Seizing the Signals. CSCE 727 - Farkas2 Reading List This class – Denning Chapters 7 – Federation of American Scientists, Intelligence Resource Program,

Seizing the SignalsSeizing the Signals

CSCE 727 - Farkas 2

Reading ListReading List This class

– Denning Chapters 7 – Federation of American Scientists, Intelligence Resource

Program, http://www.fas.org/irp/index.html – Legal Standards for the Intelligence Community

in Conducting Electronic Surveillance, Report was required by the FY 2000 Intelligence Authorization Act, and was transmitted to Congress at the end of February 2000, http://www.fas.org/irp/nsa/standards.html

– Introduction to TEMPEST, The Complete and unofficial TEMPEST Information Place http://www.eskimo.com/~joelm/tempestintro.html

– NSA, TEMPEST endorsement program, http://www.nsa.gov/ia/industry/tempest.cfm

CSCE 727 - Farkas 3

Signal Intelligence (SIGINT)Signal Intelligence (SIGINT)

Operations that involves– interception– analysis of signals across electromagnetic spectrum.

Intelligence report, criminal investigations, employee monitoring

Digital signal processing– Communication intelligence (COMINT)– Electronic intelligence (ELINT)– Imagery intelligence (IMINT)

CSCE 727 - Farkas 4

Domestic SurveillanceDomestic Surveillance

Surveillance of own citizens– Legislations– Circumstances permitting surveillance– Limits– Amount and kind of surveillance

U.S.: Constitutional law– Fourth Amendment: prohibition against unreasonable

searches and seizures (e.g., wiretap)

CSCE 727 - Farkas 5

Foreign Intelligence InterceptsForeign Intelligence Intercepts

National Security Agency– Monitor everything (microwave, satellite, phone, etc.)– Information about allies and enemies– Disallowed to spy on U.S. citizens

NSA’s “ears” cover the globe– Political and military intelligence (nuclear weapons,

chemical warfare, etc.)– Government trade secrets and economical information– Terrorist activities

CSCE 727 - Farkas 6

EchelonEchelon

An automated, global interception and relay system

Purpose: Surveillance of non-military targets (e.g., government, organizations, businesses)

Five nations alliance:– Primary partners: U.S. and U.K. – Junior partners: New Zealand, Canada,

Australia

CSCE 727 - Farkas 7

EchelonEchelon

U.S. - National Security Agency U.K. - Government Communications

Headquarters (GCHQ) Canada - Communications Security Establishment

(CSE) Australia - Defence Signals Directorate (DSD) New Zealand - Government Communications

Security Bureau (GCSB)

CSCE 727 - Farkas 8

EchelonEchelon

Goal: – intercept large quantities of communication– Analyze (semi-automated) gathered data– Identify and extract messages of interest

What messages are retained?– Key words – categories– Human verification

Who has access to them?

CSCE 727 - Farkas 9

HistoryHistory WWII: informal agreement regarding intelligence gathering

between the U.S. and U.K. 1943, May 17: U.K. and U.S. – BRUSA COMINT

– U.S. Army’ SIGINT Agency, British Code and Cipher School

1946-47: Commonwealth SIGINT (UK, Canada, Australia and New Zealand)

1988: Duncan Campbell, an English Journalist, published a report on Echelon (1976: “The Eavesdroppers”)

1996: Nicky Hager’s book, New Zealand journalist, “Secret Power: New Zealand’s role in International Spy Network”

2000: Echelon is investigated by news, government councils, civil liberty groups, etc.

CSCE 727 - Farkas 10

Use of Intelligence National security

– 1962: Discovery of Missile sites in Cuba – 1995: Capture of Achille Lauro terrorists

Government and military intelligence– 1983: M. Frost: Prime Minister Margaret Thatcher used

Echelon to spy on the two ministers (http://news.bbc.co.uk/1/hi/uk_politics/655996.stm )

Economic intelligence– Boeing vs. Airbus– D. Campbell: US companies gain an edge over the

European companies


The Positive AspectsThe Positive AspectsIncreased national securityPreventive measuresGlobal effects

– Global commerce– Communication infrastructure


Negative AspectsNegative Aspects Global balance Privacy issues Misuse Law Error of analysis

– Large amount of data– Sophistication of analysis– Use of results

Other Surveillance IssuesOther Surveillance Issues


EavesdroppingEavesdropping

Sender RecipientTools: microphone receivers, Tape recorder, phone “bugs”, scanners,Radio receivers, satellite receivers, spy satellites,Network sniffing, etc.


Computer CommunicationsComputer CommunicationsTCP/IP Protocol StackTCP/IP Protocol Stack

Application Layer

Transport Layer

Internetwork Layer

Network Access Layer

• Each layer interacts with neighboring layers above and below• Each layer can be defined independently• Complexity of the networking is hidden from the application

At what layer should we support security?


Security NeedsSecurity Needs

Basic services that need to be implemented:Key managementConfidentialityNonrepudiationIntegrity/authenticationAuthorization


Network Access Layer SecurityNetwork Access Layer Security Dedicated link between hosts/routers hardware

devices for encryption Advantages:

– Speed Disadvantages:

– Not scalable– Works well only on dedicates links– Two hardware devices need to be physically

connected


InternInternetwork Layer Securityetwork Layer Security

IP Security (IPSec) Advantages:

– Overhead involved with key negotiation decreases <-- multiple protocols can share the same key management infrastructure

– Ability to build VPN and intranet

Disadvantages:– Difficult to handle low granularity security, e.g.,

nonrepudation, user-based security,


Transport Layer SecurityTransport Layer Security

Advantages:– Does not require enhancement to each

application

Disadvantages:– Difficult to obtain user context– Implemented on an end system– Protocol specific implemented for each

protocol


Application Layer SecurityApplication Layer Security Advantages:

– Executing in the context of the user --> easy access to user’s credentials– Complete access to data --> easier to ensure nonrepudation– Application can be extended to provide security (do not depend on the

operating system)– Application understand data --> fine tune security

Disadvantages:– Implemented in end hosts– Security mechanisms have to be implemented for each application -->

– expensive

– greated probability of making mistake


Passive AttackPassive Attack

Access to confidential data and traffic pattern Privacy rights U.S. federal wiretap law

– Illegal for an individual to eavesdrop intentionally on wire, oral or electronic communications

– Home usage? Bug your phone? Hidden recorders? – Company monitoring? Computer vs. telephone?

Eavesdropping device: manufacture, sale, possess, advertise– Legal/illegal


Message DeciphersMessage Deciphers

Available encryption technology Cryptanalysis

– Technology– Brute force attack

Other means– Spy, social engineering, eavesdropping, keystroke

monitoring, hacking, etc. Release information give our capabilities

– National defense, tactical, ethical, etc.?


Surveillance DifficultiesSurveillance Difficulties

New Technologies– 1994: U.S. Congress: Communication

Assistance or Law Enforcement Act (digital telephony bill”

EncryptionData authenticity and integrity

TEMPESTTEMPEST


TEMPESTTEMPEST

U.S. government code : classified set of standards for limiting electric and magnetic radiation emanations from electronic equipments.

Investigations and studies of compromising emanations.


Compromising EmanationsCompromising Emanations

Unintentional intelligence-bearing signals that if intercepted and analyzed can disclose classified information.

Intercepted when transmitted, handled, or processed

Tempest equipment: remotely mirror what is being done on a remote device, e.g., video monitor, cable wire, processing unit, etc.


Unintentional EmanationsUnintentional Emanations Normal operation of system Deliberate or accidental exposure to unusual

environment Software induced Security Considerations: Traditional

– Unauthorized access to the system – requires knowledge about the system, applications, configuration, can be detected, limited time frame, etc.

Upcoming – Exploitation of compromising signals


TEMPEST HistoryTEMPEST History U.S. government concern about capture and reconstruction of emanations from

high-security devices used to process, transmit, store sensitive data– 1950s: Introduce standards to limit “leakage” – NAG1A– 1960s: revise NAG1A to FS222 and FS222A– 1970s: revise standards – National Communications Security Information

memorandum 5100 (NACSIM)– 1974: revise NACSIM 5100– 1981: National Communications Security Committee Directive 4. – MACSIM

5100A (classified) – 1984: National Communications Security Instructions – NACSI 5400 (secret)– 1984: National Security Directive 145. by NSA

NSA: Tempest: a signal problem, (http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf

NSA: History of US Communications security, http://www.nsa.gov/public_info/_files/cryptologic_histories/history_comsec.pdf


Military applicationMilitary application

WWI Enemy communications– German army eavesdropped on enemy

communication while already implementing protection measures against the same attacks against German communications

1960: MI5 tempest attack on cipher machines

Limited publications


Non-military ApplicationNon-military Application

1966: open publication on the risk of tempest attacks

19821984: Swedish government publication on the business risk of tempest attacks

1985: van ECK – screen content disclosure1985: Bank ATM – card info and PIN1990: tamper resistant hardware – smart

card


Electromagnetic EmissionsElectromagnetic Emissions

Simplest form of electromagnetic fields: transmission and distribution lines, wall socket power: steady 60 hertz (U.S.), sinusoidal wave

Electric devices: alter characteristics of electromagnetic waves (frequency, power level, wave form) – E.g., wave forms: sinusoidal, sawtooth, spike, square

Capture and interpret: complex waves can be captured, interpreted, and replayed on similar device to create exact replica of the original device

Field strength – Reduced with the distance from the electric device– Depends on the emanating device, e.g., type of screen, CPU,


COMSECCOMSEC

Four main parts:– Physical security – Emission security– Transmission security – Cryptographic security

Red equipment: handles plain text information with national security value

Black equipment: protected (encrypted) information

Unintentional emission: from Red systems


TEMPEST AttackTEMPEST Attack

Requires:– High level of expertise and equipment to

decode captured waves– Proximity to the target– Long collection time

Processing device: $5,000-$250,000


Tempest ProtectionTempest Protection

Physical separation– Exclude unauthorized individuals from areas

near the source of emanation

Electromagnetic separation– Shielding, filtering, etc. to remove the leak

Signal level minimization– Lowest feasible power-level use


Physical Separation Physical Separation

Red machines are together in single, minimal size area

Reduce potential cross coupling


TEMPEST ShieldingTEMPEST Shielding

NSA specifications – Ferrites, other frequency interference products – Shield equipment, cables, room, building, etc. – NSA standards, endorsed devices and

contractors – Expensive – TEMPEST protected PC about

double the price– Shielding and distance together


Threat-Based SystemThreat-Based System

Reduce the cost of TEMPEST efforts– Evaluation: sensitivity of information, risk of

TEMPEST attack, etc.– Personnel control: physical control,

unauthorized access– Compartmentalization: each sensitivity level is

isolated from the others– Physical control of emanation: shield, power,

noise, etc.


Tempest ProceduresTempest Procedures

Government and organizational restrictionsProducts, installation, maintenanceReporting needsCertified TEMPEST technical authority

(CTTA)


Need for TEMPESTNeed for TEMPEST

Little public data on TEMPEST casesGovernment focus and funding

– National security intelligence– Economic espionage

Decoding device: hard to obtainBandwidth of human intelligence vs.

TEMPESTTEMPEST threat within U.S. – minimal??


Eavesdropping from Computer Eavesdropping from Computer Displays Displays

Markus Kuhn, University of Cambridge, Computer Laboratory, 2003– Cathode-ray tube (CRT)– Liquid-crystal monitor (LCM)– Video signals– Optical eavesdropping

Documents

Seizing the Signals. CSCE 727 - Farkas2 Reading List This class – Denning Chapters 7 – Federation of American Scientists, Intelligence Resource Program,