Optical TEMPEST

Research on optical TEMPEST has moved forward since 2002 when the first pair of papers on the subject emerged independently and from widely separated locations in the world within a week of each other. Since that time, vulnerabilities have evolved along with systems, and several new threat vectors have consequently appeared. Although the supply chain ecosystem of Ethernet has reduced the vulnerability of billions of devices through use of standardised PHY solutions, other recent trends including the Internet of Things (IoT) in both industrial settings and the general population, High Frequency Trading (HFT) in the financial sector, the European General Data Protection Regulation (GDPR), and inexpensive drones have made it relevant again for consideration in the design of new products for privacy. One of the general principles of security is that vulnerabilities, once fixed, sometimes do not stay that way.Comment: 6 pages, 2 figures; accepted to the International Symposium and Exhibition on Electromagnetic Compatibility (EMC Europe 2018), 27--30 August 2018, in Amsterdam, The Netherland

Information Leakage from Optical Emanations

A previously unknown form of compromising emanations has been discovered. LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated optical signal that is significantly correlated with information being processed by the device. Physical access is not required; the attacker gains access to all data going through the device, including plaintext in the case of data encryption systems. Experiments show that it is possible to intercept data under realistic conditions at a considerable distance. Many different sorts of devices, including modems and Internet Protocol routers, were found to be vulnerable. A taxonomy of compromising optical emanations is developed, and design changes are described that will successfully block this kind of "Optical TEMPEST" attack.Comment: 26 pages, 11 figure

Farmer attitudes and livestock disease: exploring citizenship behaviour and peer monitoring across two BVD control schemes in the UK

The eradication of BVD in the UK is technically possible but appears to be socially untenable. The following study explored farmer attitudes to BVD control schemes in relation to advice networks and information sharing, shared aims and goals, motivation and benefits of membership, notions of BVD as a priority disease and attitudes toward regulation. Two concepts from the organisational management literature framed the study: citizenship behaviour where actions of individuals support the collective good (but are not explicitly recognised as such) and peer to peer monitoring (where individuals evaluate other’s behaviour). Farmers from two BVD control schemes in the UK participated in the study: Orkney Livestock Association BVD Eradication Scheme and Norfolk and Suffolk Cattle Breeders Association BVD Eradication Scheme. In total 162 farmers participated in the research (109 in-scheme and 53 out of scheme). The findings revealed that group helping and information sharing among scheme members was low with a positive BVD status subject to social censure. Peer monitoring in the form of gossip with regard to the animal health status of other farms was high. Interestingly, farmers across both schemes supported greater regulation with regard to animal health, largely due to the mistrust of fellow farmers following voluntary disease control measures. While group cohesiveness varied across the two schemes, without continued financial inducements, longer-term sustainability is questionabl

Security test and evaluation of cross domain systems

In practicable multi-level secure systems it is necessary occasionally to transfer information in violation of security policy. Machines for doing this reliably and securely are called cross domain solutions; systems incorporating them are cross domain systems. Data owners, especially in classified environments, tend to distrust other data owners, other systems and networks, their own users, and developers of cross domain solutions. Hence, data owners demand rigorous testing before they will allow their information into a cross domain system. The interests of data owners are represented by certifiers and accreditors, who test newly developed cross domain solutions and newly installed cross domain systems, respectively. Accreditors have the authority to grant approval to operate and the responsibility for accepting residual risk. Certification and accreditation have always been expensive and time consuming, but there are hidden inefficiencies and unexploited opportunities to predict the actions of accreditors and to control the cost of certification. Some case studies of successful and unsuccessful security certifications and accreditations were analysed using grounded theory methodology. It was discovered that inefficiency arises from conflation of the principle of defence in depth with the practice of independent verification and validation, resulting in an irresistible appearance of cost savings to managers with a possible explanation in the relative maturity of different levels of software engineering organisations with respect to policy, process, and procedures. It was discovered that there is a simple rule relating certifier findings to developer responses that predicts the duration of penetration testing and can be used to bound the schedule. An abstract model of cross domain system accreditation was developed that is sufficiently powerful to reason about collateral, compartmented, and international installations. It was discovered that the behaviour of accreditors satisfies the criteria for reliable signalling in the presence of asymmetric information due to Akerlof, Spence, and Stiglitz.</p

Information Asymmetry in Classified Cross Domain System Security Accreditation

The difficulty of cross domain systems security accreditation lies inherent in the fact that, by definition, such systems always span at least one boundary between security domains controlled by different data owners. Consequently, approved solutions regularly encounter security testing criteria that represent the duplicated responsibility for residual risk of multiple security accreditors. Each data owner perceives a site-specific set of risks that would be desirable to mitigate, a technology-dependent set of risks that it is possible to mitigate, and a residual risk it is felt acceptable not to mitigate. Time and cost inefficiency in cross domain system accreditation are shown to originate

Unsteady Ground: Certification to Unstable Criteria

Cross Domain Systems for handling classified information complicate the certification test and evaluation problem, because along with multiple data owners comes duplicate responsibility for residual risk. Over-reliance on independent verification and validation by certifiers and accreditors representing different government agencies is interpreted as conflating the principle of defence-in-depth with the practice of repeated verification and validation testing. Using real-world examples of successful and unsuccessful certification test and evaluation efforts to guide the development of a new communication tool for accreditors, this research aims to reduce time and cost wasted on unnecessary retesting of the same or similar security requirements during security test and evaluation in multi-level environments