DOCSLIB.ORG

Compromising Emanations

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Compromising Emanations ~tqw~ TEMPEST – Compromising Emanations Robin Lobel TEMPEST, also known as Van Eck Phreaking, is the art of turning involuntary emissions into compromising data. This mainly concerns electromagnetic waves, but it can also be applied to any kind of unwanted emanations induced by the inner workings of a device. The most common TEMPEST phenomena relate to CRT monitors. he fi rst studies concerning the phenom- enon of compromising electromagnetic What you will learn... T waves occurred in the 1950s. Through spying on encrypted Russian message trans- • you will gain enough knowledge to start building missions, the NSA discovered weak para- your own TEMPEST system. sitic rattlings in the carrying tone, which were emanated by the electricity of the encoding What you should know... machine. By building an appropriate device, it was possible to rebuild the plain text with- • you have to have some intermediate experience out having to decrypt the transmissions. with practical electronics, This phenomenon successively takes the • you should have at least basic knowledge of electromagnetic physics. names NAG1A, then FS222 in the 1960s, NACSIM5100 in the 70s and fi nally TEMPEST (an acronym for Transient Electromagnetic Pulse Emanation Standard, although such a name is also said to be untrue), beginning About the Author in the 1980s. Robin Lobel has conducted several IT research projects for years, including audio compression, In 1985 a Dutch scientist, Wim van Eck, pub- realtime image analysis, realtime 3D engines, etc. lished a report on the experiences that he had He studied the TEMPEST (Transient Electro- had since January 1983 in this fi eld. The report magnetic Pulse Emanation Standard) system Attack shows that such a system is creatable with lit- thoroughly in 2003 and was lucky enough to be tle means – however, it gives very little detail. In able to use a full laboratory to conduct these ex- 1986 and 1988, complementary reports were periments and succeed. He also enjoys composing published. In 1998, John Young – an American music and doing some 2D/3D artwork. He is cur- citizen – requested the NSA to publish declas- rently studying cinema arts in Paris. His web site: sifi ed information concerning the TEMPEST http://www.divideconcept.net. system. Seeing his request rejected, he ap- 36 www.hakin9.org hakin9 3/2005 ~tqw~ Compromising emanations Figure 2. A grid of pixels form a picture – the sharpness of the picture Figure 1. Red, green and blue mix depends on the pixel's density together to synthesise any colour uses electricity and that any elec- Acoustic information pealed and fi nally, in 1999, obtained tric potential induces an electro- Basically, the same possibilities as some documents which were largely magnetic fi eld proportional to the with optic emissions. However, the censored. Very little information is potential, we can then deduce back possibilities are less, because most available on this system; the majority the inner electric activity. This can of a computer system is silent and of the documents contain nothing but be applied to CRT display devices only the mechanical parts are sub- superfi cial information without giving and any unprotected cables or ject to acoustic production. There any details of a practical kind. wires. are quite a few applications for this kind of emission. A hardware keylog- So what is it? Optical ghosts ger based on acoustic events may be The principle of TEMPEST and Though being an electromagnetic a good example. its derivatives is to reconstruct wave, light doesn't have the same original data from ghost information. rules offering the same possibili- A ghost is a trace left by an object in its ties. Contrary to electromagnetic A particular study: environment. A defi nition of a ghost? emanations, the lights in a com- CRT monitor A footprint, heat, the smell of cooked puter system have specifi c roles, emanations food and even your own shadow. and are intentionally set to inform One of the most interesting emis- Such information is valuable to detec- the user about the system status. If sions in a computer comes from tives because this is the only basis you take a closer look at LEDs, they the display device, because its inner they have to reconstruct what actually respond to electric potentials too, activity clearly deals with important happened. There are three kinds of so any minimal fl uctuations in the information. Moreover, this device ghosts in the computer domain which system has an effect on LEDs and emits strong electromagnetic waves could help us retrieve data: electro- thus can be perceived with optical that are relatively easy to capture magnetic, optical and acoustic. sensors. However, this can only be and treat. helpful for specifi c events and in par- Electromagnetic emanations ticular conditions. What is more, the The way monitors work The most discreet and informative acquired information might not be of All colours can be broken down trace. Given that every computer great value. into three fundamental colours: red, green and blue (see Figure 1). It is possible – through the combination On the Net of these three colours – to recre- ate any colour, by varying these • http://upe.acm.jhu.edu/websites/Jon_Grover/page2.htm – a handful of basics on fundamental proportions. An image van Eck phreaking, • http://www.eskimo.com/~joelm/tempest.html – the complete but unoffi cial is considered a complex assem- TEMPEST information page, bly of colours through the use of • http://www.noradcorp.com/2tutor.htm – NoRad company's CRT Monitors as a a pattern of pixels (see Figure 2). Source of Electromagnetic Waves page, A pixel is a point composed of the • http://xtronics.com/kits/rcode.htm – resistor colour codes, three colours: red, green and blue. • http://web.telia.com/~u85920178/begin/opamp00.htm – operational amplifi er It is possible to recreate accurate explanation, images by increasing the density of • http://www.hut.fi /Misc/Electronics/circuits/vga2tv/vga2palntsc.html – Tomi Eng- pixels in a single area. The resolu- dahl's synchronisation signal converter. tion of an image is represented by x*y, with x being the number of pix- hakin9 3/2005 www.hakin9.org 37 ~tqw~ a frequency of 50–100 Hz; as the for a screen having a resolution of electrons pass through the fl uores- 800*600 with a refresh rate of 70 Hz, cent layer, it emits a light. This layer the changes of voltage can reach also becomes phosphorescent in a frequency of 800*600*70=34 that it continues to emit a light after MHz, that is to say 34,000,000 times its initial stimulation for approximate- a second). ly 10 to 20 ms. Its brightness is deter- mined by the debit of electrons, which Inductance phenomena is regulated by a Wehnelt (electronic Any difference of potential (that component). The beam then passes is, when an amount of electrical Figure 3. A beam of electrons through two bobbins (one to deter- tension gets higher or lower) in an produce the actual picture on the mine the vertical deviation, the other electrically conductive material screen, by exciting a phosphore- for the horizontal deviation, using produces an electromagnetic wave scent layer from left to right and top electromagnetic forces) to direct proportional to the potential: this is to bottom its trajectory, so that it scans the called inductance phenomena (see whole screen and can reconstruct Figure 4). This process involves a complete picture (see Figure 3). Maxwell equations, which describe The video signal passes through electromagnetic waves' behaviour. several channels (6 channels for However, it's not necessary to under- the video signal itself). Meaning, stand all the mathematical and the Red, Green and Blue channels physical rules behind this in order to as well as their respective masses; exploit the phenomena. 2 synchronisation channels for the The invert phenomena is also horizontal and vertical scanning and true: any electromagnetic wave the communal mass of synchronisa- meeting an electrically conductive tion signals. material will produce a difference of The synchronisation signals, potential proportional to the strength which indicate the passage to the of the wave. This is basically how LW following line or the return of the radio receptors works: the stronger Figure 4. A difference of potential beam to the beginning of the screen, the wave, the stronger the signal in a conductive cable generates an are simple differences of potentials received. electromagnetic wave of a few volts. They take place (for For an electromagnetic fi eld to be a screen of a resolution of 800*600 created, there must be differences of els horizontally and y the number of pixels with 70 Hz refresh) 70 times potentials: a constant voltage won't pixels vertically (examples: 640*480, a second for the vertical synchroni- produce any radio waves. In the 800*600, 1024*768, etc.) sation signals, and 600*70=42,000 same way, no signal can be received A monitor screen is composed of times a second for the horizontal if the magnetic fi eld is static (that's several modules. The fi rst one, the synchronisation signals. why dynamos need to be constantly cathode tube, is what reproduces Video signals are at a voltage in motion to produce electricity). the actual image. An electron beam of 0 V to 0.7 V, which defi nes the scans a fl uorescent layer at an brightness (the higher the voltage, Application to CRT monitors extremely high speed thereby creat- the brighter the pixel) at the point Before being projected in the form ing the image. The scanning goes where the scanning takes place of an electron beam, the video across the entire screen from left (this voltage is thus able to vary for signal is amplifi ed to a high voltage.
Load more

Recommended publications
  • Secure Physical System Design Leveraging Puf Technology
    SECURE PHYSICAL SYSTEM DESIGN LEVERAGING PUF TECHNOLOGY A Thesis Submitted to the Faculty of Purdue University by Samuel T. Kerr In Partial Fulfillment of the Requirements for the Degree of Master of Science May 2012 Purdue University West Lafayette, Indiana ii ACKNOWLEDGMENTS A lot of people have had an impact in my life, both academic and personal. I wish to thank all of you that have influenced it in a positive way. I would like to especially thank Professor Elisa Bertino. She took a risk on me as a freshmen and allowed me to get into research. I have greatly enjoyed learning and growing under her direction these past few years. Without such a great mentor, I don’t think I would be where I am today. Michael Kirkpatrick also deserves a lot of thanks. He helped guide some of my ini­ tial work with PUF devices, pointing out things I missed and helping me mature as a researcher. His lessons were invaluable, not only about the research topic themselves, but also about how research is done. Sypris Electronics and its staff were also an invaluable asset to have during my course of study as well. They funded many of the projects that I worked on as well as made engineers available to help me learn and move forward with my work. Finally, my parents deserve a special thanks. Without the wonderful upbringing and strong sense of values they instilled in me, none of this would have been possible. I love you Mom and Dad, thanks for pushing me. iii TABLE OF CONTENTS Page LIST OF TABLES :::::::::::::::::::::::::::::::: vi LIST OF FIGURES :::::::::::::::::::::::::::::::
    [Show full text]
  • The Cyber-Performative in Second Life
    The Cyber-Performative in Second Life by Meindert Nicholas van Orden B.A., University of Victoria, 2007 A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of MASTER OF ARTS in the Department of English, with a specialization in Cultural, Social, and Political Thought © Meindert Nicholas van Orden, 2010 University of Victoria All rights reserved. This thesis may not be reproduced in whole or in part, by photocopy or other means, without the permission of the author. ii The Cyber-Performative in Second Life by Meindert Nicholas van Orden B.A., University of Victoria, 2007 Supervisory Committee Dr. Evelyn Cobley, Supervisor (Department of English) Dr. Ray Siemens, Departmental Member (Department of English) Dr. Arthur Kroker, Outside Member (Department of Political Science) iii Supervisory Committee Dr. Evelyn Cobley, Supervisor (Department of English) Dr. Ray Siemens, Departmental Member (Department of English) Dr. Arthur Kroker, Outside Member (Department of Political Science) Abstract I argue that current descriptions of the ways that language and computer code effect change (are “performative”) oversimplify the effects that utterances made in and through virtual spaces have on the real world. Building on J.L. Austin’s speech-act theory and Jacques Derrida’s deconstruction of Austin’s notion of performative language, I develop the theory of cyber-performativity. Though Katherine Hayles argues that “code” is more strongly performative than the utterances Austin focused on, Hayles’ analysis is founded on her problematic distinction between the logical computational worldview and the slippery natural-languages worldview. Cyber-performative theory builds on Hayles’ argument by showing that computational processes are as uncertain as natural languages: like human languages, “code” might always signify more and other than is intended.
    [Show full text]
  • Several Compromising-Emanations Based Interception Techniques and Their Implications Paul Shotbolt, June 2003 [email protected]
    Several compromising-emanations based interception techniques and their implications Paul Shotbolt, June 2003 [email protected] Abstract Security models of computer systems have traditionally had little focus on some of the more unusual outputs associated with electronic equipment, such as electromagnetic emanations, and physical vibrations. In many cases these emanations may be detected and analysed and important data intercepted by a motivated attacker; yet only high-level government agencies and large corporations appear to be actively considering this problem. Historically, for a typical computer user with only moderately important data, these ‘compromising emanations’ appear to have been little problem. Government and industry entities are at a greater risk, and a small proportion have become aware of these threats and taken steps to neutralise them. However, the field of emission security (EMSEC) is growing and new types of attacks are being suggested, and the feasibility of mounting these attacks is changing also. If the cost to facilitate these attacks drops in future, they present a far more pressing threat, and this may necessitate the introduction of countermeasures even for low- to mid-end security systems. Introduction We live in an era where large numbers of people have become increasingly dependent on computers for myriad tasks, and consequently computers are being entrusted with increasing amounts of confidential data1. With the trends in recent years of powerful encryption [Pgp03] becoming more readily available to the public, attackers attempting to intercept this data are forced to explore new side-attacks2 because of the infeasibility of succeeding in a conventional attack against these ciphers.
    [Show full text]
  • Tilburg University Breaking and Remaking Law and Technology Dizon
    Tilburg University Breaking and remaking law and technology Dizon, Michael Publication date: 2016 Document Version Publisher's PDF, also known as Version of record Link to publication in Tilburg University Research Portal Citation for published version (APA): Dizon, M. (2016). Breaking and remaking law and technology: A socio-techno-legal study of hacking. [s.n.]. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. Download date: 27. sep. 2021 B REAKING AND R EMAKING L AW AND TECHNOL OGY A Socio-Techno-Legal Study of Hacking MICHAEL ANTHONY C. DIZON B REAKING AND R EMAKING L AW AND TECHNOL OGY A Socio-Techno-Legal Study of Hacking Proefschrift ter verkrijging van de graad van doctor aan Tilburg University op gezag van de rec- tor magnificus, prof.dr. E.H.L. Aarts, in het openbaar te verdedigen ten overstaan van een door het college voor promoties aangewezen commissie in de aula van de Universiteit op dinsdag 28 juni 2016 om 16.15 uur door MICHAEL ANTHONY CO DIZON geboren op 13 juni 1975 te Quezon City, Filipijnen Promotores: prof.dr.
    [Show full text]
  • Example of Pixel-Based Visual Cryptography in Detail
    Example of Pixel-based Visual Cryptography in Detail All that is not perfect down to the smallest detail is doomed to perish. Gustav Mahler 266 Example of Pixel-based Visual Cryptography Figure 1: Example: Pixel-based Visual Cryptography, Original Picture S. Pape, Authentication in Insecure Environments, DOI 10.1007/978-3-658-07116-5, © Springer Fachmedien Wiesbaden 2014 Example of Pixel-based Visual Cryptography 267 Figure 2: Example: Pixel-based Visual Cryptography, Transparency 1 268 Example of Pixel-based Visual Cryptography Figure 3: Example: Pixel-based Visual Cryptography, Transparency 2 Example of Pixel-based Visual Cryptography 269 Figure 4: Example: Pixel-based Visual Cryptography, Overlay Auxiliary Tables and Proofs Consistency is found in that work whose whole and detail are suitable to the occasion. It arises from circumstance, custom, and nature. Marcus Vitruvius Pollio 272 Auxiliary Tables and Proofs Lemmas ( )= − 2 n Lemma 11.1. The derivative of f n 1 n+1 is positive for all n>1. v v Proof. By applying the chain rule for df f(n)=du du + du dv dn du dn dv dn v v with u = 1 − 2 , v = n, du = vuv−1, and du = log(u)uv it follows: n+1 du dv − df 2 n 1 df 2 f(n)=n 1 − 1 − dn n + 1 dn n + 1 2 n 2 df + 1 − log 1 − (n) n + 1 n + 1 dn − 2 n 1 2 2 2 = 1 − n + 1 − log 1 − n + 1 (n + 1)2 n + 1 n + 1 2 n 2n n − 1 = 1 − + log n + 1 n2 − 1 n + 1 n Since for all n>1it holds that 1 − 2 >0it remains to show that T(n)= n+1 2n + n−1 >0 n = 2 T(2)= n2−1 log n+1 .
    [Show full text]
  • Emission Security and Side-Channel Attacks
    5/11/2017 Emission Security and Side-channel Attacks By Andrey Leshenko Comp Sec Seminar 2017 (With Orr Dunkelman) SWEATING PULSE “…I was at home, sleeping…” TEXT BLOOD PRESSURE BREATHING The Polygraph https://i0.wp.com/www.panelsonpages.com/wp-content/uploads/2013/12/polygraphmachine.jpg A Side-channel Attack • Any attack based on information gained from the physical implementation of a cryptosystem. http://evrikak.ru/wp-content/ uploads/2015/07/sheriff_okno1.jpg ???? ???? ??? ??? ?????? ?????? “PASSWORD INCORRECT” ???? INPUT/ ??? OUTPUT ?????? ???? ??? ???? ?????? ??? ?????? TIME CHANNEL Comparing Secret Keys char *key = “SECRET”; char *input = get_input(); memcmp(key, input, KEY_LEN) Likely Implementation (Simplified) int memcmp(char *a, char *b, int len) { for (int i = 0; i < len; i++) { if (a[i] != b[i]) return 1; } return 0; } Guessing the First Byte Time 4.5 4 3.5 3 2.5 2 1.5 1 0.5 0 Guessing the Second Byte Time 4.5 4 3.5 3 2.5 2 1.5 1 0.5 0 Timing Attacks 1. Timing depends on secret data 2. Attacker measures timing 3. Attacker recovers secret data OpenSSL Implementation (Simplified) int CRYPTO_memcmp(char *a, char *b, int len) { char bit_diff = 0; for (int i = 0; i < len; i++) { bit_diff |= a[i] ^ b[i]; } return bit_diff; } Examples • 2006: Recover AES-256 secret key of Linux’s dmcrypt in just 65 ms (Osvik, Shamir, Tromer) • 2013: “Lucky13” recovers plaintext of CBC-mode encryption in most TLS implementations (AlFardan, Paterson) • 2014: Attack against RSA-2048 in GnuPG 1.4.13: “On average, the attack is able to recover 96.7%
    [Show full text]
  • TEMPEST Fundamentals) Says That There Are Three Types of TEMPEST Signals; Red Baseband Signals, Modulated Spurious Carriers, and Impulsive Emanations
    Learn Security Online, Inc. © https://www.learnsecurityonline.com/ What is TEMPEST? Ok prepare to strap that tinfoil hat on two notches below excruciating; we’re going to talk about TEMPEST. What is TEMPEST? It’s defined in NSTISSI-7000 as: Electronic and electromechanical information-processing equipment can produce unintentional intelligence-bearing emanations, commonly known as TEMPEST. If intercepted and analyzed, these emanations may disclose information transmitted, received, handled, or otherwise processed by the equipment.1 and in NSTISSI 7003 (TEMPEST GLOSSARY) as: “A short name referring to investigations and studies of compromising emanations. It is often used synonymously for the term "compromising emanations"; e.g., TEMPEST tests, TEMPEST inspections.”2 Compromising Emanations (CE) are defined as: “Unintentional intelligence-bearing signals, which, if intercepted and analyzed, disclose the national security information transmitted, received, handled or otherwise processed by any information-processing equipment.”3 Clear as mud? What this means is that your computer, your computer monitor, your CAT5 cable going into your router from your computer, your coax cable into your cable modem, and even your power cord going into the wall can carry electronic and electromechanical signals distances away from your computer and could possibly be intercepted either off the wires or through the air. Ok, maybe one more notch on that hat. TEMPEST is said to stand for "Telecommunications Electronics Material Protected From Emanating Spurious Transmissions" but I also found; "Transient Emanations Protected From Emanating Spurious Transmissions", "Transient Electromagnetic Pulse Emanation Standard", "Telecommunications Emission Security Standards", and several similar variations on the theme but there is no official meaning for TEMPEST it is more the name of the phenomenon rather than an acronym.
    [Show full text]
  • Victor Ansart Comp116 Final Paper
    An Analysis of Emissions from Electronic Devices 12/17/13 By Victor Ansart Mentor: Ming Chow Intro to Computer Security Class Tufts University [email protected] Abstract When an electrical current goes though a wire, it causes an electromagnetic field around that wire. This means that any electronic device is broadcasting the signals going through it. In the early 1960’s, agents from the NSA tried to exploit this electric property and attempted to eavesdrop on communications. Later, through Van Eck phreaking, it became possible to recover the image from a CRT monitor from a distance. The high voltage and frequencies used in CRT monitors made it “easy” to recover the signal. However, it was showed in 2004 that signals from conventional LCD displays could also be recovered. Signals from electronic keyboards have also captured. However eavesdropping on electromagnetic emissions does not only extend to monitors and keyboards; every electronic device can be listened to by tuning in to the correct frequency. Today, ultra-cheap software defined radios (SDR) (radios that can tune to a very wide frequency range J and output the raw signal to software for analysis) can be used to listen to various signals from electronic devices. Melissa Elliott from Veracode conducted a presentation at Defcon this summer where she discussed how she used an SDR to tap into various communications. The fact that a $10 radio can be purchased to tap into potentially very private communications is astounding and deserves more research into. 1 1 Introduction: One of the first things that electrical engineers learn is that when a current flows through a conductor, it creates an electromagnetic field.
    [Show full text]
  • Physical Considerations for Designing Secure Networks
    Economy Informatics, 1-4/2004 69 Physical Considerations for Designing Secure Networks Senior Lecturer Răzvan Daniel ZOTA, Ph.D. E-mail: [email protected] During the past ten years or so networks’ vulnerabilities has increased continuously; the need for designing more and more secure networks it is a must in the present. One common secu- rity truism is that if you have physical access to a box, „all bets are off”. If an attacker has physical access to any networking device, like a computer, switch, router, firewall and so on, the security options are considerably reduced. The purpose of this article is to present design considerations for secure networks at the physical level. Keywords: Networking, Security, Security design, Physical Access, Distributed systems, Net- work security. Introduction Lock-and-key access 1 It is well known that if an attacker gain Key card access physical access to a networking device, this Key card access with turnstile fact may compromise dramatically the secu- Lock-and-Key Access rity options. Networking devices, with few The most common physical security control, exceptions, can have their passwords reset by particularly in smaller organizations, is tradi- attaching to their console port. Hosts can be tional lock-and-key access. For this method, booted with a special floppy disk or CD- individuals who need access to certain rooms ROM designed to circumvent most host se- or buildings are given keys for access. This curity on the device. The article do not cover option has the following benefits: physical security in detail and topics like site Generally, this is the cheapest option for selection or disaster recovery are not dis- small organizations.
    [Show full text]
  • The Role of COTS Products for High Security Systems
    2012 4th International Conference on Cyber Confl ict Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profi t or non-commercial C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) purposes is granted providing that copies bear this notice and a full citation on the 2012 © NATO CCD COE Publications, Tallinn first page. Any other reproduction or transmission requires prior written permission by NATO CCD COE. The Role of COTS Products for High Security Systems Robert Koch Gabi Dreo Rodosek Institut für Technische Informatik Institut für Technische Informatik Universität der Bundeswehr Universität der Bundeswehr Neubiberg, Germany Neubiberg, Germany [email protected] [email protected] Abstract: Today, economic pressures and decreasing military budgets enforce a revision of armament projects. While comprehensive and cost-intense equipment acquisitions could be realised during the Cold War, overextension and global economic crisis forced the abatement of projects and broad cutbacks of the residual undertakings. Based on this, one of the most important tendencies of the last few years is the intense use of commercial off-the-shelf products (COTS) and master agreements with the industry. In contrast to past armament projects, the necessary hardware and software is no longer designed with respect to special military requirements, but products already available on the market are used wherever applicable. The increasing use of COTS products in all areas of armament is a matter of special importance, opening tenuous points of attack. By that, the number of important security incidents has grown larger in the past few years even with more and improved security mechanisms like fi rewalls and Intrusion Prevention Systems in place.
    [Show full text]
  • Electromagnetic Eavesdropping Machines for Christmas?
    Computers and Security, Vol. 7, No. 4 Electromagnetic Eavesdropping Machines for Christmas? Almost 3 years ago we published "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk by Wim van Eck of the Netherlands PTT. In Volume 4, Number 4 of Computers & Security in December 1985, van Eck stated in his abstract "This paper describes the results of research into the possibility of eavesdropping on video display units, by picking up and decoding the electromagnetic interference produced by this type of equipment. During the research project, which started in January 1983, it became more and more clear that this type of information theft can be committed very easily using a normal TV receiver." In June 1986 and again in September of that year we published supplementary reports about van Eck's "phenomenon, " as it was labeled by the popular press. We reported a conversation with an individual who purchased an RCA model AXR122 and within limits was able to replicate van Eck's work. That television set had a voltage-controlled oscillator (VCO) with no detents (stops between channels and no fine tuning). Information about this type of eavesdropping has been classified for about 20 years. The Tempest (Transient ElectroMagnetic Pulse Emanation STandard) project has been a joint research and development effort of the U. S. National Security Agency (NSA) and the Department of Defense (DoD). Even the program's name had been classified for most of that period. Although reported widely by the press throughout Europe in 1985 and covered by the BBC in two broadcasts as well as CBC radio, the topic faded from the press.
    [Show full text]
  • SIDE CHANNELS ENABLED by SMARTPHONE INTERACTION Adam J. Aviv
    SIDE CHANNELS ENABLED BY SMARTPHONE INTERACTION Adam J. Aviv A DISSERTATION in Computer and Information Science Presented to the Faculties of the University of Pennsylvania in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy 2012 Jonathan M. Smith and Matt Blaze Supervisors of Dissertation Jianbo Shi Graduate Group Chairperson Dissertation Committee Boon Thau Loo, Assistant Professor of Computer and Information Science Milo Martin, Associate Professor of Computer and Information Science Steve Zdancewic, Associate Professor of Computer and Information Science Patrick McDaniel, Professor of Computer Sicence and Engineering, Pennsylvania State University ABSTRACT SIDE CHANNELS ENABLED BY SMARTPHONE INTERACTION Adam J. Aviv Supervisors: Jonathan M. Smith and Matt Blaze As smartphones become ever more present and interwoven into the daily comput- ing of individuals, a broader perspective of the differences between computer secu- rity and smartphone security must be considered. As a general purpose computer, smartphones inherently suffer from all the same computer security issues as tradi- tional computers; however, there exists fundamental differences between smartphones and traditional computing in how we interact with smartphones via the touchscreen. Smartphones interaction is physical, hand-held, and tactile, and this thesis shows how this interaction leads to novel side channels. This is demonstrated through the study of two side channels: One based on exter- nal smartphone observations via photographic and forensic evidence, and the other based on internal smartphone observations via the smartphone's on-board sensors. First, we demonstrate a smudge attack, a side channel resulting from oily residues remaining on the touch screen surface post user input. We show that these external observations can reveal users' Android password patterns, and we show that prop- erties of the Android password pattern, in particular, render it susceptible to this attack.
    [Show full text]