Академический Документы
Профессиональный Документы
Культура Документы
TEMPEST
Artur Zak
CS 996 – Information Security
Management
March 30, 2005
Overview
Definitions
History
EMSEC
TRANSSEC
TEMPEST
POSA Example
Homework
Definitions
EMSEC - Emission Security
Preventing a system from being attacked using conducted or
radiated electromagnetic signals
TRANSSEC - Transmission Security
Preventing data from being attacked or intercepted during the
transmission.
TEMPEST – Transient Electromagnetic Pulse
Emanation Standard
Government codeword that identifies a classified set of
standards for limiting electric or electromagnetic radiation.
History
1884 – Crosstalk
Two-wire circuits stacked on tiers of crosstrees on
supporting poles.
Solution – twisted pair cables.
1914 – compromising emanations in warfare.
Earth
leakage caused a lot crosstalk including
messages from the enemy.
Solution – abolish earth-return circuits within 3,000 yeards of
the front.
History
1960’s – TV detector vans.
British authorities checking who has a TV at
home.
TEMPEST Viruses
Using computer to play a tune, turning it into low-grade radio
transmitter.
Nonstop
Using Phones near transmitters can cause to data to be
modulated by the phone and transmitted.
Glitching
Used to attack smartcards, but inducing a useful error.
EMSEC – Countermeasures
Attenuation – opposite of amplification. Reduce
the signal strength during transmission.
Decreases radiation perimeter. Attacker needs to get
closer to the source.
Risks being caught by the authorities.
Banding – restricting the information to be in a
specific band of frequencies.
Attackerhas to first find out which band of
frequencies to scan.
If in a wrong band, only partial messages can be recovered.
EMSEC - Countermeasures
Shielding – Equipment or Buildings shielded to prevent
radiation from leaking from inside to outside or vice-
versa.
Wardriving attack no longer a problem.
May help against leakage.
Zone of Control (Zoning) – most sensitive equipment is
kept in the rooms furthest from the faciliti’s perimeter,
and shielding is reserved for the most sensitive systems.
May stop wardriving if attacker is not able to penetrate the
perimiter of the facility.
EMSEC - Countermeasures
Cabling Filtered Power
Filters cable and power supply noise.
Suppresses the conducted leakage.
Soft Tempest
Applied to commercial sector
Software techniques to filter, mask, or render
incomprehensible information bearing
electromagnetic emanations from a computer
system.
TRANSSEC – Transmission
Security
Information needs to be shared.
Must be transmitted over long distances.
Attacker may want to intercept the
information while in transit.
TRANSSEC - Vulnerabilities
RF Fingerprinting
Identifying RF device based on the frequency
behavior.
Radio Direction Finding (RDF)
Triangulatingthe signal of interest using directional
antennas at two monitoring stations.
Traffic Analysis
Signals collection
Collectingdifferent signals and extracting information
from them.
TRANSSEC - Attacks
Eavesdropping
Listening on voice conversations.
Covert Channels
Mechanism that though now designed for communication can
nonetheless be abused to allow information to be communicated
down from High to Low.
Sniffing
Monitoring the traffic.
Jamming.
Noise insertion
Active Deception
TRANSSEC – Defenses
Low Probability of Detection (LPD)
Techniques used to make it hard for the attacker to
detect presence of the signal.
Directional Signaling
Line of Sight transmission
Low Probability of Interception (LPI)
Techniques used to make it hard for attackers to
intercept the signals.
Frequency hoppers
Spread spectrum
Burst transmission
TRANSSEC - Defenses
Burst Transmission – send data in short bursts
instead of continuous transmission.
Employed by spies during WW II.
Attacker never knows when the data is sent.
Directional signaling – send signals in a specific
direction instead of broadcast in all directions.
Attacker has to first find out in which direction the
signal is transmitted.
Requires more complicated equipment to identify the source
of transmission.
TRANSSEC - Defenses
Frequency Hopping – during transmission hop from
frequency to frequency with predefined pseudorandom
sequence.
The receiver know the same sequence, therefore it knows which
frequency to tune in.
Attacker must know the exact sequence to be able to capture the
message.
Used in 2G and 3G cell phones.
Line of Sight – Used for short distance transmissions.
Optical transmission.
IR transmission.
Attacker needs to be in plain view, risking being exposed.
TRANSSEC - Defenses
Spread Spectrum
Combine information-bearing sequence by a
higher-rate pseudorandom sequence.
Makes it hard to intercept.
Used in CDMA and GSM phones.
TEMPEST
Employing some of the defenses may not
be enough to secure entire system.
Attackers may find a loophole, and break
into a system.
Standards are needed to make sure that
the system is secured enough from both
emanations and during transmission.
TEMPEST
Government standard defining how to make
government systems secured from an attacker.
Employs both EMSEC and TRASNSSEC techniques
to limit the emanations from electronic equipment.
Applies Strictly to classified facilities.
Individual electronic equipment.
Rooms in buildings.
Entire buildings
Classified until 1995.
After 1995 only basic information declassified.
TEMPEST Red/Black Separation
1 Sale information
7 Complete Trans.
POSA
2 Display 3 User CC
6 Y/N
Register Sale Info information
USER
Homework
Perform EMSEC/TRANSSEC risk analysis
on GTS system.
Identifythe emanation and transmission
vulnerabilities.
Make recommendations as to which
countermeasures should be used to eliminate
the threat.