Seizing the Signals - PowerPoint PPT Presentation

1 / 40
About This Presentation
Title:

Seizing the Signals

Description:

... Farkas * TEMPEST Shielding NSA specifications Ferrites, other frequency interference products ... requires knowledge about the system, applications ... – PowerPoint PPT presentation

Number of Views:92
Avg rating:3.0/5.0
Slides: 41
Provided by: FARKAS3
Learn more at: http://www.cse.sc.edu
Category:

less

Transcript and Presenter's Notes

Title: Seizing the Signals


1
Seizing the Signals
2
Reading List
  • This class
  • Denning Chapters 7
  • Federation of American Scientists, Intelligence
    Resource Program, http//www.fas.org/irp/index.htm
    l
  • Legal Standards for the Intelligence Community
    in Conducting Electronic Surveillance, Report
    was required by the FY 2000 Intelligence
    Authorization Act, and was transmitted to
    Congress at the end of February 2000,
    http//www.fas.org/irp/nsa/standards.html
  • Introduction to TEMPEST, The Complete and
    unofficial TEMPEST Information Place
    http//www.eskimo.com/joelm/tempestintro.html
  • NSA, TEMPEST endorsement program,
    http//www.nsa.gov/ia/industry/tempest.cfm

3
Signal Intelligence (SIGINT)
  • Operations that involves
  • interception
  • analysis
  • of signals across electromagnetic spectrum.
  • Intelligence report, criminal investigations,
    employee monitoring
  • Digital signal processing
  • Communication intelligence (COMINT)
  • Electronic intelligence (ELINT)
  • Imagery intelligence (IMINT)

4
Domestic Surveillance
  • Surveillance of own citizens
  • Legislations
  • Circumstances permitting surveillance
  • Limits
  • Amount and kind of surveillance
  • U.S. Constitutional law
  • Fourth Amendment prohibition against
    unreasonable searches and seizures (e.g., wiretap)

5
Foreign Intelligence Intercepts
  • National Security Agency
  • Monitor everything (microwave, satellite, phone,
    etc.)
  • Information about allies and enemies
  • Disallowed to spy on U.S. citizens
  • NSAs ears cover the globe
  • Political and military intelligence (nuclear
    weapons, chemical warfare, etc.)
  • Government trade secrets and economical
    information
  • Terrorist activities

6
Echelon
  • An automated, global interception and relay
    system
  • Purpose Surveillance of non-military targets
    (e.g., government, organizations, businesses)
  • Five nations alliance
  • Primary partners U.S. and U.K.
  • Junior partners New Zealand, Canada, Australia

7
Echelon
  • U.S. - National Security Agency
  • U.K. - Government Communications Headquarters
    (GCHQ)
  • Canada - Communications Security Establishment
    (CSE)
  • Australia - Defence Signals Directorate (DSD)
  • New Zealand - Government Communications Security
    Bureau (GCSB)

8
Echelon
  • Goal
  • intercept large quantities of communication
  • Analyze (semi-automated) gathered data
  • Identify and extract messages of interest
  • What messages are retained?
  • Key words categories
  • Human verification
  • Who has access to them?

9
History
  • WWII informal agreement regarding intelligence
    gathering between the U.S. and U.K.
  • 1943, May 17 U.K. and U.S. BRUSA COMINT
  • U.S. Army SIGINT Agency, British Code and Cipher
    School
  • 1946-47 Commonwealth SIGINT (UK, Canada,
    Australia and New Zealand)
  • 1988 Duncan Campbell, an English Journalist,
    published a report on Echelon (1976 The
    Eavesdroppers)
  • 1996 Nicky Hagers book, New Zealand journalist,
    Secret Power New Zealands role in
    International Spy Network
  • 2000 Echelon is investigated by news, government
    councils, civil liberty groups, etc.

10
Use of Intelligence
  • National security
  • 1962 Discovery of Missile sites in Cuba
  • 1995 Capture of Achille Lauro terrorists
  • Government and military intelligence
  • 1983 M. Frost Prime Minister Margaret Thatcher
    used Echelon to spy on the two ministers
    (http//news.bbc.co.uk/1/hi/uk_politics/655996.stm
    )
  • Economic intelligence
  • Boeing vs. Airbus
  • D. Campbell US companies gain an edge over the
    European companies

11
The Positive Aspects
  • Increased national security
  • Preventive measures
  • Global effects
  • Global commerce
  • Communication infrastructure

12
Negative Aspects
  • Global balance
  • Privacy issues
  • Misuse
  • Law
  • Error of analysis
  • Large amount of data
  • Sophistication of analysis
  • Use of results

13
Other Surveillance Issues
14
Eavesdropping
Tools microphone receivers, Tape recorder,
phone bugs, scanners, Radio receivers,
satellite receivers, spy satellites, Network
sniffing, etc.
15
Computer CommunicationsTCP/IP Protocol Stack
Application Layer
  • Each layer interacts with
  • neighboring layers above
  • and below
  • Each layer can be defined
  • independently
  • Complexity of the networking is hidden from
    the application

Transport Layer
Internetwork Layer
Network Access Layer
At what layer should we support security?
16
Security Needs
  • Basic services that need to be implemented
  • Key management
  • Confidentiality
  • Nonrepudiation
  • Integrity/authentication
  • Authorization

17
Network Access Layer Security
  • Dedicated link between hosts/routers ? hardware
    devices for encryption
  • Advantages
  • Speed
  • Disadvantages
  • Not scalable
  • Works well only on dedicates links
  • Two hardware devices need to be physically
    connected

18
Internetwork Layer Security
  • IP Security (IPSec)
  • Advantages
  • Overhead involved with key negotiation decreases
    lt-- multiple protocols can share the same key
    management infrastructure
  • Ability to build VPN and intranet
  • Disadvantages
  • Difficult to handle low granularity security,
    e.g., nonrepudation, user-based security,

19
Transport Layer Security
  • Advantages
  • Does not require enhancement to each application
  • Disadvantages
  • Difficult to obtain user context
  • Implemented on an end system
  • Protocol specific ? implemented for each protocol

20
Application Layer Security
  • Advantages
  • Executing in the context of the user --gt easy
    access to users credentials
  • Complete access to data --gt easier to ensure
    nonrepudation
  • Application can be extended to provide security
    (do not depend on the operating system)
  • Application understand data --gt fine tune
    security
  • Disadvantages
  • Implemented in end hosts
  • Security mechanisms have to be implemented for
    each application --gt
  • expensive
  • greated probability of making mistake

21
Passive Attack
  • Access to confidential data and traffic pattern
  • Privacy rights
  • U.S. federal wiretap law
  • Illegal for an individual to eavesdrop
    intentionally on wire, oral or electronic
    communications
  • Home usage? Bug your phone? Hidden recorders?
  • Company monitoring? Computer vs. telephone?
  • Eavesdropping device manufacture, sale, possess,
    advertise
  • Legal/illegal

22
Message Deciphers
  • Available encryption technology
  • Cryptanalysis
  • Technology
  • Brute force attack
  • Other means
  • Spy, social engineering, eavesdropping, keystroke
    monitoring, hacking, etc.
  • Release information ? give our capabilities
  • National defense, tactical, ethical, etc.?

23
Surveillance Difficulties
  • New Technologies
  • 1994 U.S. Congress Communication Assistance or
    Law Enforcement Act (digital telephony bill
  • Encryption
  • Data authenticity and integrity

24
TEMPEST
25
TEMPEST
  • U.S. government code classified set of
    standards for limiting electric and magnetic
    radiation emanations from electronic equipments.
  • Investigations and studies of compromising
    emanations.

26
Compromising Emanations
  • Unintentional intelligence-bearing signals that
    if intercepted and analyzed can disclose
    classified information.
  • Intercepted when transmitted, handled, or
    processed
  • Tempest equipment remotely mirror what is being
    done on a remote device, e.g., video monitor,
    cable wire, processing unit, etc.

27
Unintentional Emanations
  • Normal operation of system
  • Deliberate or accidental exposure to unusual
    environment
  • Software induced
  • Security Considerations
  • Traditional
  • Unauthorized access to the system requires
    knowledge about the system, applications,
    configuration, can be detected, limited time
    frame, etc.
  • Upcoming
  • Exploitation of compromising signals

28
TEMPEST History
  • U.S. government concern about capture and
    reconstruction of emanations from high-security
    devices used to process, transmit, store
    sensitive data
  • 1950s Introduce standards to limit leakage
    NAG1A
  • 1960s revise NAG1A to FS222 and FS222A
  • 1970s revise standards National Communications
    Security Information memorandum 5100 (NACSIM)
  • 1974 revise NACSIM 5100
  • 1981 National Communications Security Committee
    Directive 4. MACSIM 5100A (classified)
  • 1984 National Communications Security
    Instructions NACSI 5400 (secret)
  • 1984 National Security Directive 145. by NSA
  • NSA Tempest a signal problem,
    (http//www.nsa.gov/public_info/_files/cryptologic
    _spectrum/tempest.pdf
  • NSA History of US Communications security,
    http//www.nsa.gov/public_info/_files/cryptologic_
    histories/history_comsec.pdf

29
Military application
  • WWI Enemy communications
  • German army eavesdropped on enemy communication
    while already implementing protection measures
    against the same attacks against German
    communications
  • 1960 MI5 tempest attack on cipher machines
  • Limited publications

30
Non-military Application
  • 1966 open publication on the risk of tempest
    attacks
  • 19821984 Swedish government publication on the
    business risk of tempest attacks
  • 1985 van ECK screen content disclosure
  • 1985 Bank ATM card info and PIN
  • 1990 tamper resistant hardware smart card

31
Electromagnetic Emissions
  • Simplest form of electromagnetic fields
    transmission and distribution lines, wall socket
    power steady 60 hertz (U.S.), sinusoidal wave
  • Electric devices alter characteristics of
    electromagnetic waves (frequency, power level,
    wave form)
  • E.g., wave forms sinusoidal, sawtooth, spike,
    square
  • Capture and interpret complex waves can be
    captured, interpreted, and replayed on similar
    device to create exact replica of the original
    device
  • Field strength
  • Reduced with the distance from the electric
    device
  • Depends on the emanating device, e.g., type of
    screen, CPU,

32
COMSEC
  • Four main parts
  • Physical security ?
  • Emission security
  • Transmission security ?
  • Cryptographic security ?
  • Red equipment handles plain text information
    with national security value
  • Black equipment protected (encrypted)
    information
  • Unintentional emission from Red systems

33
TEMPEST Attack
  • Requires
  • High level of expertise and equipment to decode
    captured waves
  • Proximity to the target
  • Long collection time
  • Processing device 5,000-250,000

34
Tempest Protection
  • Physical separation
  • Exclude unauthorized individuals from areas near
    the source of emanation
  • Electromagnetic separation
  • Shielding, filtering, etc. to remove the leak
  • Signal level minimization
  • Lowest feasible power-level use

35
Physical Separation
  • Red machines are together in single, minimal size
    area
  • Reduce potential cross coupling

36
TEMPEST Shielding
  • NSA specifications
  • Ferrites, other frequency interference products
  • Shield equipment, cables, room, building, etc.
  • NSA standards, endorsed devices and contractors
  • Expensive TEMPEST protected PC about double the
    price
  • Shielding and distance together

37
Threat-Based System
  • Reduce the cost of TEMPEST efforts
  • Evaluation sensitivity of information, risk of
    TEMPEST attack, etc.
  • Personnel control physical control, unauthorized
    access
  • Compartmentalization each sensitivity level is
    isolated from the others
  • Physical control of emanation shield, power,
    noise, etc.

38
Tempest Procedures
  • Government and organizational restrictions
  • Products, installation, maintenance
  • Reporting needs
  • Certified TEMPEST technical authority (CTTA)

39
Need for TEMPEST
  • Little public data on TEMPEST cases
  • Government focus and funding
  • National security intelligence
  • Economic espionage
  • Decoding device hard to obtain
  • Bandwidth of human intelligence vs. TEMPEST
  • TEMPEST threat within U.S. minimal??

40
Eavesdropping from Computer Displays
  • Markus Kuhn, University of Cambridge, Computer
    Laboratory, 2003
  • Cathode-ray tube (CRT)
  • Liquid-crystal monitor (LCM)
  • Video signals
  • Optical eavesdropping
Write a Comment
User Comments (0)
About PowerShow.com