Upload
aileen-cox
View
216
Download
1
Tags:
Embed Size (px)
Citation preview
Seizing the SignalsSeizing the Signals
CSCE 727 - Farkas 2
Reading ListReading List This class
– Denning Chapters 7 – Federation of American Scientists, Intelligence Resource
Program, http://www.fas.org/irp/index.html – Legal Standards for the Intelligence Community
in Conducting Electronic Surveillance, Report was required by the FY 2000 Intelligence Authorization Act, and was transmitted to Congress at the end of February 2000, http://www.fas.org/irp/nsa/standards.html
– Introduction to TEMPEST, The Complete and unofficial TEMPEST Information Place http://www.eskimo.com/~joelm/tempestintro.html
– NSA, TEMPEST endorsement program, http://www.nsa.gov/ia/industry/tempest.cfm
CSCE 727 - Farkas 3
Signal Intelligence (SIGINT)Signal Intelligence (SIGINT)
Operations that involves– interception– analysis of signals across electromagnetic spectrum.
Intelligence report, criminal investigations, employee monitoring
Digital signal processing– Communication intelligence (COMINT)– Electronic intelligence (ELINT)– Imagery intelligence (IMINT)
CSCE 727 - Farkas 4
Domestic SurveillanceDomestic Surveillance
Surveillance of own citizens– Legislations– Circumstances permitting surveillance– Limits– Amount and kind of surveillance
U.S.: Constitutional law– Fourth Amendment: prohibition against unreasonable
searches and seizures (e.g., wiretap)
CSCE 727 - Farkas 5
Foreign Intelligence InterceptsForeign Intelligence Intercepts
National Security Agency– Monitor everything (microwave, satellite, phone, etc.)– Information about allies and enemies– Disallowed to spy on U.S. citizens
NSA’s “ears” cover the globe– Political and military intelligence (nuclear weapons,
chemical warfare, etc.)– Government trade secrets and economical information– Terrorist activities
CSCE 727 - Farkas 6
EchelonEchelon
An automated, global interception and relay system
Purpose: Surveillance of non-military targets (e.g., government, organizations, businesses)
Five nations alliance:– Primary partners: U.S. and U.K. – Junior partners: New Zealand, Canada,
Australia
CSCE 727 - Farkas 7
EchelonEchelon
U.S. - National Security Agency U.K. - Government Communications
Headquarters (GCHQ) Canada - Communications Security Establishment
(CSE) Australia - Defence Signals Directorate (DSD) New Zealand - Government Communications
Security Bureau (GCSB)
CSCE 727 - Farkas 8
EchelonEchelon
Goal: – intercept large quantities of communication– Analyze (semi-automated) gathered data– Identify and extract messages of interest
What messages are retained?– Key words – categories– Human verification
Who has access to them?
CSCE 727 - Farkas 9
HistoryHistory WWII: informal agreement regarding intelligence gathering
between the U.S. and U.K. 1943, May 17: U.K. and U.S. – BRUSA COMINT
– U.S. Army’ SIGINT Agency, British Code and Cipher School
1946-47: Commonwealth SIGINT (UK, Canada, Australia and New Zealand)
1988: Duncan Campbell, an English Journalist, published a report on Echelon (1976: “The Eavesdroppers”)
1996: Nicky Hager’s book, New Zealand journalist, “Secret Power: New Zealand’s role in International Spy Network”
2000: Echelon is investigated by news, government councils, civil liberty groups, etc.
CSCE 727 - Farkas 10
Use of Intelligence National security
– 1962: Discovery of Missile sites in Cuba – 1995: Capture of Achille Lauro terrorists
Government and military intelligence– 1983: M. Frost: Prime Minister Margaret Thatcher used
Echelon to spy on the two ministers (http://news.bbc.co.uk/1/hi/uk_politics/655996.stm )
Economic intelligence– Boeing vs. Airbus– D. Campbell: US companies gain an edge over the
European companies
CSCE 727 - Farkas 11
The Positive AspectsThe Positive AspectsIncreased national securityPreventive measuresGlobal effects
– Global commerce– Communication infrastructure
CSCE 727 - Farkas 12
Negative AspectsNegative Aspects Global balance Privacy issues Misuse Law Error of analysis
– Large amount of data– Sophistication of analysis– Use of results
Other Surveillance IssuesOther Surveillance Issues
CSCE 727 - Farkas 14
EavesdroppingEavesdropping
Sender RecipientTools: microphone receivers, Tape recorder, phone “bugs”, scanners,Radio receivers, satellite receivers, spy satellites,Network sniffing, etc.
CSCE 727 - Farkas 15
Computer CommunicationsComputer CommunicationsTCP/IP Protocol StackTCP/IP Protocol Stack
Application Layer
Transport Layer
Internetwork Layer
Network Access Layer
• Each layer interacts with neighboring layers above and below• Each layer can be defined independently• Complexity of the networking is hidden from the application
At what layer should we support security?
CSCE 727 - Farkas 16
Security NeedsSecurity Needs
Basic services that need to be implemented:Key managementConfidentialityNonrepudiationIntegrity/authenticationAuthorization
CSCE 727 - Farkas 17
Network Access Layer SecurityNetwork Access Layer Security Dedicated link between hosts/routers hardware
devices for encryption Advantages:
– Speed Disadvantages:
– Not scalable– Works well only on dedicates links– Two hardware devices need to be physically
connected
CSCE 727 - Farkas 18
InternInternetwork Layer Securityetwork Layer Security
IP Security (IPSec) Advantages:
– Overhead involved with key negotiation decreases <-- multiple protocols can share the same key management infrastructure
– Ability to build VPN and intranet
Disadvantages:– Difficult to handle low granularity security, e.g.,
nonrepudation, user-based security,
CSCE 727 - Farkas 19
Transport Layer SecurityTransport Layer Security
Advantages:– Does not require enhancement to each
application
Disadvantages:– Difficult to obtain user context– Implemented on an end system– Protocol specific implemented for each
protocol
CSCE 727 - Farkas 20
Application Layer SecurityApplication Layer Security Advantages:
– Executing in the context of the user --> easy access to user’s credentials– Complete access to data --> easier to ensure nonrepudation– Application can be extended to provide security (do not depend on the
operating system)– Application understand data --> fine tune security
Disadvantages:– Implemented in end hosts– Security mechanisms have to be implemented for each application -->
– expensive
– greated probability of making mistake
CSCE 727 - Farkas 21
Passive AttackPassive Attack
Access to confidential data and traffic pattern Privacy rights U.S. federal wiretap law
– Illegal for an individual to eavesdrop intentionally on wire, oral or electronic communications
– Home usage? Bug your phone? Hidden recorders? – Company monitoring? Computer vs. telephone?
Eavesdropping device: manufacture, sale, possess, advertise– Legal/illegal
CSCE 727 - Farkas 22
Message DeciphersMessage Deciphers
Available encryption technology Cryptanalysis
– Technology– Brute force attack
Other means– Spy, social engineering, eavesdropping, keystroke
monitoring, hacking, etc. Release information give our capabilities
– National defense, tactical, ethical, etc.?
CSCE 727 - Farkas 23
Surveillance DifficultiesSurveillance Difficulties
New Technologies– 1994: U.S. Congress: Communication
Assistance or Law Enforcement Act (digital telephony bill”
EncryptionData authenticity and integrity
TEMPESTTEMPEST
CSCE 727 - Farkas 25
TEMPESTTEMPEST
U.S. government code : classified set of standards for limiting electric and magnetic radiation emanations from electronic equipments.
Investigations and studies of compromising emanations.
CSCE 727 - Farkas 26
Compromising EmanationsCompromising Emanations
Unintentional intelligence-bearing signals that if intercepted and analyzed can disclose classified information.
Intercepted when transmitted, handled, or processed
Tempest equipment: remotely mirror what is being done on a remote device, e.g., video monitor, cable wire, processing unit, etc.
CSCE 727 - Farkas 27
Unintentional EmanationsUnintentional Emanations Normal operation of system Deliberate or accidental exposure to unusual
environment Software induced Security Considerations: Traditional
– Unauthorized access to the system – requires knowledge about the system, applications, configuration, can be detected, limited time frame, etc.
Upcoming – Exploitation of compromising signals
CSCE 727 - Farkas 28
TEMPEST HistoryTEMPEST History U.S. government concern about capture and reconstruction of emanations from
high-security devices used to process, transmit, store sensitive data– 1950s: Introduce standards to limit “leakage” – NAG1A– 1960s: revise NAG1A to FS222 and FS222A– 1970s: revise standards – National Communications Security Information
memorandum 5100 (NACSIM)– 1974: revise NACSIM 5100– 1981: National Communications Security Committee Directive 4. – MACSIM
5100A (classified) – 1984: National Communications Security Instructions – NACSI 5400 (secret)– 1984: National Security Directive 145. by NSA
NSA: Tempest: a signal problem, (http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf
NSA: History of US Communications security, http://www.nsa.gov/public_info/_files/cryptologic_histories/history_comsec.pdf
CSCE 727 - Farkas 29
Military applicationMilitary application
WWI Enemy communications– German army eavesdropped on enemy
communication while already implementing protection measures against the same attacks against German communications
1960: MI5 tempest attack on cipher machines
Limited publications
CSCE 727 - Farkas 30
Non-military ApplicationNon-military Application
1966: open publication on the risk of tempest attacks
19821984: Swedish government publication on the business risk of tempest attacks
1985: van ECK – screen content disclosure1985: Bank ATM – card info and PIN1990: tamper resistant hardware – smart
card
CSCE 727 - Farkas 31
Electromagnetic EmissionsElectromagnetic Emissions
Simplest form of electromagnetic fields: transmission and distribution lines, wall socket power: steady 60 hertz (U.S.), sinusoidal wave
Electric devices: alter characteristics of electromagnetic waves (frequency, power level, wave form) – E.g., wave forms: sinusoidal, sawtooth, spike, square
Capture and interpret: complex waves can be captured, interpreted, and replayed on similar device to create exact replica of the original device
Field strength – Reduced with the distance from the electric device– Depends on the emanating device, e.g., type of screen, CPU,
CSCE 727 - Farkas 32
COMSECCOMSEC
Four main parts:– Physical security – Emission security– Transmission security – Cryptographic security
Red equipment: handles plain text information with national security value
Black equipment: protected (encrypted) information
Unintentional emission: from Red systems
CSCE 727 - Farkas 33
TEMPEST AttackTEMPEST Attack
Requires:– High level of expertise and equipment to
decode captured waves– Proximity to the target– Long collection time
Processing device: $5,000-$250,000
CSCE 727 - Farkas 34
Tempest ProtectionTempest Protection
Physical separation– Exclude unauthorized individuals from areas
near the source of emanation
Electromagnetic separation– Shielding, filtering, etc. to remove the leak
Signal level minimization– Lowest feasible power-level use
CSCE 727 - Farkas 35
Physical Separation Physical Separation
Red machines are together in single, minimal size area
Reduce potential cross coupling
CSCE 727 - Farkas 36
TEMPEST ShieldingTEMPEST Shielding
NSA specifications – Ferrites, other frequency interference products – Shield equipment, cables, room, building, etc. – NSA standards, endorsed devices and
contractors – Expensive – TEMPEST protected PC about
double the price– Shielding and distance together
CSCE 727 - Farkas 37
Threat-Based SystemThreat-Based System
Reduce the cost of TEMPEST efforts– Evaluation: sensitivity of information, risk of
TEMPEST attack, etc.– Personnel control: physical control,
unauthorized access– Compartmentalization: each sensitivity level is
isolated from the others– Physical control of emanation: shield, power,
noise, etc.
CSCE 727 - Farkas 38
Tempest ProceduresTempest Procedures
Government and organizational restrictionsProducts, installation, maintenanceReporting needsCertified TEMPEST technical authority
(CTTA)
CSCE 727 - Farkas 39
Need for TEMPESTNeed for TEMPEST
Little public data on TEMPEST casesGovernment focus and funding
– National security intelligence– Economic espionage
Decoding device: hard to obtainBandwidth of human intelligence vs.
TEMPESTTEMPEST threat within U.S. – minimal??
CSCE 727 - Farkas 40
Eavesdropping from Computer Eavesdropping from Computer Displays Displays
Markus Kuhn, University of Cambridge, Computer Laboratory, 2003– Cathode-ray tube (CRT)– Liquid-crystal monitor (LCM)– Video signals– Optical eavesdropping