Modelling Causal Factors of Unintentional Electromagnetic Emanations Compromising Information Technology Equipment Security †

© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).Information technology equipment (ITE) processing sensitive information can have its security compromised by unintentional electromagnetic radiation. Appropriately assessing likelihood of a potential compromise relies on radio frequency (RF) engineering expertise—specifically, requiring knowledge of the associated causal factors and their interrelationships. Several factors that can cause unintentional electromagnetic emanations that can lead to the compromise of ITE have been found in the literature. This paper confirms the list of causal factors reported in previous work, categorizes the factors as belonging to threat, vulnerability, or impact, and develops an interpretive structural model of the vulnerability factors. A participatory modelling approach was used consisting of focus groups of RF engineers. The resulting hierarchical structural model shows the relationships between factors and illustrates their relative significance. The paper concludes that the resulting model can motivate a deeper understanding of the structural relationship of the factors that can be incorporated in the RF engineers’ assessment process. Areas of future work are suggested.Peer reviewe

Electromagnetic Compatibility in Wireline Communications

This document is a thesis submitted in partial fulfilment of the requirements of the University of Hertfordshire for the degree of Doctor of Philosophy (Part Time) in 'EMC in Wire-line Communications' in the School of Electronic, Communication and Electrical Engineering at the University of Hertfordshire. It describes a programme of research into the modelling and measurement of radio frequency interference emissions from various communication networks including Power Line (Tele)communications (PLC/PLT) and Digital Subscriber Line (DSL). An introduction and literature review are followed by the results of practical measurements on installed networks. These measurements include antenna gain and Longitudinal Conversion Loss (LCL). Power line communication networks, splitterless DSL and home phoneline networks in buildings are studied and modelled and the models are compared with the measured results. Improved EMC test methods are also described, in particular the modelling and design of four types of portable antennas for use in radiated EMC measurements with improved sensitivity at frequencies up to 30 MHz. The first type is a set of three manually tuned loop antennas covering 100 kHz - 30 MHz. The second is a set of three loop antennas that cover a similar frequency range but with remote tuning via an optical fibre link, under the control of software which also controls an EMC measuring receiver. The third type is a larger (1.6 m diameter) tuned loop covering 1.75 - 10 MHz that allows the measuring system noise floor to be below the typical atmospheric noise floor. The fourth type is an electrically short dipole covering 10 - 30 MHz with improved matching. The protection requirements for various types of radio communication services are analysed and are compared with emission levels from various types of wireline communication network. A review of existing applicable EMC standards and standards under development is also presented

A TEMPEST vulnerability prediction method for cyber security practitioners

© 2023 THE AUTHORS. Published by Elsevier BV on behalf of Faculty of Engineering, Alexandria University. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).Sensitive information can have its security compromised by unintentional electromagnetic emissions from the information technology equipment (ITE) being used to process it. It is important to assess the likelihood of a potential compromise, and this requires radio frequency (RF) engineering expertise to predict the likelihood of the vulnerability occurring. This paper describes the development of a fuzzy inference system that can be used to assess the radiated and conducted vulnerability likelihood of unintentional electromagnetic emanations. The system has the potential to be a valuable tool for cybersecurity practitioners without RF expertise. The system has been tested on office-based ITE devices, and it is effective in predicting the likelihood of radiated and conducted vulnerabilities occurring. Areas of future work include extending the fuzzy inference system to use RF propagation models and enabling it to make vulnerability likelihood predictions after countermeasures have been applied.Peer reviewe