• No results found

ch13 Emanation

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "ch13 Emanation"

Copied!
26
0
0

Loading.... (view fulltext now)

Download now ( 26 Page )

Full text

(1)
(2)

Definitions

Emanation:

Giving information as from a source

EMSEC :

Emission Security

Preventing a system from being attacked using

conducted or radiated electromagnetic signals

TRANSSEC:

Transmission Security

Preventing data from being attacked or intercepted

during the transmission.

TEMPEST:

Transient Electromagnetic Pulse Emanation

Standard

Government codeword that identifies a classified set of

standards for limiting electric or electromagnetic

radiation.

THEFT :

the act of stealing

Internet surveillance :

involves the monitoring of data and

(3)

History

Recordings and the "surveillance society"

issues of privacy, identity theft, and surveillance are not new

– Wiretapping/snooping/sniffing began as early as the U.S. Civil War, when both sides tapped into the other force's telegraph lines and simply copied down the messages.

1914: Leakage from telephone wires laid for miles parallel to enemy

trenches only a few hundred meters away caused crosstalk, allowing the enemy to listen.

1960: UK listened to secondary signal on French embassy cable to capture plaintext leaked from cipher machine.

Emanation surveillance in 1960’s – TV detector vans. British authorities checking who has a TV at home.

1990’s – Identity theft

(4)

EMSEC: Emission Security

All electric and electronic devices radiate emanations (or

electromagnetic signals) during operation.

Radiated signals may carry actual information.

Attacker may want to capture the radiated signals and

recreate some or all of the original information.

User being attacked will never know that someone

(5)

EMSEC: Vulnerabilities

Device Emanations

– All video displays (CRTs and LCDs) emit a weak TV signal.

– All cabling (serial cables using by ATMs and Ethernet cable used by PCs) emits signals too.

– Keyboard RF emissions modulated by currently pressed key. • Leakage to power lines.

Power circuits pick up RF signals and conduct them to

neighboring buildings.

• Power analysis: analyzing power supply current of electronic device over time.

(6)

EMSEC: Attacks

Passive Attacks – using captured electromagnetic signals to

gain information.

Wardriving.

Set up equipment in a car and capture the emitted signals

hoping to recover valuable information.

Also capture wireless broadcast signals

Electromagnetic Eavesdropping

Attack against Automatic Teller Machines.

Hijack

(7)

EMSEC: Attacks

TEMPEST Viruses

– Malware that scans infected computers for desired information, which it then broadcasts via RF signals.

– Change display when monitor not in use to send signal.

– Superimpose signal on monitor image, so that image not visible on monitor but visible to RF receiver.

Nonstop

– Mobile phone near equipment processing sensitive data can cause it to induce currents

– Currents can modulate data being processed

(8)

EMSEC: Attacks

Confidentiality attacks

Listening to high frequency signals on connected cables like

power lines.

Listening to electromagnetic radiation leaked from computer

devices.

Integrity attacks

Disrupting computations by inserting power glitches.

Availability attacks/Glitching

Inserting transients into power or clock signal to induce

useful errors.

(9)

EMSEC:Countermeasures

Attenuation:

Reduces the signal strength during transmission.

Decreases radiation perimeter. Attacker needs to get closer to

the source. Otherwise r

isks being caught

Banding :

Restricting the information to be in a specific band of

frequencies.

Attacker has to first find out which band of frequencies to scan.

(10)

EMSEC - Countermeasures

• Shielding :

– Equipment or Buildings shielded to prevent radiation from leaking from inside to outside or vice-versa.

– Wardriving attack no longer a problem. – May help against leakage.

• Zone of Control (Zoning) :

– most sensitive equipment is kept in the rooms furthest from the facility’s perimeter, and shielding is reserved for the most sensitive systems.

(11)

EMSEC - Countermeasures

Cabling Filtered Power

Filter cable and power supply noise.

Suppresses the conducted leakage.

Soft Tempest

Applied to commercial sector

Software techniques to filter, mask, or render

(12)

Emsec protection devices

Nonlinear junction detector

A device that can find hidden electronic

equipment at close range.

Surveillance receiver

The better ones sweep the radio spectrum from

10 KHz to 3 GHz every few tens of seconds, and

look for signals that can

t be explained as

(13)

TRANSSEC – Transmission Security

Information needs to be shared.

Must be transmitted over long distances.

Attacker may want to intercept the

(14)

TRANSSEC - Vulnerabilities

RF Fingerprinting

Identifying RF device based on the frequency behavior.

Radio Direction Finding (RDF)

locating the direction to a radio transmission.

Traffic Analysis

Cryptanalysis capture and analyze data ever a period of time

Signals collection

Collecting different signals and extracting information from

(15)

TRANSSEC - Attacks

• Eavesdropping

– Listening on voice conversations. • Sniffing

– Monitoring the traffic. • Jamming.

– Noise insertion

• Radio Frequency Interference (RFI)

(16)

TRANSSEC – Defenses

Low Probability of Detection (LPD)

Techniques used to make it hard for the attacker to detect presence of the signal. • Directional Signaling - send signals in a specific direction instead of broadcast in all

directions

• Line of Sight transmission - Used for short distance transmissions.

Low Probability of Interception (LPI)

Techniques used to make it hard for attackers to intercept the signals.

• Frequency hoppers - during transmission hop from frequency to frequency with predefined pseudorandom sequence

• Spread spectrum - Combine information-bearing sequence by a higher-rate pseudorandom sequence

• Burst transmission - send data in short bursts instead of continuous transmission • Encryption

– Symmetric encryption ( single key)

(17)

TEMPEST

Employing some of the defenses may not be

enough to secure entire system.

Attackers may find other loopholes to break

into systems or collect information.

Standards are needed to make sure that the

(18)

TEMPEST

Government standard defining how to make government

systems secured from an attacker.

Employs both EMSEC and TRASNSSEC techniques to limit the

emanations from electronic equipment.

Applies Strictly to classified facilities.

Individual electronic equipment.Rooms in buildings.

Entire buildings

Classified until 1995.

(19)

TEMPEST Red/Black Separation

Maintain distance or install shielding between

circuits and equipment used to handle

classified or sensitive information.

Classifications

RED -> classified or sensitive information.

BLACK -> normal unsecured equipment.

Includes equipment carrying encrypted signal.

Products must be manufactured under strict

(20)

Installation, Maintenance and Disposition of

TEMPEST Equipment

Installation and disposition of TEMPEST

equipment guidelines provided by National

Security Telecommunications and Information

Systems Security Advisory Memorandum

(NSTISSAM).

(21)

TEMPEST Procedures

TEMPEST Endorsement Program.

Establishes guidelines for vendors to manufacture,

produce, and maintain endorsed equipment.

Vendor must provide life cycle support for its

(22)

TEMPEST Program Development

• Guidelines for development of a maintenance and disposition program: – Consider the addition cost of the program.

– Ensure that data resident on the equipment is not compromised during the maintenance/disposition process.

– Keep a log of maintenance action for all TEMPEST equipment

• Date of maintenance.

• Action taken.

• Technician name.

(23)

TEMPEST Disposition Procedures

Use approved purging software to overwrite hard drives.

Maintain a log of the model and serial number of all equipment

disposed/destroyed.

• Destruction of TEMPEST equipment no longer required is recommended if transfer to another U.S. Government department/agency is impractical.

Serial numbers and any classified markings must be removed.

The equipment will be broken into pieces of such a nature as to preclude

restoration.

A destruction certificate will be prepared and signed by the witnessing individual.All residue will be returned as scrap metal to the Defense Reutilization

(24)

TEMPEST Accreditation

TEMPEST Countermeasures Review

Recommended countermeasures are threat driven, and based

on risk management principles.

Each site must be separately evaluated and inspected.

Sites cannot be approved automatically by being inside an

inspectable space.

Certification must apply to entire system.

Connecting a single unshielded component compromises the entire

(25)

THEFT

A considerable amount of personal

(26)

Theft Defenses

Limit physical access.

Keep critical systems in high security areas.

Case locks to prevent access to components.

Laptop locks to lock laptop to desk.

Visible equipment tags with serial numbers.

Phone-home software for tracing.

References

Download now ( PPTX - 26 Page - 103.96 KB )

Related documents

Offer Code For Mariners Tickets

Choose your contact mariners offer mariners photos from groupon canada coupon code because sale season ticket alerts for.. letter to you lyrics mc

Local Government Procurement Strategy. September 2008

Descriptio n Recognition of the importance of procurement to local government Focus on core procurement skills and capabilities Adoption of alternate procurement

Accounts Practicle

Assuming that the above agreement was duly carried out, show the necessary journal entries to record the above adjustment and prepare the balance sheet of the firm after the

Black Sea Trade and Development Bank Presentation

 International financial institution with supranational status and a mandate to foster economic growth and regional cooperation amongst its Member States in the Black Sea

FORT NELSON ELECTRICAL GENERATION PROJECT

On August 10, 1998, the Environmental Assessment Office (EAO) accepted for review an Application (the “Application”) for a Project Approval Certificate for the Fort Nelson

Consumer law enforcement and administration

The multiple regulator model for the ACL together with the myriad of specialist safety regimes and their regulators means that many consumer products are potentially subject to

Cyber School Cyber Jams Cyber Studios Mentor Program

YDACS Cyber Studios are also where our Student National Mentors and Student National Fellows jam on their advanced projects, research, and development so you can see

Background Error Covariance Estimation using Information from a Single Model Trajectory with Application to Ocean Data Assimilation into the GEOS-5 Coupled Model

Reduction of RMS OMF over the corresponding RMS OMF from the control run without data assimilation for a assimilated Argo T and b unassimilated Argo S data in runs assimilating the