Ross Anderson’s book “Security Engineering” - Chapter 17

By: Alex (Alon) Nulman

Emission security is the field which has to do with emissions

What are emissions?

Emissions are the act of producing or sending out something (such as energy or gas) from a source, in our case, Radio waves, heat, sound and electricity

Definition: In electronics, crosstalk is any phenomenon by which a signal transmitted on one circuit or channel of a transmission system creates an undesired effect in another circuit or channel. –wikipedia

Problem:

When telephones where new, phone lines would be stacked one on top of each other causing a lot of crosstalk

Solution:

Transposing the positions of the cables between every post turned the cabling into simple twisted pairs, reducing the problem significantly

During the first world war, field phones used by the British used “earth return” circuits, effectively halving the amount of wire required

Fun part: in 1914 the British were entrenched in the mud of Flanders (Belgium). Earth-leakage caused a lot of crosstalk, the Germans could listen in on British communications

More fun: in 1915 the use of (valve) amplifiers made the problem worse by extending the range at which emanations could be pick up.

These were made worse by the abandoned cabling in no-man’s land

To solve these issues the British switched to shielded twisted pair cabling and abolished the use of earth return anywhere near the front lines

During the 60’s, the British decided to spy on a French embassy

The embassies traffic (phone) was encrypted

Fun part: The Brits noticed that the encrypted traffic from the embassy carried a second faint signal

More fun: After constructing a device that captures this second signal, it was discovered that this signal was the plaintext which somehow leaked through the cipher machine

In 1985, a Dutch scientist by the name of Wimvan Eck published a paper explaining how he managed to reconstruct an image from a screen on a modified TV from a distance

Old screens produced enough emanations that they could be picked up from meters away, even through walls

Turns out that modern screens are also susceptible to such attacks!

In the following demonstration you will see a specially crafted video that makes the captured emanations, on a simple AM radio, play a tune.

in 2006 a Dutch group opposing electronic voting demonstrated an attack that let them eavesdrop on the voting machine from several tens of meters away

Several solutions were proposed:

Shielding the machine

Putting the machine in the middle of a larger perimeter

A software solution

Researchers found that the captured emanations were mostly the high frequencies of the image (outer parts in Fourier domain)

So they removed the top 30% of the frequency domain with a low pass filter

Keyboard keys make distinct enough sounds that, given a known keyboard, an attacker can know what has been typed from an audio recording

Modern attacks are so advanced that it is possible to map a keyboard by listening to some one type in English for 10 minutes

Problem: By bouncing a laser off of a window and studying the return, it is possible to get the audio from the room at great distances

Solution I: do not have windows.

Solution II: break line of sight to the build

Problem: If you hook up a high-performance photomultiplier tube to an oscilloscope it is possible to reconstruct an image from the diffuse reflection of a screen on some ones’ shirt/face. Now hook that up to a telescope…

Solution I: do not have windows or put blinds on them

Solution II: break line of sight to the building!

Most communication devices, such as modem and routers, have status LEDs

Many companies power these LEDs directly from the data line….

http://applied-math.org/optical_tempest.pdf

In 1945 the soviets gave the US Ambassador to Moscow a replica of the great seal of the united states

Inside the seal was hidden a resonant cavity microphone

The resonant frequency was changed by a diaphragm

Attached was a small antenna

When the antenna was “illuminated” (blasted with microwaves) at the right frequency it would broadcast, at a higher frequency.

The thing was discovered to be a bug in 1951

The thing was designed by Léon Theremin

By connecting to the power rails of a smart card, an attacker can learn a lot about the card

Logic

Writes

Some sophisticated defenses include:

Adding a random operation every ~64 cycles

making the internal clock only loosely connected to the external clock and changing the internal speed every ~64 cycles

In Britain of the 1960’s, TV detector vans roamed the streets catching stray RF from TVs in homes to find “TV Tax” evaders

Today, malls, radio stations and other car park operators monitor what incoming cars have their radios tuned to for marketing purposes

If its powered, it emanates

If it is not powered, it might interfere with emanations in interesting ways

If you fart in the forest a TLA* knows what

you ate for lunch.

*TLA-Three Letter Agency

-4 -2 02 4

-

1. 0

-

0. 5

0. 0

0. 5

1. 0

Chicken-chicken chicken chicken (ch)

Ch

icken

ch

icken

(ch

^2/c

h)

0.0 0

0.0 5

0.1 0

0.1 5

0.2 0

Ch

.

Ch

icken

/ch

ick

en

(ch

/ch

)

c = -1.27

chicken

chicken

chicken

Chicken chicken chicken chicken/chicken (chicken)

Chicken 2 Chicken chicken chicken, chicken chicken, chicken chicken chicken chicken,

chicken chicken chicken chicken.

icken chicken chicken chicken chicken chicken chicken. Chicken chickenschicken chicken chicken chicken chicken chicken-chicken chicken chickenChicken p. pu [3] chicken chickens chicken [2], chicken chicken chicken

chicken chicken chicken chicken chicken chicken chickens.

Chicken chicken chicken—chicken chicken chicken chicken chi- cken,chicken chicken chicken chicken chicken chicken chicken chicken chickenC(log n) [2]. Chicken p. pu [4] chicken chicken chicken chicken chicken

chicken chicken-chicken chicken.Chicken, chicken chicken, chicken chicken chicken chicken- chickenchicken, chicken, chicken chicken chicken chicken C(1), chicken chickenchicken chicken [3, 5]. Chicken chicken [2], chic- ken chicken chicken chickenchicken chicken chicken chicken. Ch- icken chicken chicken, chicken-chicken,

chicken-chicken chicken [1] chicken chicken chicken chicken.

3Chicken

Chicken chicken chicken chicken, chicken chicken chicken chic- ken chickenchickens chicken chicken chickens. Chicken chicken chicken 1. Chickenchicken chicken chickens chicken; chicken ch- icken chicken. Chicken chicken

chicken chicken, chicken chickens chicken chicken chicken.

Chicken chicken chicken chicken chicken chicken chicken chicken chickenchicken chicken. Chicken, chicken chicken chicken chi- cken chickenchicken chicken. Chicken chicken chicken chicken chicken chicken chickenchicken chicken chicken chicken chicken chicken chickens chicken chickenschicken chicken, chicken “ch- icken chicken chicken chicken” chicken,chicken chicken chicken chicken chicken chicken chicken chicken chicken

chicken chicken chicken chicken chicken.Chicken, chicken chicken chicken:

K(E) = 1kc + 2kin + 3kin+1 (1)

chicken

(c, h, i) SK(c, h, i) =K (c, h, i)

Ki(c, h, i)e

0110110011

{0010111011

01101

10011

00101

11011

01101

10011

00101

11011

chicken{

chicken

chicken

}

chicken

chicken

ch $c0 c

$c3,4 chk

$c3

ch $c1,$0

ch $c2,$0

...

chicken{

chicken

chicken

}

chicken

chicken

chicken chicken

chicken CCC/CCC

chicken

chicken chicken

Chicken chicken:

chickens {

Chicken chicken

chickens:

chicken, chicken {

Chicken chicken:

chickens

chicken

chickenchicken

chicken,

chickens

Chicken 3 Chicken chicken chicken, chicken chicken-chicken chickens chickens.

Chicken chicken CCC chicken, chicken cc2 . Chickens

hchickens chickens chickens. Chicken chicken, chickens chicken ch- icken

chicken chckens. Chicken chicken chicken chicken chicken c chicken chickens

chicken, chicken chickens chickenschicken

chickens hˆ Ei .

Chicken, chicken chicken, chicken chicken chicken

C(K) =nn

i=1i=1

(Ki) =2K(H )Ei i

2(2)

Chicken, chicken chicken chicken chicken chicken chicken chicken chickenchicken chicken chicken chicken. Chicken chicken chicken chicken chickenchicken chicken-chicken chicken chicken chicken. Chicken, chicken chickenchicken chicken chicken chicken chic- ken, chicken chicken chicken chicken.Chicken chicken, chicken chicken chicken chicken chicken chicken chickenchicken chicken chicken chicken chicken chicken, chicken chicken chicken

chicken.Chicken chicken chicken chicken, chicken chicken chicken chic- ken chickenchickens chicken chicken chicken chicken chicken ch- icken chicken chickenchicken chickens chicken chicken chicken chicken. Chicken chicken chickenchicken, chicken chickens chi- cken chicken chicken. Chicken chickenchicken chicken chicken, chicken chicken, chicken chicken chicken chicken,chicken chic- ken chicken chicken. Chicken, chicken chicken chickenchicken. Chicken chicken CCC chicken chickens chicken chicken, chickenchickens chicken chicken chicken chicken, chicken chicken chic- ken

chicken. Chicken chicken chicken chicken—chicken chicken

chicken chicken/chicken

chickens chickens,

chickens

chickens,

chickens,

chickens