Upload
anthony-newman
View
220
Download
0
Tags:
Embed Size (px)
Citation preview
Security Fundamentals Group
Information leakage via electromagnetic emanation
Electromagnetic wave, which is emanated unintentionally from running IT devices, contains information of processing signals from the devices.
scanner colorprinter
printer
PC
FAX multifunction machine
Security Fundamentals Group
What is TEMPEST
Reconstruction image by emanated electromagnetic wave
target PC
antenna
Tempest receiver
Security Fundamentals Group
Threat of information leakage from display image
・ There is a possibility that personal information on public information terminals stolen. ・ Screen design of public information terminal is very simple. (Universal design)・ It is easy to reconstruct such simple display image by TEMPEST.・ Human-interface can not be protected by crypto-technology.
Target of TEMPEST
e-voting system ATM system
a serious threat on the information security !!
Target of TEMPEST
e-voting system
Target of TEMPEST
e-voting system
ATM
information
Security Fundamentals Group
Principle of TEMPEST
Very easy : almost same as TV but attacker needs some information of the target.
TV TEMPEST
known as “Channel” Reception frequency unknown
standard(e.g.NTSC) Synchronous frequency
(reconstruction of image)
depend on “target”
(e.g. VESA for PC)
Security Fundamentals Group
Activity of our group
Signal generator
Vertical/Horizontal synchronous frequency
Receiver
Monitor
1. Analysis: Which frequency? What information?
Video signal
Synchronous signals
2. Simplification: Effectiveness vs Cost (Reality of threat).
3. Countermeasure: New techniques.
To evaluate information in electromagnetic emanation quantitatively, it is important to monitor emanated signals from electronic instruments in more easy-to-use way and more easy to reconstitute way, then to analyze how information signal is contained in emanated signal.
We propose the method to monitor electromagnetic signals emanated from PC (desktop PC) in more easy-to-use way and more easy to reconstitute way. Also we reconstitute information from monitoring results and evaluate it.
Security Fundamentals Group
Analysis
秘秘
Analysis & evaluation
Security Fundamentals Group
Our proposal system
・ Not need shield room --- We can get high S/N signal.
・ Experimental results can be re-produced. --- It does not depend on the environment.
・ data-processing is easy.
Security Fundamentals Group
12
34567 1 2 3 4 5 6 7
This result shows that we can monitor emanated electromagnetic signal corresponding to character line(1~ 7line) displayed on the monitor. We can reconstitute easily by the result from the proposed monitoring method, and also it is very easy-to-use.
Monitor display image
Security Fundamentals Group
We can reconstitute image by using signal processing.In this reconstitution result of monitor display image, we can read a character around 18 point.
Security Fundamentals Group
Simplification of TEMPEST
・ High performance receiver (10~ 20 years ago, FSET 22 was a military model)・ Real time image processing (such as Adobe Photoshop)・ Hardware Amplification and noise canceller・ Setting of synchronous frequency in 0.001[Hz] step・ Very expensive ($100M or higher? I do not know.)
Does attacker (such a pedestrian hacker) need such expensive machines ?
Frequency range 100[Hz] – 22[GHz]
Frequency resolution 0.1[Hz]
Bandwidth 10[Hz] – 500[MHz]
Average noise level < 142 dBm
Specification of FSET22
Security Fundamentals Group
The answer is NO.
Easy TEMPEST receiver
・ Receiver: AOR AR8600 mk2 with TV outputabout $800
・ Signal generator: NF Wave Factory 1944Babout $2000
・ No image processing
Performance
・ do not succeed from far away by antenna. But wire tap (power cable or LAN cable using a current probe) is ok.
・ Rough screen such as ATM interface is ok.
Countermeasures are important and necessary.
Security Fundamentals Group
Countermeasures
We can already use some countermeasure products,
cage
special cable and connector/adapter
Tempest PC (about $10,000)jamming machine
… but they are too expensive and limited usage.
Security Fundamentals Group
Kuhn and Anderson (Cambridge university) , IH98
Top 30% of horizontal frequency spectrum of image
Effective to Tempest attack
Removing top 30 % of horizontal frequency spectrum of image
The basic idea of the Tempest fonts
New technique → Software solution “TEMPEST fonts”
Security Fundamentals Group
Monitor display image
Enlarged view of reconstruction image
If we use common font, we can read a character in reconstruction image.
Security Fundamentals Group
Monitor display image
reconstruction image
But, when we use proposed TEMEPST font, we are hard to read a character in reconstruction image.
TEMPEST font generated by Fourier trans. and Gaussian.
Security Fundamentals Group
Future works
・ Reconstruction of keyboard typing information via EM
⇔ “Keyboard acoustic emanation” (L.Lhuag et.al , CSS05)
・ EM side-channel cryptanalysis (IC card, RFID etc)
・ EM attack (small scale of E-Bomb) on IT devices
e.g. Attack to LAN cable → packet error → DoS attack