• PDF / 708,025 Bytes
• 13 Pages / 430 x 660 pts Page_size
• 95 Downloads / 194 Views

DOWNLOAD

REPORT

Abstract. It is well known that there is relationship between electromagnetic emanation and processing information in IT devices such as personal computers and smart cards. By analyzing such electromagnetic emanation, eavesdropper will be able to get some information, so it becomes a real threat of information security. In this paper, we show how to estimate amount of information that is leaked as electromagnetic emanation. We assume the area between the IT device and the receiver is a communication channel, and we define the amount of information leakage via electromagnetic emanations by its channel capacity. By some experimental results of Tempest, we show example estimations of amount of information leakage. Using the value of channel capacity, we can calculate the amount of information per pixel in the reconstructed image. And we evaluate the effectiveness of Tempest fonts generated by Gaussian method and its threshold of security. Keyword: Electromagnetic emanation, EMC, Tempest, Eavesdropping, Side-channel attack.

1

Introduction

Information leakage via electromagnetic emanations from IT devices is a well known threat. Information concerning man-machine interfaces (such as monitors, keyboards, printers, etc.) cannot be protected by crypto technologies, so they are security risks. In particular, information displayed on a monitor (hereafter called “displayed information”) is a very serious one. An eavesdropper receiving electromagnetic emanations does not leave evidence of their activity, and the victim notices nothing. Such a problem is known as a “Tempest”, and various countermeasures have been proposed [3] [9] [15] [20]. They can be classified into two categories: hardware based and software based. Almost all hardware-based countermeasures are aimed at preventing electromagnetic emanations. Though the immediate effect is high, these countermeasures are expensive, and the cost effectiveness is low. In addition, they most likely cannot be built into current systems, and further maintenance of the infrastructure would be needed. On the other hand, software-based countermeasures will make it difficult to reconstruct information from received electromagnetic emanations. P. McDaniel and S.K. Gupta (Eds.): ICISS 2007, LNCS 4812, pp. 167–179, 2007. c Springer-Verlag Berlin Heidelberg 2007 

168

H. Tanaka Table 1. Tempest countermeasures

Hardware

Method filter/adapter infrastructure jamming

Software

image processing

Purpose prevention of emanation from parts (USB, serial connector etc) of IT devices prevention of emanation from the buildings or rooms (e.g. shielded room) interception of the receiving by generating another emanation transformation of images which does not generate strong emanation (e.g. TEMPEST fonts [12])

They are cheap and can easily be introduced into existing systems, but the effect they have is limited. Examples are shown in Table 1. The effectiveness of most countermeasures has been evaluated from the viewpoint of EMC (Electro-Magnetic Compatibility) and experimental results of human subjectiv

Recommend Documents

Electromagnetic Information Interception and Reproduction

180 58 2MB

Security Problems and Countermeasures of Network Accounting Information System

177 53 66MB

Countermeasures

193 15 47MB

DroidTrack: Tracking Information Diffusion and Preventing Information Leakage on Android

161 98 2MB

Leakage-Resilient Functional Encryption via Pair Encodings

183 21 341KB

Countermeasures

177 56 21MB

Biodiversity Loss and Countermeasures

183 62 38MB

Leakage Assessment Through Neural Estimation of the Mutual Information

206 3 39MB

Unprovability of Leakage-Resilient Cryptography Beyond the Information-Theoretic Limit

184 75 16MB

Desertification: Causes and Countermeasures

181 70 38MB

The Tempest and New World-Utopian Politics

222 97 332KB

Revisiting The Tempest The Capacity to Signify

160 53 1MB