Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electromagnetic Radiation from VDUs: An Eavesdropping Risk? Paul Shotbolt 2529311 Article in “Computers and Security” Volume 4. Number 4.by Wim van Eck.

Published byBrian Walker Modified over 9 years ago

Similar presentations

Presentation on theme: "Electromagnetic Radiation from VDUs: An Eavesdropping Risk? Paul Shotbolt 2529311 Article in “Computers and Security” Volume 4. Number 4.by Wim van Eck."— Presentation transcript:

1 Electromagnetic Radiation from VDUs: An Eavesdropping Risk? Paul Shotbolt 2529311 Article in “Computers and Security” Volume 4. Number 4.by Wim van Eck (December 1985)

2 n Van Eck discusses briefly u the technology required to reconstruct images from the EM signals produced by Video Display units, u the ease at which this eavesdropping can be performed, u and some possible countermeasures

3 n All electronic equipment gives off electromagnetic (EM) signals. With the appropriate equipment, confidential data may be intercepted by analysis of these signals

4 n Appreciative F Van Eck does not just examine possibility, but feasibility throughout the article. He stresses the low cost of the eavesdropping equipment on several occasions (around 200 USD), and the much higher costs of the countermeasures.

5 n Critical F Much of the article assumes that emissions from the electron beam, containing the amplified video signal, is the only signal being attacked, as it is the ‘dominant signal’ from a CRT display. Quick dismissal of compromising the other signals emitted by the system No consideration of which signals are protected when describing countermeasures

6 n Critical u yet van Eck mentions shielded cabling, etc in the countermeasures section. Cabling is shielded to help prevent interference. u If emissions from the cabling can be intercepted (they can) then the video signal may not be the only EM emission causing security risks. u LCD Screens: A reader could be mislead into thinking they are not at risk.

7 n Critical u Much of the information is incomplete. F Van Eck omits some quite important specific technical details in the article F names & specs of parts, tuning, resynchronisation F deals with monochrome VDUs only, ignoring other monitors (eg EGA 1984). F Also, an author, John J. Williams (Consumertronics) pointed out that ‘half the information on the screen may be lost … due to the interlaced buildup’, and this was not mentioned

8 u But these omissions were explained: F "the publication of the work carried out at the laboratories on this topic is intended to make people aware of the problem and state ideas on the ways to solve these, rather than to provide a recipe to obtain information from compromising emanations. -W. Van Eck, in a letter to Mr. John J. Williams [Computers & Security Vol. 7, No. 4 (1988)]

9 n Sounds very much like n making a system more ‘secure’ by hoping the details of the system design are not known.

10 n Sounds very much like n...a good idea?

11 n Many security industry professionals take the position No.

12 u This is a violation of Kerchoffs Principle: (1883), paraphrased u System designers should assume that the complete design of a security system is available to all attackers, excluding cryptographic keys.

13 n Something to consider: n What might have happened if Van Eck had released the complete details and technical information needed to mount this attack into the public domain? n And do you agree with his decision?

14 End of Line

15 n “Just because security does not require that something be kept secret, it doesn't mean that it is automatically smart to publicise it.” Bruce Schneier, founder and CTO of Counterpane “Crypto-Gram” Newsletter May 15, 2002

16 n Appreciative F Note: that the cost to implement this type of attack have changed over the years, from approx $200US (1985) to $30,000US (2001), but are likely to drop dramatically again (cf Kuhn) affecting feasibility F [but Van Eck could not be expected to predict this]

Download ppt "Electromagnetic Radiation from VDUs: An Eavesdropping Risk? Paul Shotbolt 2529311 Article in “Computers and Security” Volume 4. Number 4.by Wim van Eck."

Similar presentations

Computer Security CIS326 Dr Rachel Shipsey.

Computer Security CIS326 Dr Rachel Shipsey.
Tempest Emanations Jacklyn Truong University of Tulsa April 16, 2013.

Tempest Emanations Jacklyn Truong University of Tulsa April 16, 2013.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
Direct Attacks on Computational Devices

Direct Attacks on Computational Devices
Computer Security Workshops Security 101 - Introduction, Central Principles and Concepts.

Computer Security Workshops Security Introduction, Central Principles and Concepts.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
CPE 5002 Network security. Look at the surroundings before you leap.

CPE 5002 Network security. Look at the surroundings before you leap.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Additional questions about Conducted and Wireless Media School of Business Eastern Illinois University.

Additional questions about Conducted and Wireless Media School of Business Eastern Illinois University.
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 40 – Displays and Resolution.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 40 – Displays and Resolution.
1 CCTV SYSTEMS CCTV MONITORS. 2 CCTV SYSTEMS A monitor simply allows remote viewing of cameras in a CCTV system from a control room or other location.

1 CCTV SYSTEMS CCTV MONITORS. 2 CCTV SYSTEMS A monitor simply allows remote viewing of cameras in a CCTV system from a control room or other location.
Seeing-Is-Believing: using camera phones for human-verifiable authentication Jonathan M. McCune, Adrian Perrig and Michael K. Reiter Int. J. Security and.

Seeing-Is-Believing: using camera phones for human-verifiable authentication Jonathan M. McCune, Adrian Perrig and Michael K. Reiter Int. J. Security and.
Standard Grade Computing COMPUTER STUDIES Standard Grade OUTPUT DEVICES Chapter 17.

Standard Grade Computing COMPUTER STUDIES Standard Grade OUTPUT DEVICES Chapter 17.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

Similar presentations

Ads by Google