410 likes | 573 Views
Seizing the Signals. Reading List. This class Denning Chapters 7 Federation of American Scientists, Intelligence Resource Program, http://www.fas.org/irp/index.html
E N D
Reading List • This class • Denning Chapters 7 • Federation of American Scientists, Intelligence Resource Program, http://www.fas.org/irp/index.html • Legal Standards for the Intelligence Community in Conducting Electronic Surveillance, Report was required by the FY 2000 Intelligence Authorization Act, and was transmitted to Congress at the end of February 2000, http://www.fas.org/irp/nsa/standards.html • Introduction to TEMPEST, The Complete and unofficial TEMPEST Information Place http://www.eskimo.com/~joelm/tempestintro.html • NSA, TEMPEST endorsement program, http://www.nsa.gov/ia/industry/tempest.cfm
Signal Intelligence (SIGINT) • Operations that involves • interception • analysis of signals across electromagnetic spectrum. • Intelligence report, criminal investigations, employee monitoring • Digital signal processing • Communication intelligence (COMINT) • Electronic intelligence (ELINT) • Imagery intelligence (IMINT)
Domestic Surveillance • Surveillance of own citizens • Legislations • Circumstances permitting surveillance • Limits • Amount and kind of surveillance • U.S.: Constitutional law • Fourth Amendment: prohibition against unreasonable searches and seizures (e.g., wiretap)
Foreign Intelligence Intercepts • National Security Agency • Monitor everything (microwave, satellite, phone, etc.) • Information about allies and enemies • Disallowed to spy on U.S. citizens • NSA’s “ears” cover the globe • Political and military intelligence (nuclear weapons, chemical warfare, etc.) • Government trade secrets and economical information • Terrorist activities
Echelon • An automated, global interception and relay system • Purpose: Surveillance of non-military targets (e.g., government, organizations, businesses) • Five nations alliance: • Primary partners: U.S. and U.K. • Junior partners: New Zealand, Canada, Australia
Echelon • U.S. - National Security Agency • U.K. - Government Communications Headquarters (GCHQ) • Canada - Communications Security Establishment (CSE) • Australia - Defence Signals Directorate (DSD) • New Zealand - Government Communications Security Bureau (GCSB)
Echelon • Goal: • intercept large quantities of communication • Analyze (semi-automated) gathered data • Identify and extract messages of interest • What messages are retained? • Key words – categories • Human verification • Who has access to them?
History • WWII: informal agreement regarding intelligence gathering between the U.S. and U.K. • 1943, May 17: U.K. and U.S. – BRUSA COMINT • U.S. Army’ SIGINT Agency, British Code and Cipher School • 1946-47: Commonwealth SIGINT (UK, Canada, Australia and New Zealand) • 1988: Duncan Campbell, an English Journalist, published a report on Echelon (1976: “The Eavesdroppers”) • 1996: Nicky Hager’s book, New Zealand journalist, “Secret Power: New Zealand’s role in International Spy Network” • 2000: Echelon is investigated by news, government councils, civil liberty groups, etc.
Use of Intelligence • National security • 1962: Discovery of Missile sites in Cuba • 1995: Capture of Achille Lauro terrorists • Government and military intelligence • 1983: M. Frost: Prime Minister Margaret Thatcher used Echelon to spy on the two ministers (http://news.bbc.co.uk/1/hi/uk_politics/655996.stm ) • Economic intelligence • Boeing vs. Airbus • D. Campbell: US companies gain an edge over the European companies
The Positive Aspects • Increased national security • Preventive measures • Global effects • Global commerce • Communication infrastructure
Negative Aspects • Global balance • Privacy issues • Misuse • Law • Error of analysis • Large amount of data • Sophistication of analysis • Use of results
Recipient Sender Eavesdropping Tools: microphone receivers, Tape recorder, phone “bugs”, scanners, Radio receivers, satellite receivers, spy satellites, Network sniffing, etc.
Computer CommunicationsTCP/IP Protocol Stack Application Layer • Each layer interacts with • neighboring layers above • and below • Each layer can be defined • independently • Complexity of the networkingis hidden from the application Transport Layer Internetwork Layer Network Access Layer At what layer should we support security?
Security Needs • Basic servicesthat need to be implemented: • Key management • Confidentiality • Nonrepudiation • Integrity/authentication • Authorization
Network Access Layer Security • Dedicated link between hosts/routers hardware devices for encryption • Advantages: • Speed • Disadvantages: • Not scalable • Works well only on dedicates links • Two hardware devices need to be physically connected
Internetwork Layer Security • IP Security (IPSec) • Advantages: • Overhead involved with key negotiation decreases <-- multiple protocols can share the same key management infrastructure • Ability to build VPN and intranet • Disadvantages: • Difficult to handle low granularity security, e.g., nonrepudation, user-based security,
Transport Layer Security • Advantages: • Does not require enhancement to each application • Disadvantages: • Difficult to obtain user context • Implemented on an end system • Protocol specific implemented for each protocol
Application Layer Security • Advantages: • Executing in the context of the user --> easy access to user’s credentials • Complete access to data --> easier to ensure nonrepudation • Application can be extended to provide security (do not depend on the operating system) • Application understand data --> fine tune security • Disadvantages: • Implemented in end hosts • Security mechanisms have to be implemented for each application --> • expensive • greated probability of making mistake
Passive Attack • Access to confidential data and traffic pattern • Privacy rights • U.S. federal wiretap law • Illegal for an individual to eavesdrop intentionally on wire, oral or electronic communications • Home usage? Bug your phone? Hidden recorders? • Company monitoring? Computer vs. telephone? • Eavesdropping device: manufacture, sale, possess, advertise • Legal/illegal
Message Deciphers • Available encryption technology • Cryptanalysis • Technology • Brute force attack • Other means • Spy, social engineering, eavesdropping, keystroke monitoring, hacking, etc. • Release information give our capabilities • National defense, tactical, ethical, etc.?
Surveillance Difficulties • New Technologies • 1994: U.S. Congress: Communication Assistance or Law Enforcement Act (digital telephony bill” • Encryption • Data authenticity and integrity
TEMPEST • U.S. government code : classified set of standards for limiting electric and magnetic radiation emanations from electronic equipments. • Investigations and studies of compromising emanations.
Compromising Emanations • Unintentional intelligence-bearing signals that if intercepted and analyzed can disclose classified information. • Intercepted when transmitted, handled, or processed • Tempest equipment: remotely mirror what is being done on a remote device, e.g., video monitor, cable wire, processing unit, etc.
Unintentional Emanations • Normal operation of system • Deliberate or accidental exposure to unusual environment • Software induced Security Considerations: • Traditional • Unauthorized access to the system – requires knowledge about the system, applications, configuration, can be detected, limited time frame, etc. • Upcoming • Exploitation of compromising signals
TEMPEST History • U.S. government concern about capture and reconstruction of emanations from high-security devices used to process, transmit, store sensitive data • 1950s: Introduce standards to limit “leakage” – NAG1A • 1960s: revise NAG1A to FS222 and FS222A • 1970s: revise standards – National Communications Security Information memorandum 5100 (NACSIM) • 1974: revise NACSIM 5100 • 1981: National Communications Security Committee Directive 4. – MACSIM 5100A (classified) • 1984: National Communications Security Instructions – NACSI 5400 (secret) • 1984: National Security Directive 145. by NSA • NSA: Tempest: a signal problem, (http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf • NSA: History of US Communications security, http://www.nsa.gov/public_info/_files/cryptologic_histories/history_comsec.pdf
Military application • WWI Enemy communications • German army eavesdropped on enemy communication while already implementing protection measures against the same attacks against German communications • 1960: MI5 tempest attack on cipher machines • Limited publications
Non-military Application • 1966: open publication on the risk of tempest attacks • 19821984: Swedish government publication on the business risk of tempest attacks • 1985: van ECK – screen content disclosure • 1985: Bank ATM – card info and PIN • 1990: tamper resistant hardware – smart card
Electromagnetic Emissions • Simplest form of electromagnetic fields: transmission and distribution lines, wall socket power: steady 60 hertz (U.S.), sinusoidal wave • Electric devices: alter characteristics of electromagnetic waves (frequency, power level, wave form) • E.g., wave forms: sinusoidal, sawtooth, spike, square • Capture and interpret: complex waves can be captured, interpreted, and replayed on similar device to create exact replica of the original device • Field strength • Reduced with the distance from the electric device • Depends on the emanating device, e.g., type of screen, CPU,
COMSEC • Four main parts: • Physical security • Emission security • Transmission security • Cryptographic security • Red equipment: handles plain text information with national security value • Black equipment: protected (encrypted) information • Unintentional emission: from Red systems
TEMPEST Attack • Requires: • High level of expertise and equipment to decode captured waves • Proximity to the target • Long collection time • Processing device: $5,000-$250,000
Tempest Protection • Physical separation • Exclude unauthorized individuals from areas near the source of emanation • Electromagnetic separation • Shielding, filtering, etc. to remove the leak • Signal level minimization • Lowest feasible power-level use
Red machines are together in single, minimal size area Reduce potential cross coupling Physical Separation
TEMPEST Shielding • NSA specifications • Ferrites, other frequency interference products • Shield equipment, cables, room, building, etc. • NSA standards, endorsed devices and contractors • Expensive – TEMPEST protected PC about double the price • Shielding and distance together
Threat-Based System • Reduce the cost of TEMPEST efforts • Evaluation: sensitivity of information, risk of TEMPEST attack, etc. • Personnel control: physical control, unauthorized access • Compartmentalization: each sensitivity level is isolated from the others • Physical control of emanation: shield, power, noise, etc.
Tempest Procedures • Government and organizational restrictions • Products, installation, maintenance • Reporting needs • Certified TEMPEST technical authority (CTTA)
Need for TEMPEST • Little public data on TEMPEST cases • Government focus and funding • National security intelligence • Economic espionage • Decoding device: hard to obtain • Bandwidth of human intelligence vs. TEMPEST • TEMPEST threat within U.S. – minimal??
Eavesdropping from Computer Displays • Markus Kuhn, University of Cambridge, Computer Laboratory, 2003 • Cathode-ray tube (CRT) • Liquid-crystal monitor (LCM) • Video signals • Optical eavesdropping