transmission security emission security tempest raul grajales
TRANSCRIPT
Transmission SecurityTransmission SecurityEmission SecurityEmission Security
TempestTempest
Raul Grajales
What Does It All Mean?
TRANSEC: Transmission Security– The component of communications security that results from the
application of measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis.
EMSEC: Emission Security– The protection resulting from all measures designed to deny
unauthorized persons information of value that might be derived from intercept and analysis of compromising emanations from other than crypto-equipment and telecommunications systems.
TEMPEST: Transient Electromagnetic Pulse Emanation Standard – Is a U.S. government code word that identifies a classified set of
standards for limiting electric or electromagnetic radiation emanations from electronic equipment.
– It’s both a specification for equipment and a term used to describe the process for preventing compromising emanations.
TRANSEC
Refers To Not Only Obfuscating Data, But Hiding The Fact That It Even Exists
History: (In Ancient Times) – A messenger’s hair would be shaved– Message would be tattooed onto the skull– The hair would be allowed to grow back in – Then the messenger was sent on his way – The recipient would then shave the messenger again
in order to retrieve the message
TRANSECTransmission Security
TRANSEC does NOT involve Encryption – But How The Data Signal is Sent Out
Burst Sending Information– Use To Be Hard To Detect
Frequency– Frequency Modulation– Frequency Hopping– Spread Spectrum
Spread Spectrum History
Patented by – Hedy Lamaar– George Antheil
• (1942) Scheme to control armed torpedoes over long distances without the enemy detecting them or jamming their transmissions
Spread Spectrum Used– 1962 – Secured communications during Cuban Missile Crisis– 1990’s – Used In Cellular Phones
Low Observables
Low Probability of Detection (LPD)– Definition: there is a low probability that the opposition will be aware
that there is any transmission• Examples: burst mode, frequency hopping, spread spectrum (when first
introduced) Low Probability of Interception (LPI)
– Definition: there is a low probability that the opposition will be able to intercept (read) the data stream, even though they may be aware that there is a transmission
• Examples: burst mode, frequency hopping, spread spectrum after better detection technologies were developed
Comments– Burst mode, frequency hopping, spread spectrum are all neither LPD or
LPI in with today's technology– Multiple Input/Multiple Output (MIMO) is a current research area in
LPD/LPI RF communications– LPD/LPI technology and detection technology is an ongoing "arms
race"
EMSECEmissions Security
Refers To Preventing A System From Being Attacked Using Compromising Emanations– Conducted Electromagnetic Signals– Radiated Electromagnetic Signals– Compromising Vibrations
• Speech (Confidential)
How Important Is It
Government – Spent As Much On EMSEC As It Has On
Cryptography
Commercial World– Smart Card Security Set Back
History EMSEC
Crosstalk on Telephone Wires (1914)– Field Telephone wires using single core insulated
cable• Earth Leakage caused crosstalk including messages from
enemy side. – 100 yards for telephony, 300 yards for Morse Code.
• Listening Posts & Protective Measures Introduced
Smart Cards (1996)– Attacked by inserting glitches in power & clock lines– Crypto keys found by appropriate processing of
precise measurements of the current drawn by the card
Common EMSEC Attacks
Most attacks are not those that exploit some unintended design feature of innocuous equipment– But those in which a custom-designed device is
introduced by the attacker
Data That Is Captured By A Device– Not Secure, No Matter How Well Its Protected
• Encryption & Access Controls
– Subsequent Protective Measures Are NOT Likely To Help
EMSEC Attack Devices
Off The Shelf Mobile Radio Technology– Simple Radio Microphone– Radio Transmitting TV Camera
Exotic Devices– 1946 Class of school children presented a US ambassador with a
wooden replica of the Great Seal of the US, and he hung it on the wall of the office in his residence
– 1952 Found to contain a resonant cavity • Acted as a microphone when illuminated by microwaves from
outside the building, and retransmitted the conversations– Embassies in Moscow were regularly irradiated with microwaves
EMSEC Attack Devices
Laser Microphones– Work by shining a laser at a reflective surface where
the target conversation is taking place– The sound waves modulate the reflected light which
can be picked up and decoded at a distance
High-End Devices– Low Probability Of Intercept Radio Techniques such
as frequency hopping and burst transmission. They can be turned on & off remotely. Harder to Find.
Prevention Devices
Nonlinear Junction Detector– Device that can find hidden electronic equipment at
close range
Surveillance Receivers– Sweep 10kHz-3GHz Look for signals that cant be
explained as broadcast, police, air traffic control, etc.
Electromagnetic Shielding– Double Pane Windows To Prevent Laser Microphones
Prevention DevicesWhere Does It End?
Greater scope of attack as equipment begins to contains more features– Cordless phones are easy to eavesdrop– PBX can be reprogrammed to support
surveillance– Laptops with microphones can record
messages in a room and email them to the attacker
Furby Remembers & Randomly Repeats Things Said In Its Presence
*EMSEC ALERT
Type of EMSEC Attacks
Passive Attacks– Attacks in which the opponent makes use of whatever
electromagnetic signals are presented to him without any effort to create
• Hijack – conducted over a circuit – Power Line Or Phone Line
• Tempest – radiated as a radio frequency energy
– Electromagnetic Eavesdropping Active Attacks
– Disruptive Electromagnetic Attacks
Passive Attacks
Leakage through Power & Signal Cables– Red/Black Separation
• Red equipment (carrying confidential data such as plaintext) has to be isolated by filters and shields from Black equipment (which can send signals directly to the outside world)
• Red/Black Cipher Machines must meet standards for emission security (Tempest-Protected Systems)
– NACISM 5100A, NATO AMSG 720B
– Power Analysis, Rail Noise Analysis• Measure current drawn from power supply of SmartCards
– Can Deduce Key If Knows The SmartCard Design
Passive Attacks
Leakage through RF Signals– IBM machine with a 1.5MHz clock & Radio
Tuned to this frequency creates a loud whistle– Video Display Units emit a weak TV signal
• A VHF/UHF radio signal modulated with a distorted version of the image currently being displayed
• Contrary to popular belief, LCD displays are also generally easy for an eavesdropper
Prevent VDU Leakage Most information bearing RF energy from a VDU is
concentrated in the top of the spectrum– Filter out top 30% of the Fourier Transform of a standard font by
convolving it with a suitable low pass filter [sin(x)/x]
Page of Normal Text
Same Text, Low Pass Filtered
Screen Shot, Filtered TextScreen Shot, Normal Text
Normal Text
Page of Filtered Text
Active Attacks
Tempest Viruses Nonstop Glitching Differential Fault Analysis Combination Attacks Commercial Exploitation
Active Attacks
Tempest Viruses– Software-Based RF exploits
• Virus infects a computer and makes it transmit secret data to a radio receiver hidden nearby.
Nonstop– Exploitation of RF emanations that are accidentally
induced by nearby radio transmitters & other RF sources
• Phone’s transmitter may induce currents that get modulated with sensitive data by the nonlinear junction effect and reradiated
• Mobile Phones banned within 5 meters of classified equipment
Active Attacks (cont.) Glitching
– Changing Power & Clock signals Attacker can step over Jump Instructions & Force Resets
Active Attacks (cont.)
Differential Fault Analysis– RSA Cards that aren’t protected against glitches– S = h(m)d (mod pq) carried out mod p then mod q
• If card returns defective signature (Sp) which is correct modulo p but incorrect modulo q then we have:
p = gcd(pq, Spe – h(m)) Breaks System
Combination Attacks– Active & Passive attacks
• If PIN incorrect decrements counter which writes to EEPROM• Current consumed by card rises measurably
Commercial Exploitation– SFX Entertainment monitors what customers are playing on their
car radios
TEMPESTTransient Electromagnetic Pulse
Emanation Standard During the 1950's, the government became
concerned that emanations could be captured and then reconstructed– What Are Important Emanations
• Blender Vs. Electric Encryption Device
– Emanations can be recorded, interpreted, and then played back on a similar device
• Reveal the contents of an encrypted message (Smart Card)
– Research showed it was possible to capture emanations from a distance
• The TEMPEST program was started
Tempest Purpose
Introduce standards that would reduce the chances of “leakage” on devices used to:– Process, Transmit, or Store Sensitive Information
• TEMPEST computers and peripherals (printers, scanners, tape drives, mice, etc.) are used by government agencies and contractors to protect data from emanations monitoring.
• Shielding the device (or sometimes a room or entire building) with copper or other conductive materials.
• Active measures for “Jamming” electromagnetic signals.
Tempest History
The original 1950s emanations standard was called NAG1A.
During the 1960s it was revised and reissued as FS222 and later FS222A.
In 1970 the standard was significantly revised and published as National Communications Security Information Memorandum 5100 (Directive on TEMPEST Security)– Also known as NACSIM 5100– This was again revised in 1974
Tempest History (cont.)
Current national TEMPEST policy is set in National Communications Security Committee Directive 4, dated January 16, 1981– Instructs federal agencies to protect classified information
against compromising emanations– This document is known as NACSIM 5100A and is classified
The National Communications Security Instruction (NACSI) 5004 (classified Secret)– Published in January 1984– Provides procedures for departments and agencies to use in
determining the safeguards needed for equipment and facilities which process national security information in the United States
Tempest History (cont.)
National Security Decision Directive 145, dated September 17, 1984, designates the National Security Agency (NSA) as the focal point and national manager for the security of government telecommunications and Automated Information Systems (AISs).
NSA is authorized to review and approve all standards, techniques, systems and equipment for AIS security, including TEMPEST. – In this role, NSA makes recommendations to the National
Telecommunications and Information Systems Security Committee for changes in TEMPEST polices and guidance.
Product CycleTEMPEST Certified
Information Systems need to meet certain specifications as required by national TEMPEST policies and procedures
Objective is to minimize the risk of Hostile Intelligence Services (HOIS) exploiting unintentional emanations from intelligence systems
CONCEPTS DEVELOPMENT PHASE NO
DESIGN PHASE YES
DEVELOPMENT PHASE YES
DEPLOYMENT PHASE YES
OPERATIONS PHASE YES
RECERTIFICATION PHASE YES
DISPOSAL PHASE YES
Certified TEMPEST Technical Authority (CTTA)
An experienced, technically qualified U.S. Government employee who has met established certification requirements in accordance with:– National Security Telecommunications Information
Systems Security Committee (NSTISSC) approved criteria
• Appointed by a U.S. Government Department or Agency to fulfill CTTA responsibilities.
INSTALLATION REQUIREMENTS
All computer equipment and peripherals must meet the requirements of National Security Telecommunications Information Systems Security Advisory Memorandum (NSTISSAM) TEMPEST/1-92 and be installed IAW NSTISSAM TEMPEST/2-95, – RED/BLACK separation criteria or as determined by a CTTA.
The local TEMPEST Manager will oversee all such installations and coordinate on all accreditation documents resulting from the installation.
Use All Equipment As Intended. – All TEMPEST access doors, covers, and plates must be closed
and fastened. Unauthorized modifications, even for testing purposes, are strictly forbidden.
INSTALLATION REQUIREMENTS (cont.)
Additional TEMPEST requirements may exist if the equipment is not TEMPEST approved– In such a case, your local TEMPEST Manager
should be contacted for further guidance.
The local TEMPEST Manager must inspect all equipment installations.
INSTALLATION REQUIREMENTS (cont.)
Special prohibitions and installation requirements exist for all transmitters, modems, and other networking and communications devices or equipment. – Because of the broad range of this category, coordinate all
requests for these devices with your local TEMPEST Manager.
Do not consider a RED IS for any network which has any direct connection to a BLACK IS or other communications medium such as administrative telephone lines except through an approved cryptographic device.
INSTALLATION REQUIREMENTS (cont.)
Do not use acoustically coupled modems and transmitters or locate them in any secure area without specific written approval from your Designated Approving Authority (DAA).
You may use non-acoustic wire line modems with stand-alone, dedicated BLACK ISs providing that all appropriate telephone security requirements are met, consult with your local TEMPEST Manager.
Conclusion
Questions???