1 / 17

Security Fundamentals Group

TEMPEST Security. Hidema Tanaka. Security Fundamentals Group. Information leakage via electromagnetic emanation. PC. printer. color printer. scanner. FAX. multifunction machine.

katen
Download Presentation

Security Fundamentals Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TEMPEST Security Hidema Tanaka Security Fundamentals Group

  2. Information leakage via electromagnetic emanation PC printer color printer scanner FAX multifunction machine Electromagnetic wave, which is emanated unintentionally from running IT devices, contains information of processing signals from the devices. Security Fundamentals Group

  3. What is TEMPEST target PC antenna Reconstruction image by emanated electromagnetic wave Tempest receiver Security Fundamentals Group

  4. Threat of information leakage from display image ・There is a possibility that personal information on public information terminals stolen. ・Screen design of public information terminal is very simple. (Universal design) ・It is easy to reconstruct such simple display image by TEMPEST. ・Human-interface can not be protected by crypto-technology. e-voting system ATM system Target of TEMPEST Target of TEMPEST Target of TEMPEST e-voting system e-voting system ATM a serious threat on the information security !! information Security Fundamentals Group

  5. Principle of TEMPEST Very easy : almost same as TV but attacker needs some information of the target. Security Fundamentals Group

  6. Activity of our group Receiver Monitor Signal generator Vertical/Horizontal synchronous frequency 1. Analysis: Which frequency? What information? Video signal Synchronous signals 2. Simplification: Effectiveness vs Cost (Reality of threat). 3. Countermeasure: New techniques. Security Fundamentals Group

  7. Analysis 秘 To evaluate information in electromagnetic emanation quantitatively, it is important to monitor emanated signals from electronic instruments in more easy-to-use way and more easy to reconstitute way, then to analyze how information signal is contained in emanated signal. We propose the method to monitor electromagnetic signals emanated from PC (desktop PC) in more easy-to-use way and more easy to reconstitute way. Also we reconstitute information from monitoring results and evaluate it. 秘 Analysis & evaluation Security Fundamentals Group

  8. Our proposal system ・Not need shield room --- We can get high S/N signal. ・Experimental results can be re-produced. --- It does not depend on the environment. ・data-processing is easy. Security Fundamentals Group

  9. 1 2 3 4 5 6 1 2 3 4 5 6 7 7 Monitor display image This result shows that we can monitor emanated electromagnetic signal corresponding to character line(1~7line) displayed on the monitor. We can reconstitute easily by the result from the proposed monitoring method, and also it is very easy-to-use. Security Fundamentals Group

  10. We can reconstitute image by using signal processing. In this reconstitution result of monitor display image, we can read a character around 18 point. Security Fundamentals Group

  11. Simplification of TEMPEST Specification of FSET22 ・High performance receiver (10~20 years ago, FSET 22 was a military model) ・Real time image processing (such as Adobe Photoshop) ・Hardware Amplification and noise canceller ・Setting of synchronous frequency in 0.001[Hz] step ・Very expensive ($100M or higher? I do not know.) Does attacker (such a pedestrian hacker) need such expensive machines ? Security Fundamentals Group

  12. The answer is NO. Easy TEMPEST receiver ・Receiver: AOR AR8600 mk2 with TV output about $800 ・Signal generator: NF Wave Factory 1944B about $2000 ・No image processing Performance ・do not succeed from far away by antenna. But wire tap (power cable or LAN cable using a current probe) is ok. ・Rough screen such as ATM interface is ok. Countermeasures are important and necessary. Security Fundamentals Group

  13. Countermeasures We can already use some countermeasure products, cage special cable and connector/adapter Tempest PC (about $10,000) jamming machine … but they are too expensive and limited usage. Security Fundamentals Group

  14. Top 30% of horizontal frequency spectrum of image Effective to Tempest attack Removing top 30 % of horizontal frequency spectrum of image The basic idea of the Tempest fonts Kuhn and Anderson (Cambridge university) , IH98 New technique → Software solution “TEMPEST fonts” Security Fundamentals Group

  15. Enlarged view of reconstruction image Monitor display image If we use common font, we can read a character in reconstruction image. Security Fundamentals Group

  16. TEMPEST font generated by Fourier trans. and Gaussian. reconstruction image Monitor display image But, when we use proposed TEMEPST font, we are hard to read a character in reconstruction image. Security Fundamentals Group

  17. Future works ・Reconstruction of keyboard typing information via EM ⇔ “Keyboard acoustic emanation” (L.Lhuag et.al , CSS05) ・EM side-channel cryptanalysis (IC card, RFID etc) ・EM attack (small scale of E-Bomb) on IT devices e.g. Attack to LAN cable → packet error → DoS attack Security Fundamentals Group

More Related