Emission Security (EMSEC) Author: Abdollah Shirvani Shirvani.86@Gmail.com 2st systems security Conference- Ramiran. Co, Tehran, Iran, Spring 2009 Introduction What is Emission Security? (EMSEC) Computer and communications devices emit numerous forms of energy. It is part of their normal operation: the user wants feedback and needs to hear or to see something. But more emissions than most users are aware of, are the result of unintended side effects. E.g. anything that can carry a current can act like an antenna. When a conductor drives an oscillating current, which is very common in digital devices, it emits electromagnetic radiation carrying both power and signals away from the source. The trouble begins when the emitted energy carries information about processed data. An eavesdropper can intercept and analyze such compromising emanations to steal information. A word on TEMPEST TEMPEST is often used more broadly for the entire field of EMSEC, but originally it is a U.S. government code word for a set of standards limiting electric or electromagnetic radiation emanations from electronic equipment to prevent electronic espionage. Find the complete article on Wikipedia. Much knowledge in this area is classified military research, but basic information has become available since 1995. The following examples show types of compromising emanations that have been demonstrated in the open literature. Types of compromising emanations
Electromagnetic waves radiated into free space or along metallic conductors Cathode-ray tube (CRT) displays act as a parasitic transmission antenna, they emit video signal as electromagnetic waves. [Eck1985]
Cross-Talk Where data and telephone lines share the same cable conduit for several meters information from one cable may be transmitted to the other.
Power-supply current fluctuations Line drivers for data cables have data-dependent power consumption, which can affect the supply voltage. [Smulders1990]
Vibrations, acoustic and ultrasonic emissions Acoustic emanations of matrix printers can carry substantial information about the text being printed. [SEPI1991] PC keyboards are vulnerable to attacks based on differentiating the sound emanated by different keys. [Asonov2004]
High-frequency optical signals LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated optical signal that is significantly correlated with information being processed History 19th century First appearance of the emanation problem was in the 19th century, when extensive telephone wire networks were laid out. It came to cross-talks between telephone wires. People sometimes could hear other conversations on their telephone line. One way of dealing with it was to use "transpositions," whereby the wires were crossed over at intervals to make the circuit a twisted pair. 1914 The flrst appearance of compromising emanations in warfare seems to date to 1914. Field telephone wires were laid parallel to enemy trenches to connect the troops with their headquarters. The effect was again cross-talks. Listening posts were quickly established and protective measures were introduced, including the use of twisted-pair cable. Mid-1950s The exact date is not known in public, but it happens sometime in 1950, when the U.S. Government becomes concerned about the Emission Security problem and establishes the TEMPEST Program. The first TEMPEST standards were developed to deal with the increasing danger of espionage. 1960 In Great Britain were TV detector vans used to find illegal owners of television sets. The reason was, that TV owners had to pay an annual license fee. 1960 In 1960 was the british secret service MI5 ordered to eavesdrop the French embassy in the course of negotiations about joining the European Economic Community. The crypto
analysts were not able to decrypt the enciphered signal from the French embassy, but they noticed a faint secondary signal, which was the plain text. 1970s All about the title Emission Security vanished from the open literature. 1984 The secret service of GDR called MfS spied out the Ministry of Foreign Trade by eavesdropping the compromising emanations. 1985 The dutch researcher Wim van Eck published an unclassified paper of security risks of emanations from computer monitors. This paper caused consternation in the security community, where all thought, that those attacks were only possible with very high tech equipment. But Wim van Eck eavesdropped a system using just 15$ worth of equipment plus a television set. With this paper Emission Security came back to public attention. 1990s Many published research about Emission Security were made for example about Vulnerabilities of smart cards (Markus Kuhn and Ross Anderson 1996) and Vulnerabilities of crypto-systems (Paul Kocher). Kuhn and Anderson also published a paper showing that compromising emanations from PCs could be countered with measures in software. 1995 were also basic information of the TEMPEST standard published. Physical Backgrounds The strongest transmitters in PCs are displaying devices like graphic cards, video cables or monitors, because they work with high frequencies and they need much power. So the emanation of these devices is high energetically and it has high ranges. In addition are visual signals periodical (e.g. the output of visual memory of a graphic card is 70-100 times in one second). Periodic signals are easy to eavesdrop, because the noise can be reduced by middling. These components radiate in three frequency bands: - The vertical diverting signal works in lower kHz band. - The horizontal diverting signal works in lower MHz band (Long and medium wave). - The video signal has frequencies up to 100 MHz The diverting signals are very easy to eavesdrop and reconstruct, but they contain no important information like the video signal. The video signal is an overlapping of sinus signals with different frequencies. Via fourier transformation is it possible to get the spectrum of the video signal which contain all information to reconstruct it. The spectrum is repeated at all multiples of the pixel cycle (reciprocal of time the electron ray needs to get from one pixel to his neighbor). So the information is also available at higher frequencies. This is called "upper waves". The intensity of upper waves depends on sharpness of the pixels.
Video cable, power supply and amplifier of monitors work like antennas especially for upper waves. But not all information’s can be reconstructed from emanations. Letters produce a wide band signal because of their thin vertical lines. Texts contain many redundancy because they use only a subset of all possible pixel-patterns. So Texts are easy to reconstruct. But there is no procedure known to rebuild color information. So pictures are difficult to reconstruct. Attacks Video Display Units In the early 80's the Dutch PTT (Post, Telephone, and Telegraph) has tested monitors and keyboards connected to telephone lines in homes for sending and receiving mail. During the tests some users complained about interference from their neighbor's units. Several persons were able to read a neighbor's mail as the neighbor viewed electronic mail on the screen at home. Wim Van Eck at the Dr. Neher Laboratories was assigned the task of developing an inexpensive detection unit to monitor RF electromagnetic radiation to evaluate monitors to help with installation problems. It was considered very difficult to reconstruct the data hidden in the radiated field, only possible for professionals with access to very sophisticated detection and decoding equipment. Van Ecks research proofed this to be wrong. He made a demonstration with material for less than $220, based on a modified TV set. The structure of the video signal shows remarkable resemblance to a normal broadcast TV signal. The pixel rate may even be located inside the TV broadcast bonds, only the synchronization information is missing and has to be reconstructed. The signal is emitted by the CRT itself and by the cable connecting the display with the hardware generating the image. As a result even LCD displays are sensitive to the attack. Try out Tempest for Eliza to see that this is more than theory. [Eck1985] Keyboard Acoustic Emanations The sound of clicks produced when typing on a PC keyboard can differ slightly from key to key, although the clicks of different keys sound very similar to the human ear. A neural network can be trained to differentiate the keys to successfully carry out an attack. The keyboard plate acts like a drum, and each key hit the drum in a different location and produces a unique frequency or sound that the neural networking software can decipher. The attack is very cheap. All you need is a computer, standard software to record the clicks and to train a neural network (available for free - read the paper) and a microphone.
The attack is simple. It is non-invasive - no physical intrusion into the system is needed and the quality of the sound is not very important. It can be recorded from substantial distance (even with a cell phone). [Asonov2004] Radiation from RS-232 Cables Experiments on eavesdropping RS-232 cable signals prove that it is possible to intercept data signals running along an RS-232 cable, by picking up and decoding the electromagnetic radiation produced by the cable. The rise and fall times of the data signal are very short. Consequently, they correspond to high frequency components resulting in considerable radiation. In many cases, the RS-232 cables are not shielded, or the shield is not adequately connected to the equipment. Usually, the data is coded in well-known character sets, like ASCII. The interception-distance is limited to several meters, but the needed equipment is small, simple and cheap: a pocket radio receiver, a tape recorder and a computer to analyze the data. [Smulders1990] Countermeasures Countermeasures against bugs Certainly the compromising emanations can be eavesdropped in passive ways, but often the eavesdropper cannot get close enough for long time to get all information from an IT- device he needs. So he will use bugs, which reinforce these signals. There are some countermeasures against bugs, but they all have disadvantages. First of all is it possible to use "non linear junction detectors" to find hidden electronic equipment at close range. It works because the transistors, diodes, and other nonlinear junctions in electronic equipment have the effect of rectifying incident radio frequency signals. The device broadcasts a weak radio signal, and listens for harmonics of this signal. However, if the bugs were planted near other electronics then the nonlinear junction detector is not much help. Secondly there are some "surveillance receivers" on the market. This one detect conspicuous signals in the radio spectrum between 10 kHz and 3 GHz, which cannot be explained as broadcast, police, air traffic control and so on. But there are bugs which operate on same frequencies and protocols like mobile phones. The most drastic countermeasure is to build the buildings completely shielded or underground. In that case are bugs useless because their signals won’t get outside. This solution is sometimes used for military organizations. Countermeasures against emanation Without doubt the best solution is to place sensitive devices in a Faraday cage. That means that the room is completely shielded and no wires (e.g. power supply or telephone) and no pipelines (e.g. for heating) should get outside.
A good base is to do red/black separation. Red equipment (carrying confidential data) has to be isolated from black equipment (sends signals to outside world). But some devices are red and black (e.g. crypting machines). Another problem is, that the standards for properly shielded hardware are classified. Only a few firms produce this hardware in small quantities. unnecessary to mention that this hardware is very expensive. Another way is the Zone Model. The Zone Model takes into account the propagation conditions for compromising emanations. The attenuation of radiation from IT device to the potential receiver is determined by metrological means. Basing on that the environment is divided in security-critical Zones. Siemens offers zone0-devices, which have very low emanation (not possible to eavesdrop outside the closed zone called zone0). Zone0-devices must be registered with the BSI (Bundesamt für Sicherheit in der Informationstechnik). They cost tenfold more than comparable devices without this standard. One word on Jammers: Jammers are inefficient, because their strength is restricted by German law. In addition can the signals of jammers calculated out by eavesdropper after observing it for several time, if the jammers signal is not correlated with the other signals. A much cheaper and efficient solution is "Soft Tempest". Soft Tempest is based on the work by Markus Kuhn and Ross Anderson and uses software techniques to filter, mask, or render incomprehensible the information bearing electromagnetic emanations from a computer system. For example is it possible to remove the top 30% of Fourier transform of a standard font with a low-pass-filter. The user dont notice that but the eavesdropper is dependent on these "upper waves". Figures 15.4 and 15.5 display photographs of the screen with the two video signals from Figures 15.2 and 15.3. The difference in the emitted RF is dramatic, as illustrated in the photographs in Figures 15.6 and 15.7. These show the potentially compromising emanations, as seen by a Tempest monitoring receiver. Passive Attacks That is, attacks in which the opponent makes use of whatever electromagnetic signals are presented to him without any effort on her part to create. Broadly speaking, there are two categories. The signal can either be conducted over some
kind of circuit (such as a power line or phone line) or it may be radiated as radio frequency energy. These two types of threat are referred to by the military as Hijack and Tempest, respectively. They are not mutually exclusive; RF threats often have a conducted component. For example, radio signals emitted by a computer can be picked up by the mains power circuits and conducted into neighboring buildings. Still, it’s a reasonable working classification most of the time. Type of Passive attack: 1-Leakage through Power and Signal Cables 2-Leakage through RF Signals Active Attacks But it’s not enough to simply encrypt a keyboard scan pattern to protect it, as the attacker can use active as well as passive techniques. Against a keyboard, the technique is to irradiate the cable with a radio wave at its resonant frequency. Thanks to the nonlinear junction effect, the keypress codes are modulated into the return signal, which is reradiated by the cable. This can be picked up at a distance of 50 to 100 yards. To prevent it, one must also encrypt the signal from the keyboard to the PC. Type of Passive attack: 1-Tempest Viruses 2- Nonstop Commercial Exploitation Not all Emses attacks are conducted in the context of covert military surveillance or Laboratory attacks on tamper-resistant devices. I already mentioned the TV detector vans used in Britain to catch TV license defaulters and the customers of pay-TV pirates. There are also marketing applications. U.S. venue operator SFX Entertainment monitors what customers are playing on their car radios as they drive into venue parking lots by picking up the stray RF from the radio’s local oscillator. Although legal, this alarms privacy advocates . The same equipment has been sold to car dealers, mall operators, and radio stations. Defenses The techniques that can be used to defend smartcards against active Emsec threats are Similar, though not quite the same, to those used in the passive case. Timing randomness—jitters—is still useful, as a naive opponent might no longer Know precisely when to insert the glitch. However, a clever opponent may well be able to analyze the power curve from the processor in real time, and compare it against the code so as to spot the critical target instructions. In addition, fault attacks are hard to stop with jitter, as the precise location of the fault in the code is not usually critical. In some cases, defensive programming is enough. For example, the PIN search described
in Section 15.5.5 is prevented in more modern implementations by decrementing the counter, soliciting the PIN, then increasing the counter again if it’s correct. Differential fault attacks on public key protocols can be made a lot harder if you just check the result. Other systems use specific protective hardware, such as a circuit that integrates the card reset with the circuit that detects clock frequencies that are too high or too low. Normal resets involve halving the clock frequency for a few cycles, so an attacker who found some means of disabling the monitoring function would quite likely find himself unable to reset the card at all on power-up . Current defenses against glitch attacks are not entirely foolproof, and extensive device testing is highly advisable. New technologies, such as the use of self-timed logic, may improve things by providing a high level of protection against both active and passive threats. In the meantime, if you have to write a smartcard application, attacks based on glitching merit careful consideration. How Serious Are Emsec Attacks? Technical surveillance and its countermeasures are the most important aspect of Emsec, in both government and industry; they are likely to remain so. The range of bugs and other surveillance devices that can be bought easily is large and growing. The motivation for people to spy on their rivals, employees, and others will continue. If anything, the move to a wired world will make electronic surveillance more important, and countermeasures will take up more of security budgets. Those aspects of Emsec that concern equipment not designed for surveillance— Tempest, Teapot, Hijack, Nonstop, and the various types of power and glitch attack—are set to become another of the many technologies that were initially developed in the government sector but then start being important in the design of commercial Products. Governments The Emsec threats to embassies in hostile countries are real. If your country is forced by the president of Lower Slobovia to place its embassy in the second floor of an office block whose first and third floors are occupied by the local secret police, then security is an extremely hard problem. Shielding all electronic equipment (except that used for deception) will be part of the solution. In less threatening environments, the use of hardware Tempest shielding is more doubtful. Despite the hype with which the Tempest industry maintained itself during the Cold War, there is growing scepticism about whether any actual Tempest attacks had ever been mounted by foreign agents, though anecdotes abound. It’s said, for example, that the only known use of such surveillance techniques against U.S. interests in the whole of North America was by Canadian intelligence personnel, who overheard U.S. diplomats discussing the U.S. bottom line in grain sales to China; and that the East German
Stasi were found to have maps of suitable parking places for Tempest vans in West German towns. But I’ve not found anything that can be nailed down to a reliable source, and having been driven around an English town looking for Tempest signals, I can testify that launching such attacks is much harder in practice than it might seem in theory. Governments now tend to be much more relaxed about Tempest risks than 10 years ago. Businesses In the private sector, the reverse is the case. The discovery of fault attacks, and then power attacks, was a big deal for the smartcard industry, and held up for probably two years the deployment of smartcards in banking applications in those countries that hadn’t already committed to them. Blocking these attacks turns out to be difficult, and doing it properly will involve a further generation of hardware design. And what about the future? The “no security” aspects of emission management, namely RFI/EMC, are becoming Steadily more important. Ever higher clock speeds, plus the introduction of all sorts of wireless devices and networks, and the proliferation of digital electronics into many Devices that were previously analogue or mechanical, are making electromagnetic Compatibility a steadily harder and yet more pressing problem. Different industry groups, manage a host of incompatible standards many of which are rapidly becoming Obsolete—for example, by not requiring testing above 1 GHz, or by assuming protection distances that are no longer reasonable . On the security side, attacks are likely to become easier. The advent of software radios— radios that digitize a signal at the intermediate frequency stage and do all the demodulation and subsequent processing in software—were, until recently, an expensive military curiosity , but are now finding applications in places like cellular radio base stations. The next generation may be consumer devices, designed to function as GPS receivers, GSM phones, radio LAN base stations, and to support whatever other radio-based services have been licensed locally—all with only a change in software. Once people learn how to program them, they might just as easily use them for Tempest attacks. Finally, Emsec issues are not entirely divorced from electronic warfare. As society becomes more dependent on devices that are vulnerable to strong radio frequency signals such as the high-power microwaves generated by military radars the temptation
Side Channel Attack In cryptography, a side channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than theoretical weaknesses in the algorithms (compare cryptanalysis). For example, timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information which can be exploited to break the system. Many side-channel attacks require considerable technical knowledge of the internal operation of the system on which the cryptography is implemented. Attempts to break a cryptosystem by deceiving or coercing people with legitimate access are not typically called side-channel attacks: see social engineering and rubber-hose cryptanalysis. For attacks on computer systems themselves (which are often used to perform cryptography and thus contain cryptographic keys or plaintexts), see computer security. General General classes of side channel attack include:
Timing attack — attacks based on measuring how much time various computations take to perform.
Architectural side-effect attacks — attacks which take advantage of side-effects of performing a computation on a particular machine architecture (e.g., evicting cache lines).
Power monitoring attack — attacks which make use of varying power consumption by the hardware during computation.
TEMPEST (aka van Eck or radiation monitoring) attack — attacks based on leaked electromagnetic radiation which can directly provide plaintexts and other information.
Acoustic cryptanalysis — attacks which exploit sound produced during a computation (rather like power analysis). In all cases, the underlying principle is that physical effects caused by the operation of a cryptosystem (on the side) can provide useful extra information about secrets in the system, for example, the cryptographic key, partial state information, full or partial plaintexts and so forth. The term cryptophthora (secret degradation) is sometimes used to express the degradation of secret key material resulting from side channel leakage. Examples A timing attack watches data movement into and out of the CPU, or memory, on the hardware running the cryptosystem or algorithm. Simply by observing how long it takes
to transfer key information, it is sometimes possible to determine how long the key is in this instance (or to rule out certain lengths which can also be crypt analytically useful). Internal operational stages in many cipher implementations provide information (typically partial) about the plaintext, key values and so on, and some of this information can be inferred from observed timings. Alternatively, a timing attack may simply watch for the length of time a cryptographic algorithm requires -- this alone is sometimes enough information to be cryptanalytically useful. A power monitoring attack can provide similar information by observing the power lines to the hardware, especially the CPU. As with a timing attack, considerable information is inferable for some algorithm implementations under some circumstances. As a fundamental and inevitable fact of electrical life, fluctuations in current generate radio waves, making whatever is producing the currents subject -- at least in principle -- to a van Eck (aka, TEMPEST) attack. If the currents concerned are patterned in distinguishable ways, which is typically the case, the radiation can be recorded and used to infer information about the operation of the associated hardware. According to former MI5 officer Peter Wright, the British Security Service analysed emissions from French cipher equipment in the 1960s. In the 1980s, Soviet eavesdroppers were known to plant bugs inside IBM Electric typewriters to monitor the electrical noise generated as the type ball rotated and pitched to strike the paper; the characteristics of those signals could determine which key was pressed. If the relevant currents are those associated with a display device (ie, highly patterned and intended to produce human readable images), the task is greatly eased. CRT displays use substantial currents to steer their electron beams and they have been 'snooped' in real time with minimum cost hardware from considerable distances (hundreds of meters have been demonstrated). LCDs require, and use, smaller currents and are less vulnerable -- which is not to say they are invulnerable. Also as an inescapable fact of electrical life in actual circuits, flowing currents heat the materials through which they flow. Those materials also continually lose heat to the environment due to other equally fundamental facts of thermodynamic existence, so there is a continually changing thermally induced mechanical stress as a result of these heating and cooling effects. That stress appears to be the most significant contributor to low level acoustic (i.e. noise) emissions from operating CPUs (about 10 kHz in some cases). Recent research by Shamir et al. has demonstrated that information about the operation of cryptosystems and algorithms can be obtained in this way as well. This is an acoustic attack; if the surface of the CPU chip, or in some cases the CPU package, can be observed, infrared images can also provide information about the code being executed on the CPU, known as a thermal imaging attack. Countermeasures Because side channel attacks rely on emitted information (like electromagnetic radiation or sound) or on relationship information (as in timing and power attacks), the most reasonable methods of countering such attacks is to limit the release of such information
or access to those relationships. Displays are now commercially available which have been specially shielded to lessen electromagnetic emissions reducing susceptibility to TEMPEST attacks. Power line conditioning and filtering can help with power monitoring attacks, as can some continuous-duty UPSs. Physical security of hardware can reduce the risk of surreptitious installation of microphones (to counter acoustic attacks) and other micro-monitoring devices (against CPU power draw or thermal imaging attacks). Summary Emission security covers a whole range of threats in which the security of systems can be subverted by compromising emanations, whether from implanted bugs, from unintentional radio frequency or conducted electromagnetic leakage, or from emanations that are induced in some way. Although originally a concern in the national intelligence Community, Emsec is now a real issue for companies that build security products such as smartcards and cash machines. Many of these products can be defeated by observing stray RF or conducted signals. Protecting against such threats isn’t as straightforward as it might seem References: 1. Compromising Reflections -or- How to Read LCD Monitors around the Corner. 2. "A Network-based Asynchronous Architecture for Cryptographic Devices" by Ljubljana Spadavecchia 2005 in sections "3.2.3 Countermeasures", "3.4.2 Countermeasures", "3.5.6 Countermeasures", "3.5.7 Software countermeasures", "3.5.8 Hardware countermeasures", and "4.10 Side- channel analysis of asynchronous architectures". 3. "The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks"  by David Molnar, Matt Piotrowski, David Schultz, David Wagner (2005) 4. http://en.wikipedia.org/wiki/Van_Eck_phreaking 5. Public version of NACSIM 5000 http://cryptome.sabotage.org/nacsim- 5000.htm 6. How old is TEMPEST? 7. TEMPEST: a signal problem – The story of the discovery of various compromising radiations from communications and Comsec equipment, Cryptologic Spectrum, Vol. 2, No. 3, National Security Agency, Summer 1972, partially FOAI declassified 2007-09-27
8. Deborah Russell, G.T. Gangemi Sr.: Computer Security Basics. O'Reilly, 1991, ISBN 9780937175712, Chapter 10: TEMPEST, page 253 last paragraph. 9. Computers and Security, vol. 7, number 4 10.See "TEMPEST 101" and "TEMPEST and QinetiQ" under External Links. 11.http://www.eskimo.com/~joelm/tempest.html The Complete, Unofficial TEMPEST Information Page 12.TEMPEST Level Standards, SST web site 13.http://www.governmentattic.org/2docs/Hist_US_COMSEC_Boak_NSA_19 73.pdf Page 90 14.J. Loughry and D. A. Umphress. Information Leakage from Optical Emanations (.pdf file), ACM Transactions on Information and System Security, Vol. 5, No. 3, August 2002, pp. 262-289 15.Martin Vuagnoux and Sylvain Pasini Compromising radiation emanations of wired keyboards