Title: Seizing the Signals
1Seizing the Signals
2Reading List
- This class
- Denning Chapters 7
- Federation of American Scientists, Intelligence
Resource Program, http//www.fas.org/irp/index.htm
l - Legal Standards for the Intelligence Community
in Conducting Electronic Surveillance, Report
was required by the FY 2000 Intelligence
Authorization Act, and was transmitted to
Congress at the end of February 2000,
http//www.fas.org/irp/nsa/standards.html - Introduction to TEMPEST, The Complete and
unofficial TEMPEST Information Place
http//www.eskimo.com/joelm/tempestintro.html - NSA, TEMPEST endorsement program,
http//www.nsa.gov/ia/industry/tempest.cfm
3Signal Intelligence (SIGINT)
- Operations that involves
- interception
- analysis
- of signals across electromagnetic spectrum.
- Intelligence report, criminal investigations,
employee monitoring - Digital signal processing
- Communication intelligence (COMINT)
- Electronic intelligence (ELINT)
- Imagery intelligence (IMINT)
4Domestic Surveillance
- Surveillance of own citizens
- Legislations
- Circumstances permitting surveillance
- Limits
- Amount and kind of surveillance
- U.S. Constitutional law
- Fourth Amendment prohibition against
unreasonable searches and seizures (e.g., wiretap)
5Foreign Intelligence Intercepts
- National Security Agency
- Monitor everything (microwave, satellite, phone,
etc.) - Information about allies and enemies
- Disallowed to spy on U.S. citizens
- NSAs ears cover the globe
- Political and military intelligence (nuclear
weapons, chemical warfare, etc.) - Government trade secrets and economical
information - Terrorist activities
6Echelon
- An automated, global interception and relay
system - Purpose Surveillance of non-military targets
(e.g., government, organizations, businesses) - Five nations alliance
- Primary partners U.S. and U.K.
- Junior partners New Zealand, Canada, Australia
7Echelon
- U.S. - National Security Agency
- U.K. - Government Communications Headquarters
(GCHQ) - Canada - Communications Security Establishment
(CSE) - Australia - Defence Signals Directorate (DSD)
- New Zealand - Government Communications Security
Bureau (GCSB)
8Echelon
- Goal
- intercept large quantities of communication
- Analyze (semi-automated) gathered data
- Identify and extract messages of interest
- What messages are retained?
- Key words categories
- Human verification
- Who has access to them?
9History
- WWII informal agreement regarding intelligence
gathering between the U.S. and U.K. - 1943, May 17 U.K. and U.S. BRUSA COMINT
- U.S. Army SIGINT Agency, British Code and Cipher
School - 1946-47 Commonwealth SIGINT (UK, Canada,
Australia and New Zealand) - 1988 Duncan Campbell, an English Journalist,
published a report on Echelon (1976 The
Eavesdroppers) - 1996 Nicky Hagers book, New Zealand journalist,
Secret Power New Zealands role in
International Spy Network - 2000 Echelon is investigated by news, government
councils, civil liberty groups, etc.
10Use of Intelligence
- National security
- 1962 Discovery of Missile sites in Cuba
- 1995 Capture of Achille Lauro terrorists
- Government and military intelligence
- 1983 M. Frost Prime Minister Margaret Thatcher
used Echelon to spy on the two ministers
(http//news.bbc.co.uk/1/hi/uk_politics/655996.stm
) - Economic intelligence
- Boeing vs. Airbus
- D. Campbell US companies gain an edge over the
European companies
11The Positive Aspects
- Increased national security
- Preventive measures
- Global effects
- Global commerce
- Communication infrastructure
-
12Negative Aspects
- Global balance
- Privacy issues
- Misuse
- Law
- Error of analysis
- Large amount of data
- Sophistication of analysis
- Use of results
13Other Surveillance Issues
14Eavesdropping
Tools microphone receivers, Tape recorder,
phone bugs, scanners, Radio receivers,
satellite receivers, spy satellites, Network
sniffing, etc.
15Computer CommunicationsTCP/IP Protocol Stack
Application Layer
- Each layer interacts with
- neighboring layers above
- and below
- Each layer can be defined
- independently
- Complexity of the networking is hidden from
the application
Transport Layer
Internetwork Layer
Network Access Layer
At what layer should we support security?
16Security Needs
- Basic services that need to be implemented
- Key management
- Confidentiality
- Nonrepudiation
- Integrity/authentication
- Authorization
17Network Access Layer Security
- Dedicated link between hosts/routers ? hardware
devices for encryption - Advantages
- Speed
- Disadvantages
- Not scalable
- Works well only on dedicates links
- Two hardware devices need to be physically
connected
18Internetwork Layer Security
- IP Security (IPSec)
- Advantages
- Overhead involved with key negotiation decreases
lt-- multiple protocols can share the same key
management infrastructure - Ability to build VPN and intranet
- Disadvantages
- Difficult to handle low granularity security,
e.g., nonrepudation, user-based security,
19Transport Layer Security
- Advantages
- Does not require enhancement to each application
- Disadvantages
- Difficult to obtain user context
- Implemented on an end system
- Protocol specific ? implemented for each protocol
20Application Layer Security
- Advantages
- Executing in the context of the user --gt easy
access to users credentials - Complete access to data --gt easier to ensure
nonrepudation - Application can be extended to provide security
(do not depend on the operating system) - Application understand data --gt fine tune
security - Disadvantages
- Implemented in end hosts
- Security mechanisms have to be implemented for
each application --gt - expensive
- greated probability of making mistake
21Passive Attack
- Access to confidential data and traffic pattern
- Privacy rights
- U.S. federal wiretap law
- Illegal for an individual to eavesdrop
intentionally on wire, oral or electronic
communications - Home usage? Bug your phone? Hidden recorders?
- Company monitoring? Computer vs. telephone?
- Eavesdropping device manufacture, sale, possess,
advertise - Legal/illegal
22Message Deciphers
- Available encryption technology
- Cryptanalysis
- Technology
- Brute force attack
- Other means
- Spy, social engineering, eavesdropping, keystroke
monitoring, hacking, etc. - Release information ? give our capabilities
- National defense, tactical, ethical, etc.?
23Surveillance Difficulties
- New Technologies
- 1994 U.S. Congress Communication Assistance or
Law Enforcement Act (digital telephony bill - Encryption
- Data authenticity and integrity
24TEMPEST
25TEMPEST
- U.S. government code classified set of
standards for limiting electric and magnetic
radiation emanations from electronic equipments. - Investigations and studies of compromising
emanations.
26Compromising Emanations
- Unintentional intelligence-bearing signals that
if intercepted and analyzed can disclose
classified information. - Intercepted when transmitted, handled, or
processed - Tempest equipment remotely mirror what is being
done on a remote device, e.g., video monitor,
cable wire, processing unit, etc.
27Unintentional Emanations
- Normal operation of system
- Deliberate or accidental exposure to unusual
environment - Software induced
- Security Considerations
- Traditional
- Unauthorized access to the system requires
knowledge about the system, applications,
configuration, can be detected, limited time
frame, etc. - Upcoming
- Exploitation of compromising signals
28TEMPEST History
- U.S. government concern about capture and
reconstruction of emanations from high-security
devices used to process, transmit, store
sensitive data - 1950s Introduce standards to limit leakage
NAG1A - 1960s revise NAG1A to FS222 and FS222A
- 1970s revise standards National Communications
Security Information memorandum 5100 (NACSIM) - 1974 revise NACSIM 5100
- 1981 National Communications Security Committee
Directive 4. MACSIM 5100A (classified) - 1984 National Communications Security
Instructions NACSI 5400 (secret) - 1984 National Security Directive 145. by NSA
- NSA Tempest a signal problem,
(http//www.nsa.gov/public_info/_files/cryptologic
_spectrum/tempest.pdf - NSA History of US Communications security,
http//www.nsa.gov/public_info/_files/cryptologic_
histories/history_comsec.pdf
29Military application
- WWI Enemy communications
- German army eavesdropped on enemy communication
while already implementing protection measures
against the same attacks against German
communications - 1960 MI5 tempest attack on cipher machines
- Limited publications
30Non-military Application
- 1966 open publication on the risk of tempest
attacks - 19821984 Swedish government publication on the
business risk of tempest attacks - 1985 van ECK screen content disclosure
- 1985 Bank ATM card info and PIN
- 1990 tamper resistant hardware smart card
31Electromagnetic Emissions
- Simplest form of electromagnetic fields
transmission and distribution lines, wall socket
power steady 60 hertz (U.S.), sinusoidal wave - Electric devices alter characteristics of
electromagnetic waves (frequency, power level,
wave form) - E.g., wave forms sinusoidal, sawtooth, spike,
square - Capture and interpret complex waves can be
captured, interpreted, and replayed on similar
device to create exact replica of the original
device - Field strength
- Reduced with the distance from the electric
device - Depends on the emanating device, e.g., type of
screen, CPU,
32COMSEC
- Four main parts
- Physical security ?
- Emission security
- Transmission security ?
- Cryptographic security ?
- Red equipment handles plain text information
with national security value - Black equipment protected (encrypted)
information - Unintentional emission from Red systems
33TEMPEST Attack
- Requires
- High level of expertise and equipment to decode
captured waves - Proximity to the target
- Long collection time
- Processing device 5,000-250,000
34Tempest Protection
- Physical separation
- Exclude unauthorized individuals from areas near
the source of emanation - Electromagnetic separation
- Shielding, filtering, etc. to remove the leak
- Signal level minimization
- Lowest feasible power-level use
35Physical Separation
- Red machines are together in single, minimal size
area - Reduce potential cross coupling
36TEMPEST Shielding
- NSA specifications
- Ferrites, other frequency interference products
- Shield equipment, cables, room, building, etc.
- NSA standards, endorsed devices and contractors
- Expensive TEMPEST protected PC about double the
price - Shielding and distance together
37Threat-Based System
- Reduce the cost of TEMPEST efforts
- Evaluation sensitivity of information, risk of
TEMPEST attack, etc. - Personnel control physical control, unauthorized
access - Compartmentalization each sensitivity level is
isolated from the others - Physical control of emanation shield, power,
noise, etc.
38Tempest Procedures
- Government and organizational restrictions
- Products, installation, maintenance
- Reporting needs
- Certified TEMPEST technical authority (CTTA)
39Need for TEMPEST
- Little public data on TEMPEST cases
- Government focus and funding
- National security intelligence
- Economic espionage
- Decoding device hard to obtain
- Bandwidth of human intelligence vs. TEMPEST
- TEMPEST threat within U.S. minimal??
40Eavesdropping from Computer Displays
- Markus Kuhn, University of Cambridge, Computer
Laboratory, 2003 - Cathode-ray tube (CRT)
- Liquid-crystal monitor (LCM)
- Video signals
- Optical eavesdropping