1 / 40

Seizing the Signals

Seizing the Signals. Reading List. This class Denning Chapters 7 Federation of American Scientists, Intelligence Resource Program, http://www.fas.org/irp/index.html

jui
Download Presentation

Seizing the Signals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Seizing the Signals

  2. Reading List • This class • Denning Chapters 7 • Federation of American Scientists, Intelligence Resource Program, http://www.fas.org/irp/index.html • Legal Standards for the Intelligence Community in Conducting Electronic Surveillance, Report was required by the FY 2000 Intelligence Authorization Act, and was transmitted to Congress at the end of February 2000, http://www.fas.org/irp/nsa/standards.html • Introduction to TEMPEST, The Complete and unofficial TEMPEST Information Place http://www.eskimo.com/~joelm/tempestintro.html • NSA, TEMPEST endorsement program, http://www.nsa.gov/ia/industry/tempest.cfm

  3. Signal Intelligence (SIGINT) • Operations that involves • interception • analysis of signals across electromagnetic spectrum. • Intelligence report, criminal investigations, employee monitoring • Digital signal processing • Communication intelligence (COMINT) • Electronic intelligence (ELINT) • Imagery intelligence (IMINT)

  4. Domestic Surveillance • Surveillance of own citizens • Legislations • Circumstances permitting surveillance • Limits • Amount and kind of surveillance • U.S.: Constitutional law • Fourth Amendment: prohibition against unreasonable searches and seizures (e.g., wiretap)

  5. Foreign Intelligence Intercepts • National Security Agency • Monitor everything (microwave, satellite, phone, etc.) • Information about allies and enemies • Disallowed to spy on U.S. citizens • NSA’s “ears” cover the globe • Political and military intelligence (nuclear weapons, chemical warfare, etc.) • Government trade secrets and economical information • Terrorist activities

  6. Echelon • An automated, global interception and relay system • Purpose: Surveillance of non-military targets (e.g., government, organizations, businesses) • Five nations alliance: • Primary partners: U.S. and U.K. • Junior partners: New Zealand, Canada, Australia

  7. Echelon • U.S. - National Security Agency • U.K. - Government Communications Headquarters (GCHQ) • Canada - Communications Security Establishment (CSE) • Australia - Defence Signals Directorate (DSD) • New Zealand - Government Communications Security Bureau (GCSB)

  8. Echelon • Goal: • intercept large quantities of communication • Analyze (semi-automated) gathered data • Identify and extract messages of interest • What messages are retained? • Key words – categories • Human verification • Who has access to them?

  9. History • WWII: informal agreement regarding intelligence gathering between the U.S. and U.K. • 1943, May 17: U.K. and U.S. – BRUSA COMINT • U.S. Army’ SIGINT Agency, British Code and Cipher School • 1946-47: Commonwealth SIGINT (UK, Canada, Australia and New Zealand) • 1988: Duncan Campbell, an English Journalist, published a report on Echelon (1976: “The Eavesdroppers”) • 1996: Nicky Hager’s book, New Zealand journalist, “Secret Power: New Zealand’s role in International Spy Network” • 2000: Echelon is investigated by news, government councils, civil liberty groups, etc.

  10. Use of Intelligence • National security • 1962: Discovery of Missile sites in Cuba • 1995: Capture of Achille Lauro terrorists • Government and military intelligence • 1983: M. Frost: Prime Minister Margaret Thatcher used Echelon to spy on the two ministers (http://news.bbc.co.uk/1/hi/uk_politics/655996.stm ) • Economic intelligence • Boeing vs. Airbus • D. Campbell: US companies gain an edge over the European companies

  11. The Positive Aspects • Increased national security • Preventive measures • Global effects • Global commerce • Communication infrastructure

  12. Negative Aspects • Global balance • Privacy issues • Misuse • Law • Error of analysis • Large amount of data • Sophistication of analysis • Use of results

  13. Other Surveillance Issues

  14. Recipient Sender Eavesdropping Tools: microphone receivers, Tape recorder, phone “bugs”, scanners, Radio receivers, satellite receivers, spy satellites, Network sniffing, etc.

  15. Computer CommunicationsTCP/IP Protocol Stack Application Layer • Each layer interacts with • neighboring layers above • and below • Each layer can be defined • independently • Complexity of the networkingis hidden from the application Transport Layer Internetwork Layer Network Access Layer At what layer should we support security?

  16. Security Needs • Basic servicesthat need to be implemented: • Key management • Confidentiality • Nonrepudiation • Integrity/authentication • Authorization

  17. Network Access Layer Security • Dedicated link between hosts/routers  hardware devices for encryption • Advantages: • Speed • Disadvantages: • Not scalable • Works well only on dedicates links • Two hardware devices need to be physically connected

  18. Internetwork Layer Security • IP Security (IPSec) • Advantages: • Overhead involved with key negotiation decreases <-- multiple protocols can share the same key management infrastructure • Ability to build VPN and intranet • Disadvantages: • Difficult to handle low granularity security, e.g., nonrepudation, user-based security,

  19. Transport Layer Security • Advantages: • Does not require enhancement to each application • Disadvantages: • Difficult to obtain user context • Implemented on an end system • Protocol specific  implemented for each protocol

  20. Application Layer Security • Advantages: • Executing in the context of the user --> easy access to user’s credentials • Complete access to data --> easier to ensure nonrepudation • Application can be extended to provide security (do not depend on the operating system) • Application understand data --> fine tune security • Disadvantages: • Implemented in end hosts • Security mechanisms have to be implemented for each application --> • expensive • greated probability of making mistake

  21. Passive Attack • Access to confidential data and traffic pattern • Privacy rights • U.S. federal wiretap law • Illegal for an individual to eavesdrop intentionally on wire, oral or electronic communications • Home usage? Bug your phone? Hidden recorders? • Company monitoring? Computer vs. telephone? • Eavesdropping device: manufacture, sale, possess, advertise • Legal/illegal

  22. Message Deciphers • Available encryption technology • Cryptanalysis • Technology • Brute force attack • Other means • Spy, social engineering, eavesdropping, keystroke monitoring, hacking, etc. • Release information  give our capabilities • National defense, tactical, ethical, etc.?

  23. Surveillance Difficulties • New Technologies • 1994: U.S. Congress: Communication Assistance or Law Enforcement Act (digital telephony bill” • Encryption • Data authenticity and integrity

  24. TEMPEST

  25. TEMPEST • U.S. government code : classified set of standards for limiting electric and magnetic radiation emanations from electronic equipments. • Investigations and studies of compromising emanations.

  26. Compromising Emanations • Unintentional intelligence-bearing signals that if intercepted and analyzed can disclose classified information. • Intercepted when transmitted, handled, or processed • Tempest equipment: remotely mirror what is being done on a remote device, e.g., video monitor, cable wire, processing unit, etc.

  27. Unintentional Emanations • Normal operation of system • Deliberate or accidental exposure to unusual environment • Software induced Security Considerations: • Traditional • Unauthorized access to the system – requires knowledge about the system, applications, configuration, can be detected, limited time frame, etc. • Upcoming • Exploitation of compromising signals

  28. TEMPEST History • U.S. government concern about capture and reconstruction of emanations from high-security devices used to process, transmit, store sensitive data • 1950s: Introduce standards to limit “leakage” – NAG1A • 1960s: revise NAG1A to FS222 and FS222A • 1970s: revise standards – National Communications Security Information memorandum 5100 (NACSIM) • 1974: revise NACSIM 5100 • 1981: National Communications Security Committee Directive 4. – MACSIM 5100A (classified) • 1984: National Communications Security Instructions – NACSI 5400 (secret) • 1984: National Security Directive 145. by NSA • NSA: Tempest: a signal problem, (http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf • NSA: History of US Communications security, http://www.nsa.gov/public_info/_files/cryptologic_histories/history_comsec.pdf

  29. Military application • WWI Enemy communications • German army eavesdropped on enemy communication while already implementing protection measures against the same attacks against German communications • 1960: MI5 tempest attack on cipher machines • Limited publications

  30. Non-military Application • 1966: open publication on the risk of tempest attacks • 19821984: Swedish government publication on the business risk of tempest attacks • 1985: van ECK – screen content disclosure • 1985: Bank ATM – card info and PIN • 1990: tamper resistant hardware – smart card

  31. Electromagnetic Emissions • Simplest form of electromagnetic fields: transmission and distribution lines, wall socket power: steady 60 hertz (U.S.), sinusoidal wave • Electric devices: alter characteristics of electromagnetic waves (frequency, power level, wave form) • E.g., wave forms: sinusoidal, sawtooth, spike, square • Capture and interpret: complex waves can be captured, interpreted, and replayed on similar device to create exact replica of the original device • Field strength • Reduced with the distance from the electric device • Depends on the emanating device, e.g., type of screen, CPU,

  32. COMSEC • Four main parts: • Physical security  • Emission security • Transmission security  • Cryptographic security  • Red equipment: handles plain text information with national security value • Black equipment: protected (encrypted) information • Unintentional emission: from Red systems

  33. TEMPEST Attack • Requires: • High level of expertise and equipment to decode captured waves • Proximity to the target • Long collection time • Processing device: $5,000-$250,000

  34. Tempest Protection • Physical separation • Exclude unauthorized individuals from areas near the source of emanation • Electromagnetic separation • Shielding, filtering, etc. to remove the leak • Signal level minimization • Lowest feasible power-level use

  35. Red machines are together in single, minimal size area Reduce potential cross coupling Physical Separation

  36. TEMPEST Shielding • NSA specifications • Ferrites, other frequency interference products • Shield equipment, cables, room, building, etc. • NSA standards, endorsed devices and contractors • Expensive – TEMPEST protected PC about double the price • Shielding and distance together

  37. Threat-Based System • Reduce the cost of TEMPEST efforts • Evaluation: sensitivity of information, risk of TEMPEST attack, etc. • Personnel control: physical control, unauthorized access • Compartmentalization: each sensitivity level is isolated from the others • Physical control of emanation: shield, power, noise, etc.

  38. Tempest Procedures • Government and organizational restrictions • Products, installation, maintenance • Reporting needs • Certified TEMPEST technical authority (CTTA)

  39. Need for TEMPEST • Little public data on TEMPEST cases • Government focus and funding • National security intelligence • Economic espionage • Decoding device: hard to obtain • Bandwidth of human intelligence vs. TEMPEST • TEMPEST threat within U.S. – minimal??

  40. Eavesdropping from Computer Displays • Markus Kuhn, University of Cambridge, Computer Laboratory, 2003 • Cathode-ray tube (CRT) • Liquid-crystal monitor (LCM) • Video signals • Optical eavesdropping

More Related