Electromagnetic Radiation from VDUs: An Eavesdropping Risk? Paul Shotbolt 2529311 Article in “Computers and Security” Volume 4. Number 4.by Wim van Eck.

Slides:

Advertisements

Similar presentations

Computer Security CIS326 Dr Rachel Shipsey.

Advertisements

Tempest Emanations Jacklyn Truong University of Tulsa April 16, 2013.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

Direct Attacks on Computational Devices

Computer Security Workshops Security Introduction, Central Principles and Concepts.

Lecture 1: Overview modified from slides of Lawrie Brown.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

CPE 5002 Network security. Look at the surroundings before you leap.

Applied Cryptography for Network Security

Additional questions about Conducted and Wireless Media School of Business Eastern Illinois University.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Session 3 – Information Security Policies

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 40 – Displays and Resolution.

1 CCTV SYSTEMS CCTV MONITORS. 2 CCTV SYSTEMS A monitor simply allows remote viewing of cameras in a CCTV system from a control room or other location.

Seeing-Is-Believing: using camera phones for human-verifiable authentication Jonathan M. McCune, Adrian Perrig and Michael K. Reiter Int. J. Security and.

Standard Grade Computing COMPUTER STUDIES Standard Grade OUTPUT DEVICES Chapter 17.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Describe ethical considerations resulting from technological advances.

Security Fundamentals Group TEMPEST Security Hidema Tanaka.

1.1 Chapter 1 Introduction Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Cryptography and Network Security

Technician License Course Chapter 2 Radio and Electronics Fundamentals Equipment Definitions Hour-1.

2. Marketing planning After carefully studying this chapter, you should be able to: Explain why information is important to management; Explain marketing’s.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.

Computer Security: Principles and Practice

Side Channel Attacks through Acoustic Emanations

Security in Computing Chapter 12, Cryptography Explained Part 7 Summary created by Kirk Scott 1.

The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.

Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service.

EMISSIONS SECURITY Elizabeth Eykman Supervisors:Stephen Gould & Matt Barrie.

Video Monitor CRT: Cathode Ray Tube

Business Ethics. What is Ethics? Ethics: A set of moral principles, especially ones relating to or affirming a specified group, field, or form of conduct;

Network security Network security. Look at the surroundings before you leap.

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

Monitors and Sound Systems Section 3A. Objectives List the two most commonly used types of computer monitors. Explain how a CRT monitor displays images.

Planned Public Relations

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Information Security What is Information Security?

Why Businesses Fail & How To Avoid It  Recognizing the Warning Signals  Analyzing Your Critical Risks.

COEN 350 Network Security Introduction. Computer Networks OSI Reference Model Application Layer Presentation Layer Session Layer Transport Layer Network.

Review of: All You Can Eat or Breaking a Real-World Contactless Payment System Timo Kasper, Michael Silbermann, and Christof Paar Financial Cryptography.

James McQuillen. Data protection Act 1998 The main aim of it is to protect people's fundamental rights and freedom to a particular right to privacy of.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Briefly explain the problems, dangers and preventative measures employees/employers need to take to prevent injury or injuring others who use ICT equipment.

Writing Proposals Nayda G. Santiago Capstone CpE Jan 26, 2009.

TEMPEST AND ECHELON BY – Y.SRUTHI.  TEMPEST and ECHELON are the method of spying in a sophisticated manner.  Both technologies are a part of secret.

Communications security

Security Vulnerability Identification and Reduction Linda Cornwal, JRA1, Brno 20 th June 2005

Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? Wim van Eck Computers & Security 4 ( 1985 ) Elsevier Science Publishers B.V.

BY: NICK DOWNER TEMPEST EMISSIONS. OVERVIEW What are tempest emissions? Detecting tempest emissions Security concerns How to protect against leakage.

1 Saltzer [1974] and later Saltzer and Schroeder [1975] list the following principles of the design of secure protection systems, which are still valid:

Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 1: Why Study Information Security?

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Additional questions about Conducted and Wireless Media

Scrutiny of RIAs Problem Definition and Objectives

COEN 350 Network Security Introduction.

Information and Network Security

Computer Security CIS326 Dr Rachel Shipsey.

unit 15 words & Definitions

Team name Team members Problem solved? Answer here …

Fiber Optic Transmission

Cryptography and Network Security

Computer Security CIS326 Dr Rachel Shipsey.

Presentation transcript:

Electromagnetic Radiation from VDUs: An Eavesdropping Risk? Paul Shotbolt Article in “Computers and Security” Volume 4. Number 4.by Wim van Eck (December 1985)

n Van Eck discusses briefly u the technology required to reconstruct images from the EM signals produced by Video Display units, u the ease at which this eavesdropping can be performed, u and some possible countermeasures

n All electronic equipment gives off electromagnetic (EM) signals. With the appropriate equipment, confidential data may be intercepted by analysis of these signals

n Appreciative F Van Eck does not just examine possibility, but feasibility throughout the article. He stresses the low cost of the eavesdropping equipment on several occasions (around 200 USD), and the much higher costs of the countermeasures.

n Critical F Much of the article assumes that emissions from the electron beam, containing the amplified video signal, is the only signal being attacked, as it is the ‘dominant signal’ from a CRT display. Quick dismissal of compromising the other signals emitted by the system No consideration of which signals are protected when describing countermeasures

n Critical u yet van Eck mentions shielded cabling, etc in the countermeasures section. Cabling is shielded to help prevent interference. u If emissions from the cabling can be intercepted (they can) then the video signal may not be the only EM emission causing security risks. u LCD Screens: A reader could be mislead into thinking they are not at risk.

n Critical u Much of the information is incomplete. F Van Eck omits some quite important specific technical details in the article F names & specs of parts, tuning, resynchronisation F deals with monochrome VDUs only, ignoring other monitors (eg EGA 1984). F Also, an author, John J. Williams (Consumertronics) pointed out that ‘half the information on the screen may be lost … due to the interlaced buildup’, and this was not mentioned

u But these omissions were explained: F "the publication of the work carried out at the laboratories on this topic is intended to make people aware of the problem and state ideas on the ways to solve these, rather than to provide a recipe to obtain information from compromising emanations. -W. Van Eck, in a letter to Mr. John J. Williams [Computers & Security Vol. 7, No. 4 (1988)]

n Sounds very much like n making a system more ‘secure’ by hoping the details of the system design are not known.

n Sounds very much like n...a good idea?

n Many security industry professionals take the position No.

u This is a violation of Kerchoffs Principle: (1883), paraphrased u System designers should assume that the complete design of a security system is available to all attackers, excluding cryptographic keys.

n Something to consider: n What might have happened if Van Eck had released the complete details and technical information needed to mount this attack into the public domain? n And do you agree with his decision?

End of Line

n “Just because security does not require that something be kept secret, it doesn't mean that it is automatically smart to publicise it.” Bruce Schneier, founder and CTO of Counterpane “Crypto-Gram” Newsletter May 15, 2002

n Appreciative F Note: that the cost to implement this type of attack have changed over the years, from approx $200US (1985) to $30,000US (2001), but are likely to drop dramatically again (cf Kuhn) affecting feasibility F [but Van Eck could not be expected to predict this]