercept data under realistic conditions at a considerable distance. Many different sorts of devices, including modems and Internet Protocol routers, were found to be vulnerable. A taxonomy of compromising optical emanations is developed, and design changes are described that will successfully block this kind of "Optical TEMPEST" attack.Comment: 26 pages, 11 figure

Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels

We show that subtle acoustic noises emanating from within computer screens can be used to detect the content displayed on the screens. This sound can be picked up by ordinary microphones built into webcams or screens, and is inadvertently transmitted to other parties, e.g., during a videoconference call or archived recordings. It can also be recorded by a smartphone or "smart speaker" placed on a desk next to the screen, or from as far as 10 meters away using a parabolic microphone. Empirically demonstrating various attack scenarios, we show how this channel can be used for real-time detection of on-screen text, or users' input into on-screen virtual keyboards. We also demonstrate how an attacker can analyze the audio received during video call (e.g., on Google Hangout) to infer whether the other side is browsing the web in lieu of watching the video call, and which web site is displayed on their screen