Embed Size (px)
DESCRIPTION
TRANSEC/EMSEC/TEMPEST. Artur Zak CS 996 – Information Security Management March 30, 2005. Overview. Definitions History EMSEC TRANSSEC TEMPEST POSA Example Homework. Definitions . EMSEC - Emission Security - PowerPoint PPT Presentation
Citation preview
TRANSEC/EMSEC/TEMPEST
Artur ZakCS 996 – Information Security
ManagementMarch 30, 2005
Overview
Definitions History EMSEC TRANSSEC TEMPEST POSA Example Homework
Definitions EMSEC - Emission Security
Preventing a system from being attacked using conducted or radiated electromagnetic signals
TRANSSEC - Transmission Security Preventing data from being attacked or intercepted during the
transmission. TEMPEST – Transient Electromagnetic Pulse Emanation
Standard Government codeword that identifies a classified set of
standards for limiting electric or electromagnetic radiation.
History
1884 – Crosstalk Two-wire circuits stacked on tiers of crosstrees on
supporting poles. Solution – twisted pair cables.
1914 – compromising emanations in warfare. Earth leakage caused a lot crosstalk including
messages from the enemy. Solution – abolish earth-return circuits within 3,000 yeards of
the front.
History
1960’s – TV detector vans.British authorities checking who has a TV at
home.
1990’s – Crypto keys in smartcards.Recover the crypto key by analysis of the
current drawn by the card.
EMSEC – Emission Security All electric and electronic devices radiate
emanations during operation. Radiated signals may carry actual information. Attacker may want to capture the radiated
signals and recreate some or all of the original information. User being attacted will never know that someone
intercepted any signals and recreated useful data from it.
EMSEC - Vulnerabilities Leakage through RF signals. Emanations from signal cables.
Keyboard key presses can be picked up at up to 100 yards. Leakage to power lines.
Power circuits pick up RF signals and conduct them to neighboring buildings.
TV and computer screen radiation. Sound. Power Analysis.
Smartcard. EEPROM.
EMSEC – Passive Attacks
Passive Attacks – using electromagnetic signals present to gain information. Wardriving.
Set up equipment in a car and capture the emitted signals hoping to recover valuable information.
Electromagnetic Eavesdropping Attack against Automatic Teller Machines.
Toys Furby toys remember and randomly repeat things they hear.
EMSEC – Active Attacks Active Attacks.
Bugs Radio Microphones.
TEMPEST Viruses Using computer to play a tune, turning it into low-grade radio
transmitter. Nonstop
Using Phones near transmitters can cause to data to be modulated by the phone and transmitted.
Glitching Used to attack smartcards, but inducing a useful error.
EMSEC – Countermeasures Attenuation – opposite of amplification. Reduce
the signal strength during transmission. Decreases radiation perimeter. Attacker needs to get
closer to the source. Risks being caught by the authorities.
Banding – restricting the information to be in a specific band of frequencies. Attacker has to first find out which band of
frequencies to scan. If in a wrong band, only partial messages can be recovered.
EMSEC - Countermeasures Shielding – Equipment or Buildings shielded to prevent
radiation from leaking from inside to outside or vice-versa. Wardriving attack no longer a problem. May help against leakage.
Zone of Control (Zoning) – most sensitive equipment is kept in the rooms furthest from the faciliti’s perimeter, and shielding is reserved for the most sensitive systems. May stop wardriving if attacker is not able to penetrate the
perimiter of the facility.
EMSEC - Countermeasures
Cabling Filtered PowerFilters cable and power supply noise.
Suppresses the conducted leakage. Soft Tempest
Applied to commercial sector Software techniques to filter, mask, or render
incomprehensible information bearing electromagnetic emanations from a computer system.
TRANSSEC – Transmission Security Information needs to be shared. Must be transmitted over long distances. Attacker may want to intercept the
information while in transit.
TRANSSEC - Vulnerabilities RF Fingerprinting
Identifying RF device based on the frequency behavior.
Radio Direction Finding (RDF) Triangulating the signal of interest using directional
antennas at two monitoring stations. Traffic Analysis Signals collection
Collecting different signals and extracting information from them.
TRANSSEC - Attacks Eavesdropping
Listening on voice conversations. Covert Channels
Mechanism that though now designed for communication can nonetheless be abused to allow information to be communicated down from High to Low.
Sniffing Monitoring the traffic.
Jamming. Noise insertion Active Deception
TRANSSEC – Defenses Low Probability of Detection (LPD)
Techniques used to make it hard for the attacker to detect presence of the signal.
Directional Signaling Line of Sight transmission
Low Probability of Interception (LPI) Techniques used to make it hard for attackers to
intercept the signals. Frequency hoppers Spread spectrum Burst transmission
TRANSSEC - Defenses Burst Transmission – send data in short bursts
instead of continuous transmission. Employed by spies during WW II. Attacker never knows when the data is sent.
Directional signaling – send signals in a specific direction instead of broadcast in all directions. Attacker has to first find out in which direction the
signal is transmitted. Requires more complicated equipment to identify the source
of transmission.
TRANSSEC - Defenses Frequency Hopping – during transmission hop from
frequency to frequency with predefined pseudorandom sequence. The receiver know the same sequence, therefore it knows which
frequency to tune in. Attacker must know the exact sequence to be able to capture the
message. Used in 2G and 3G cell phones.
Line of Sight – Used for short distance transmissions. Optical transmission.
IR transmission. Attacker needs to be in plain view, risking being exposed.
TRANSSEC - Defenses
Spread SpectrumCombine information-bearing sequence by a
higher-rate pseudorandom sequence. Makes it hard to intercept. Used in CDMA and GSM phones.
TEMPEST
Employing some of the defenses may not be enough to secure entire system.
Attackers may find a loophole, and break into a system.
Standards are needed to make sure that the system is secured enough from both emanations and during transmission.
TEMPEST Government standard defining how to make
government systems secured from an attacker. Employs both EMSEC and TRASNSSEC techniques
to limit the emanations from electronic equipment. Applies Strictly to classified facilities.
Individual electronic equipment. Rooms in buildings. Entire buildings
Classified until 1995. After 1995 only basic information declassified.
TEMPEST Red/Black Separation
Maintain distance or install shielding between circuits and equipment used to handle classified or sensitive information.
RED -> classified or sensitive information. BLACK -> normal unsecured equipment.
Includes equipment carrying encrypted signal.
TEMPEST Red/Black Separation
Manufacture must be done under careful quality control. Ensures that additional units are built exactly the
same as the units that were tested. Changing even a single wire can invalidate the tests.
Maintenance and Disposition of TEMPEST Equipment Guidelines provided by National Security
Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM).Applicable to all departments and agencies of
the U.S. Government that use, maintain, or make disposition of TEMPEST equipment.
Installation Requirements
All equipment must meet the requirements of NSTISSAM.
All must be installed in accordance with Red/Black separation criteria.
Local TEMPEST Manager must oversee the process.Coordinate and document all accreditation
documents resulting from the installation.
TEMPEST Procedures
TEMPEST Endorsement Program.Establishes guidelines for vendors to
manufacture, produce, and maintain endorsed equipment.
Vendor must provide life cycle support for its customers to ensure continued TEMPEST integrity of the product.
Support detailed in TEP’s TSRD No. 88-9B, dated 8 March 1991.
TEMPEST Program Development
Guidelines for development of a maintenance and disposition program: Consider the addition cost of the program. Ensure that data resident on the equipment is not compromised
during the maintenance/disposition process. Keep a log of maintenance action for all TEMPEST equipment
Date of maintenance. Action taken. Technician name. Equipment model and serial number.
TEMPEST Disposition Procedures
Use approved purging software to overwrite hard drives. Maintain a log of the model and serial number of all equipment
disposed/destroyed. Destruction of TEMPEST equipment no longer required is
recommended if transfer to another U.S. Government department/agency is impractical. Serial numbers and any classified markings must be removed. The equipment will be broken into pieces of such a nature as to
preclude restoration. A destruction certificate will be prepared and signed by the witnessing
individual. All residue will be returned as scrap metal to the Defense Reutilization
Management Office.
TEMPEST Accreditation
TEMPEST Countermeasures Review Recommended countermeasures are threat driven,
and based on risk management principles. Each site must be separately evaluated and
inspected. Sites cannot be approved automatically by being inside an
inspectable space. Certification must apply to entire system.
Connecting a single unshielded component compromises the entire system.
Is TEMPEST necessary?
Two schools of thought:Yes: Without TEMPEST information security
is compromised.
No: TEMPEST is a waste of resources, time, and money
Need for TEMPEST “The fact that electronic equipment give off
electromagnetic emanations has long been a concern of the US Government. An attacker using off-the-shelf equipment can monitor and retrieve classified or sensitive information as it is being processed without the user being aware that a loss is occurring” – 1994 Joint Secretary Commission report to the Secretary of Defense and Director of Central Intelligence.
Need for TEMPEST
“Foreign governments continually engage in attacks against U.S. secure communications and information processing facilities for the sole purpose of exploring compromising emanations” – Navy manual that discusses compromising emanations.
No need for TEMPEST
1991 -> CIA Inspector General report to an Intelligence Community.Millions of dollars spent on protecting a
vulnerability that had low probability of exploitation.
Review the TEMPEST requirements based on threat
Recommended to reduce TEMPEST requirements.
Examples British MI5 monitoring French traffic noticed
enciphered traffic carried a faint secondary signal.
Replica of Great Seal of the United States presented to U.S. ambassador in Moscow in 1946. 1952 problem discovered with the gift.
A new U.S. embassy in Moscow had to be abandoned after large numbers of microphones were found in the structure.
TEMPEST Incidents
No TEMPEST incidents coverage in the press. Business and Government do not admit to any
kind of security breaches achieved because lack of TEMPEST security. Don’t want to admit to the public of security breach. Don’t know that data was compromised, since
Passive attacks are not easily detectable.
Business Side of TEMPEST TEMPEST industry is over a billion dollar a year
business. Indicates that there are variable threats, and
organizations take protective measures. TEMPEST certified equipment is often twice as
expensive as regular equipment of similar performance.
U.S. Government Shields entire buildings to prevent any emanations to leak outside of allowed perimeter.
POSA Example
POSA
CFAC
USER
1 Sale information7 Complete Trans.
Register
5 Y/N
4 Sale & user information8 Complete transaction
3 User CCinformation
6 Y/N 2 DisplaySale Info
Homework
Perform EMSEC/TRANSSEC risk analysis on GTS system. Identify the emanation and transmission
vulnerabilities.Make recommendations as to which
countermeasures should be used to eliminate the threat.
