TRANSEC/EMSEC/

TEMPEST
Artur Zak
CS 996 – Information Security
Management
March 30, 2005
Overview
 Definitions
 History
 EMSEC
 TRANSSEC
 TEMPEST
 POSA Example
 Homework
Definitions
 EMSEC - Emission Security
 Preventing a system from being attacked using conducted or
radiated electromagnetic signals
 TRANSSEC - Transmission Security
 Preventing data from being attacked or intercepted during the
transmission.
 TEMPEST – Transient Electromagnetic Pulse
Emanation Standard
 Government codeword that identifies a classified set of
standards for limiting electric or electromagnetic radiation.
History
 1884 – Crosstalk
 Two-wire circuits stacked on tiers of crosstrees on
supporting poles.
 Solution – twisted pair cables.
 1914 – compromising emanations in warfare.
 Earth
leakage caused a lot crosstalk including
messages from the enemy.
 Solution – abolish earth-return circuits within 3,000 yeards of
the front.
History
 1960’s – TV detector vans.
 British authorities checking who has a TV at
home.

 1990’s – Crypto keys in smartcards.

 Recover the crypto key by analysis of the
current drawn by the card.
EMSEC – Emission Security
 All electric and electronic devices radiate
emanations during operation.
 Radiated signals may carry actual information.
 Attacker may want to capture the radiated
signals and recreate some or all of the original
information.
 User being attacted will never know that someone
intercepted any signals and recreated useful data
from it.
EMSEC - Vulnerabilities
 Leakage through RF signals.
 Emanations from signal cables.
 Keyboard key presses can be picked up at up to 100 yards.
 Leakage to power lines.
 Power circuits pick up RF signals and conduct them to
neighboring buildings.
 TV and computer screen radiation.
 Sound.
 Power Analysis.
 Smartcard.
 EEPROM.
EMSEC – Passive Attacks
 Passive Attacks – using electromagnetic signals
present to gain information.
 Wardriving.
 Set up equipment in a car and capture the emitted signals
hoping to recover valuable information.
 Electromagnetic Eavesdropping
 Attack against Automatic Teller Machines.
 Toys
 Furby toys remember and randomly repeat things they hear.
EMSEC – Active Attacks
 Active Attacks.
 Bugs
 Radio Microphones.

 TEMPEST Viruses
 Using computer to play a tune, turning it into low-grade radio
transmitter.
 Nonstop
 Using Phones near transmitters can cause to data to be
modulated by the phone and transmitted.
 Glitching
 Used to attack smartcards, but inducing a useful error.
EMSEC – Countermeasures
 Attenuation – opposite of amplification. Reduce
the signal strength during transmission.
 Decreases radiation perimeter. Attacker needs to get
closer to the source.
 Risks being caught by the authorities.
 Banding – restricting the information to be in a
specific band of frequencies.
 Attackerhas to first find out which band of
frequencies to scan.
 If in a wrong band, only partial messages can be recovered.
EMSEC - Countermeasures
 Shielding – Equipment or Buildings shielded to prevent
radiation from leaking from inside to outside or vice-
versa.
 Wardriving attack no longer a problem.
 May help against leakage.
 Zone of Control (Zoning) – most sensitive equipment is
kept in the rooms furthest from the faciliti’s perimeter,
and shielding is reserved for the most sensitive systems.
 May stop wardriving if attacker is not able to penetrate the
perimiter of the facility.
EMSEC - Countermeasures
 Cabling Filtered Power
 Filters cable and power supply noise.
 Suppresses the conducted leakage.
 Soft Tempest
 Applied to commercial sector
 Software techniques to filter, mask, or render
incomprehensible information bearing
electromagnetic emanations from a computer
system.
TRANSSEC – Transmission
Security
 Information needs to be shared.
 Must be transmitted over long distances.
 Attacker may want to intercept the
information while in transit.
TRANSSEC - Vulnerabilities
 RF Fingerprinting
 Identifying RF device based on the frequency
behavior.
 Radio Direction Finding (RDF)
 Triangulatingthe signal of interest using directional
antennas at two monitoring stations.
 Traffic Analysis
 Signals collection
 Collectingdifferent signals and extracting information
from them.
TRANSSEC - Attacks
 Eavesdropping
 Listening on voice conversations.
 Covert Channels
 Mechanism that though now designed for communication can
nonetheless be abused to allow information to be communicated
down from High to Low.
 Sniffing
 Monitoring the traffic.
 Jamming.
 Noise insertion
 Active Deception
TRANSSEC – Defenses
 Low Probability of Detection (LPD)
 Techniques used to make it hard for the attacker to
detect presence of the signal.
 Directional Signaling
 Line of Sight transmission
 Low Probability of Interception (LPI)
 Techniques used to make it hard for attackers to
intercept the signals.
 Frequency hoppers
 Spread spectrum
 Burst transmission
TRANSSEC - Defenses
 Burst Transmission – send data in short bursts
instead of continuous transmission.
 Employed by spies during WW II.
 Attacker never knows when the data is sent.
 Directional signaling – send signals in a specific
direction instead of broadcast in all directions.
 Attacker has to first find out in which direction the
signal is transmitted.
 Requires more complicated equipment to identify the source
of transmission.
TRANSSEC - Defenses
 Frequency Hopping – during transmission hop from
frequency to frequency with predefined pseudorandom
sequence.
 The receiver know the same sequence, therefore it knows which
frequency to tune in.
 Attacker must know the exact sequence to be able to capture the
message.
 Used in 2G and 3G cell phones.
 Line of Sight – Used for short distance transmissions.
 Optical transmission.
 IR transmission.
 Attacker needs to be in plain view, risking being exposed.
TRANSSEC - Defenses
 Spread Spectrum
 Combine information-bearing sequence by a
higher-rate pseudorandom sequence.
 Makes it hard to intercept.
 Used in CDMA and GSM phones.
TEMPEST
 Employing some of the defenses may not
be enough to secure entire system.
 Attackers may find a loophole, and break
into a system.
 Standards are needed to make sure that
the system is secured enough from both
emanations and during transmission.
TEMPEST
 Government standard defining how to make
government systems secured from an attacker.
 Employs both EMSEC and TRASNSSEC techniques
to limit the emanations from electronic equipment.
 Applies Strictly to classified facilities.
 Individual electronic equipment.
 Rooms in buildings.
 Entire buildings
 Classified until 1995.
 After 1995 only basic information declassified.
TEMPEST Red/Black Separation

 Maintain distance or install shielding

between circuits and equipment used to
handle classified or sensitive information.

 RED -> classified or sensitive information.

 BLACK -> normal unsecured equipment.
 Includes equipment carrying encrypted signal.
TEMPEST Red/Black Separation

 Manufacture must be done under careful quality

control.
 Ensures that additional units are built exactly the
same as the units that were tested.
 Changing even a single wire can invalidate the tests.
Maintenance and Disposition of
TEMPEST Equipment
 Guidelines provided by National Security
Telecommunications and Information
Systems Security Advisory Memorandum
(NSTISSAM).
 Applicableto all departments and agencies of
the U.S. Government that use, maintain, or
make disposition of TEMPEST equipment.
Installation Requirements
 All equipment must meet the requirements
of NSTISSAM.
 All must be installed in accordance with
Red/Black separation criteria.
 Local TEMPEST Manager must oversee
the process.
 Coordinate
and document all accreditation
documents resulting from the installation.
TEMPEST Procedures
 TEMPEST Endorsement Program.
 Establishes guidelines for vendors to
manufacture, produce, and maintain endorsed
equipment.
 Vendor must provide life cycle support for its
customers to ensure continued TEMPEST
integrity of the product.
 Support detailed in TEP’s TSRD No. 88-9B,
dated 8 March 1991.
TEMPEST Program Development
 Guidelines for development of a maintenance and
disposition program:
 Consider the addition cost of the program.
 Ensure that data resident on the equipment is not compromised
during the maintenance/disposition process.
 Keep a log of maintenance action for all TEMPEST equipment
 Date of maintenance.
 Action taken.
 Technician name.
 Equipment model and serial number.
TEMPEST Disposition Procedures
 Use approved purging software to overwrite hard drives.
 Maintain a log of the model and serial number of all equipment
disposed/destroyed.
 Destruction of TEMPEST equipment no longer required is
recommended if transfer to another U.S. Government
department/agency is impractical.
 Serial numbers and any classified markings must be removed.
 The equipment will be broken into pieces of such a nature as to
preclude restoration.
 A destruction certificate will be prepared and signed by the witnessing
individual.
 All residue will be returned as scrap metal to the Defense Reutilization
Management Office.
TEMPEST Accreditation
 TEMPEST Countermeasures Review
 Recommended countermeasures are threat driven,
and based on risk management principles.
 Each site must be separately evaluated and
inspected.
 Sites cannot be approved automatically by being inside an
inspectable space.
 Certification must apply to entire system.
 Connecting a single unshielded component compromises the
entire system.
Is TEMPEST necessary?
 Two schools of thought:
 Yes: Without TEMPEST information security
is compromised.

 No: TEMPEST is a waste of resources, time,

and money
Need for TEMPEST
 “The fact that electronic equipment give off
electromagnetic emanations has long been a
concern of the US Government. An attacker
using off-the-shelf equipment can monitor and
retrieve classified or sensitive information as it is
being processed without the user being aware
that a loss is occurring” – 1994 Joint Secretary
Commission report to the Secretary of Defense
and Director of Central Intelligence.
Need for TEMPEST
 “Foreign governments continually engage
in attacks against U.S. secure
communications and information
processing facilities for the sole purpose of
exploring compromising emanations” –
Navy manual that discusses compromising
emanations.
No need for TEMPEST
 1991 -> CIA Inspector General report to an
Intelligence Community.
 Millions of dollars spent on protecting a
vulnerability that had low probability of
exploitation.
 Review the TEMPEST requirements based on
threat
 Recommended to reduce TEMPEST requirements.
Examples
 British MI5 monitoring French traffic noticed
enciphered traffic carried a faint secondary
signal.
 Replica of Great Seal of the United States
presented to U.S. ambassador in Moscow in
1946. 1952 problem discovered with the gift.
 A new U.S. embassy in Moscow had to be
abandoned after large numbers of microphones
were found in the structure.
TEMPEST Incidents
 No TEMPEST incidents coverage in the press.
 Business and Government do not admit to any
kind of security breaches achieved because lack
of TEMPEST security.
 Don’t want to admit to the public of security breach.
 Don’t know that data was compromised, since
Passive attacks are not easily detectable.
Business Side of TEMPEST
 TEMPEST industry is over a billion dollar a year
business.
 Indicates that there are variable threats, and
organizations take protective measures.
 TEMPEST certified equipment is often twice as
expensive as regular equipment of similar
performance.
 U.S. Government Shields entire buildings to
prevent any emanations to leak outside of
allowed perimeter.
POSA Example
4 Sale & user information
CFAC 8 Complete transaction
5 Y/N

1 Sale information
7 Complete Trans.
POSA

2 Display 3 User CC
6 Y/N
Register Sale Info information

USER
Homework
 Perform EMSEC/TRANSSEC risk analysis
on GTS system.
 Identifythe emanation and transmission
vulnerabilities.
 Make recommendations as to which
countermeasures should be used to eliminate
the threat.