Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Secure passwords?

Reply
Thread Tools

Secure passwords?

 
 
nemo_outis
Guest
Posts: n/a
 
      12-04-2005
"lyalc" <(E-Mail Removed)> wrote in
news:dmtetn$n3g$(E-Mail Removed):

> Actually, if you think about it, low speed systems are much, much
> easier to detect/compromise, in a tempest sense.
>
> Signal emissions are usually the first 5-20 harmonics of the clock
> speed. A clock of 100 Mhz probably needs a receiving AND PROCESSING
> bandwidth of 500-1000 Mhz.
>
> A clock speed of 3 Ghz can mean a processing bandwidth (analog or
> digital ) exceeding 10 Ghz.
> That's a fairly expensive set of kit, super-computing scale, not
> suitcase sized, portable gear, especially if you are looking for
> near-real-time recovery, not SETI-style post analysis.
> Often, these higher frequencies have much less energy/radiated power
> than lower speed clocks, for a variety of technical reasons.
> So the detection range (signal over noise) is probably much less,
> potentially minimising the 'volume' of risk.
>
> Just my 20cents worth.
>
> Lyal
>



Some interesting speculations (and with Tempest we are all speculating to
some degree). I see your point, but I believe you are concentrating on
the wrong aspect: required processing power rather than the underlying
question of the type, strength, and info-carying capacity of the
emissions themselves.

Additionally, regarding your central premise, that emissions are less,
rather than more, likely at higher frequencies, I believe you are wrong.
The simplest evidence of this is that it is much harder to do even the
ordinary shielding necessary to get an FCC clearance sticker. At 3GHz
the wavelength is only 10 cm - every component tends to "sing" as an
antenna (a perfect dipole antenna need only be 5 cm long). Moreover,
nonlinearities in component properties often become more pronounced at
high frequencies leading to strong emissions at all harmonics (but,
obviously, mostly for the low-order ones).

However, much of this is beside the point. While Tempest (emsec)
interceptions could concentrate on CPU processor (and related)
frequencies, most descriptions so far (including the original van Eck
paper) concentrate on peripherals, such as the CRT display. Frequences
here are standardized and independent of the CPU-related frequencies.
And we know that CRT emmissions are strong, strong enough to have caused
efforts (TUV, etc.) to reduce emissions for health, rather than emsec
reasons.

Regards,





 
Reply With Quote
 
 
 
 
Hairy One Kenobi
Guest
Posts: n/a
 
      12-10-2005
"nemo_outis" <(E-Mail Removed)> wrote in message
news:Xns9721C1F394A42abcxyzcom@204.153.244.170...
> "lyalc" <(E-Mail Removed)> wrote in
> news:dmtetn$n3g$(E-Mail Removed):
>
> > Actually, if you think about it, low speed systems are much, much
> > easier to detect/compromise, in a tempest sense.
> >
> > Signal emissions are usually the first 5-20 harmonics of the clock
> > speed. A clock of 100 Mhz probably needs a receiving AND PROCESSING
> > bandwidth of 500-1000 Mhz.
> >
> > A clock speed of 3 Ghz can mean a processing bandwidth (analog or
> > digital ) exceeding 10 Ghz.
> > That's a fairly expensive set of kit, super-computing scale, not
> > suitcase sized, portable gear, especially if you are looking for
> > near-real-time recovery, not SETI-style post analysis.
> > Often, these higher frequencies have much less energy/radiated power
> > than lower speed clocks, for a variety of technical reasons.
> > So the detection range (signal over noise) is probably much less,
> > potentially minimising the 'volume' of risk.


<snip>

The real reason is even more simple - faster boxes tend to radiate more and,
since most of that is the computer equivilent of "tum-te-tum, hurry up and
type something", the interferance will help to conceal unshielded keyboard
and screen signals (which is all one is interested in).

> Some interesting speculations (and with Tempest we are all speculating to
> some degree).


Not necessarily (although I certainly don't claim to be an expert!). Even
the most unobservant person will be able to compare and contrast a bit of
Tempested kit that they are using day-in, day-out with the equivilent
standard kit. Last I looked, the UK classification for Tempest was the same
level as the canteen menu at the local Job Centre.

<snip>

> However, much of this is beside the point. While Tempest (emsec)
> interceptions could concentrate on CPU processor (and related)
> frequencies, most descriptions so far (including the original van Eck
> paper) concentrate on peripherals, such as the CRT display. Frequences
> here are standardized and independent of the CPU-related frequencies.
> And we know that CRT emmissions are strong, strong enough to have caused
> efforts (TUV, etc.) to reduce emissions for health, rather than emsec
> reasons.


CRT and keyboard both - the whole point is that you're trying to sniff data
traffic, and any network information is going to be via fibre, which is
itself protected to a greater or lesser degree.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!


 
Reply With Quote
 
 
 
 
Hairy One Kenobi
Guest
Posts: n/a
 
      12-10-2005
"AV" <(E-Mail Removed)> wrote in message
news:Hjnjf.39378$(E-Mail Removed)...
> Which of these two passwords should be the most secure one:
>
> 1. "Jag undrar vaad som aar ett sakert"
>
> 2. "XVg6Gtzw"
>
> The first one is far more easy to understand for me since it is a
> somewhat incorrectly spelled sentence (in Swedish) whereas the other is
> 8 very cryptic characters not easy to remember.
>
> To me it the first one seems much more secure since it has so many more
> characters and therefore should take far longer to bruce force than the
> other. Dictionary attacks should also be rather useless since the words
> are incorrectly spelled and also it is a sentence and not a word. The
> sentence with similar mispellings would in English be something like:
>
> "I wooonder what iss a secuure"
>
> So what are you opinions?


Misspelled song lyrics are also useful, if you are running a lot of
machines - at one site I worked at (long since closed), the system manager
used lines from A Stairway to Heaven; my typing speed improved... ;o)

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!


 
Reply With Quote
 
nemo_outis
Guest
Posts: n/a
 
      12-10-2005
"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
news:Qxxmf.480$(E-Mail Removed):

>
> The real reason is even more simple - faster boxes tend to radiate
> more and, since most of that is the computer equivilent of
> "tum-te-tum, hurry up and type something", the interferance will help
> to conceal unshielded keyboard and screen signals (which is all one is
> interested in).



The putative effects of interference are frequently overestimated. It is
electronic child's play to filter interference and even, given the
enormous redundancy in many signals, to extract information many decibels
*below* the noise floor.



>> Some interesting speculations (and with Tempest we are all
>> speculating to some degree).

>
> Not necessarily (although I certainly don't claim to be an expert!).
> Even the most unobservant person will be able to compare and contrast
> a bit of Tempested kit that they are using day-in, day-out with the
> equivilent standard kit. Last I looked, the UK classification for
> Tempest was the same level as the canteen menu at the local Job
> Centre.



I disagree. Few have access to Tempest kit to make observations, other
than illustrations in manufacturers' brochures (which disclose little
other than the obvious). A few may work with such devices but almost
always in an environment where physical security confines their
interactions solely to use, not investigation. Virtually no one except
those related to the manufacturer or maintenance crews has a chance to
get "under the hood." Not for nothing are even the standards themselves
classified.




> <snip>
>
>> However, much of this is beside the point. While Tempest (emsec)
>> interceptions could concentrate on CPU processor (and related)
>> frequencies, most descriptions so far (including the original van
>> Eck paper) concentrate on peripherals, such as the CRT display.
>> Frequences here are standardized and independent of the CPU-related
>> frequencies. And we know that CRT emmissions are strong, strong
>> enough to have caused efforts (TUV, etc.) to reduce emissions for
>> health, rather than emsec reasons.

>
> CRT and keyboard both - the whole point is that you're trying to sniff
> data traffic, and any network information is going to be via fibre,
> which is itself protected to a greater or lesser degree.



Tapping fibre channels is very difficult but definitely possible (there
are even murky reports of TLAs regularly doing this for deeply submerged
transoceanic cables). However, in most business environments and
virtually all home environments the "last few feet" to the computer
itself are almost always copper cable, not fibre. There is no need for
high-tech fibre-tapping techniques; the copper cables sing like canaries!

And, yes, peripherals like keyboards and screens are very vulnerable.
And, reputedly, so are induced sugnals on things like power and telephone
lines. There are many potential avenues for Tempest (emsec) attacks.

However, the main protection against Tempest (especially for ordinary
users up to medium-security situations) is not that Tempest is not
feasible, but that it is not necessary. In almost every case there are
easier, cheaper, and less tedious ways of compromising security - the old
standby, the hardware keylogger, is one example.

Regards,











 
Reply With Quote
 
Hairy One Kenobi
Guest
Posts: n/a
 
      12-12-2005
"nemo_outis" <(E-Mail Removed)> wrote in message
news:Xns97286406A4BCFabcxyzcom@204.153.244.170...
> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
> news:Qxxmf.480$(E-Mail Removed):
>
> > The real reason is even more simple - faster boxes tend to radiate
> > more and, since most of that is the computer equivilent of
> > "tum-te-tum, hurry up and type something", the interferance will help
> > to conceal unshielded keyboard and screen signals (which is all one is
> > interested in).

>
> The putative effects of interference are frequently overestimated. It is
> electronic child's play to filter interference and even, given the
> enormous redundancy in many signals, to extract information many decibels
> *below* the noise floor.


"Child's play"? Gotta have a cite for that one.. admittedly, I'm assuming
that the box is somewhere close to the CRT and keyboard..

> >> Some interesting speculations (and with Tempest we are all
> >> speculating to some degree).

> >
> > Not necessarily (although I certainly don't claim to be an expert!).
> > Even the most unobservant person will be able to compare and contrast
> > a bit of Tempested kit that they are using day-in, day-out with the
> > equivilent standard kit. Last I looked, the UK classification for
> > Tempest was the same level as the canteen menu at the local Job
> > Centre.

>
> I disagree. Few have access to Tempest kit to make observations, other
> than illustrations in manufacturers' brochures (which disclose little
> other than the obvious). A few may work with such devices but almost
> always in an environment where physical security confines their
> interactions solely to use, not investigation. Virtually no one except
> those related to the manufacturer or maintenance crews has a chance to
> get "under the hood." Not for nothing are even the standards themselves
> classified.


Few != None

Some of us may well have used such equipment for years (hint, hint)

See above for the trivial classification level, at least here in the UK.

Saying that, it's perfectly possible that thr /are/ higher-classification
documents floating around - after all, a UK Defence Screen sequence
(classified as Confidential) was shown on the BBC's Horizon programme in
full. Similarly, some sonar kit fitted to Trafalgar class subs was
classified as Secret - in regards to where on the boat it was placed, and
its specification - but was clearly listed in both Jane's and other
publications.

Wouldn't surprise me overmuch if the exact performance characteristics were
stil classified - basically for what they tell you about the sensors being
employed. Simply estimating the weight of Tempested kit should tell you how
much steel has been involved in the shielding, let alone simply buying
something and taking it apart!

H1K


 
Reply With Quote
 
nemo_outis
Guest
Posts: n/a
 
      12-12-2005
"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
news:8Fcnf.4522$(E-Mail Removed):

> "nemo_outis" <(E-Mail Removed)> wrote in message
> news:Xns97286406A4BCFabcxyzcom@204.153.244.170...
>> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
>> news:Qxxmf.480$(E-Mail Removed):
>>
>> > The real reason is even more simple - faster boxes tend to radiate
>> > more and, since most of that is the computer equivilent of
>> > "tum-te-tum, hurry up and type something", the interferance will
>> > help to conceal unshielded keyboard and screen signals (which is
>> > all one is interested in).

>>
>> The putative effects of interference are frequently overestimated. It
>> is electronic child's play to filter interference and even, given the
>> enormous redundancy in many signals, to extract information many
>> decibels *below* the noise floor.

>
> "Child's play"? Gotta have a cite for that one.. admittedly, I'm
> assuming that the box is somewhere close to the CRT and keyboard.




Here's one example of a "canned solution" extracting signals from noise
using FFT integration. This particular device concentrates on audio but
the processes are quite general and apply to virtually all signal
processing. Hell, these things are now pretty standard - they last were
cutting edge when I read about them in Aviation Week in the 60s!

http://www.baudline.com/manual/process.html



>> >> Some interesting speculations (and with Tempest we are all
>> >> speculating to some degree).
>> >
>> > Not necessarily (although I certainly don't claim to be an
>> > expert!). Even the most unobservant person will be able to compare
>> > and contrast a bit of Tempested kit that they are using day-in,
>> > day-out with the equivilent standard kit. Last I looked, the UK
>> > classification for Tempest was the same level as the canteen menu
>> > at the local Job Centre.

>>
>> I disagree. Few have access to Tempest kit to make observations,
>> other than illustrations in manufacturers' brochures (which disclose
>> little other than the obvious). A few may work with such devices but
>> almost always in an environment where physical security confines
>> their interactions solely to use, not investigation. Virtually no one
>> except those related to the manufacturer or maintenance crews has a
>> chance to get "under the hood." Not for nothing are even the
>> standards themselves classified.

>
> Few != None
>
> Some of us may well have used such equipment for years (hint, hint)
>
> See above for the trivial classification level, at least here in the
> UK.



Those who know do not speak; those who speak do not know

You may, as you hint, have some level of access to these things. But
whether that translates into understanding either the defensive and
offensive capabilities of emsec as applied to computers is not clear -
and likely to remain that way, I guess. Use != understand But even if
you do understand, your understanding is of (nearly) zero value to anyone
else if you are constrained from communicating it.



> Saying that, it's perfectly possible that thr /are/
> higher-classification documents floating around - after all, a UK
> Defence Screen sequence (classified as Confidential) was shown on the
> BBC's Horizon programme in full. Similarly, some sonar kit fitted to
> Trafalgar class subs was classified as Secret - in regards to where on
> the boat it was placed, and its specification - but was clearly listed
> in both Jane's and other publications.
>
> Wouldn't surprise me overmuch if the exact performance characteristics
> were stil classified - basically for what they tell you about the
> sensors being employed. Simply estimating the weight of Tempested kit
> should tell you how much steel has been involved in the shielding, let
> alone simply buying something and taking it apart!



Oh, the performance of most such machines is fairly clearly defined: they
conform to some level of NATO standard AMSG 788 (& 719, 720, 784, etc. as
well as corresponding national standards, including the simple BSI zone
model). However, the contents of those standards are classified!

But even if the standards were right in front of me, I don't want just a
cookbook recipe (standards are generally heavy on "shalls" but silent on
the underlying rationale). No, I want an understanding of what could be
deployed against me, with what capabilities, at what cost, by which
agencies. And none of that is available.

Any fool (well, any technologically competent fool) can shield from emsec
if he just throws money at the problem. RFI/EMI shielding is not exotic
by any means; it's well-travelled technological ground. No, the trick is
knowing whether, say, 50 dB suppression is sufficient (for a particular
class of threat) or whether 100 dB is necessary. Big difference in cost
(including the secondary problems that arise re ventilation & cooling,
etc. and issues regarding usability). Moreover, even technologically
competent fools don't just build and pray - they test and do QA on their
designs. That means very expensive test equipment, equipment that is
prohibitively expensive for onesy-twosy do-it-yourself projects.

Regards,

PS And so far we have largely confined our discussions to passive
emsec. There is a whole other dimension of active emsec where equipment
to be scanned is "bathed" in EM signals which the computer (or whatever
is under investigation) modulates.

 
Reply With Quote
 
Hairy One Kenobi
Guest
Posts: n/a
 
      12-13-2005
"nemo_outis" <(E-Mail Removed)> wrote in message
news:Xns972A81A79D83Fabcxyzcom@127.0.0.1...
> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
> news:8Fcnf.4522$(E-Mail Removed):
>
> > "nemo_outis" <(E-Mail Removed)> wrote in message
> > news:Xns97286406A4BCFabcxyzcom@204.153.244.170...
> >> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
> >> news:Qxxmf.480$(E-Mail Removed):
> >>
> >> > The real reason is even more simple - faster boxes tend to radiate
> >> > more and, since most of that is the computer equivilent of
> >> > "tum-te-tum, hurry up and type something", the interferance will
> >> > help to conceal unshielded keyboard and screen signals (which is
> >> > all one is interested in).
> >>
> >> The putative effects of interference are frequently overestimated. It
> >> is electronic child's play to filter interference and even, given the
> >> enormous redundancy in many signals, to extract information many
> >> decibels *below* the noise floor.

> >
> > "Child's play"? Gotta have a cite for that one.. admittedly, I'm
> > assuming that the box is somewhere close to the CRT and keyboard.

>
> Here's one example of a "canned solution" extracting signals from noise
> using FFT integration. This particular device concentrates on audio but
> the processes are quite general and apply to virtually all signal
> processing. Hell, these things are now pretty standard - they last were
> cutting edge when I read about them in Aviation Week in the 60s!
>
> http://www.baudline.com/manual/process.html


And hardly the same level of complexity! Being able to integrate a cuboid
doesn't mean that you can provide a pure solution for, say, a four-way
partial differential equation

Not that I'm saying it *can't* be done, of course - after all, aren't
weather forecasts 100% accurate? ;o)

> >> I disagree. Few have access to Tempest kit to make observations,
> >> other than illustrations in manufacturers' brochures (which disclose
> >> little other than the obvious).


> > Few != None
> >
> > Some of us may well have used such equipment for years (hint, hint)
> >
> > See above for the trivial classification level, at least here in the
> > UK.

>
>
> Those who know do not speak; those who speak do not know
>
> You may, as you hint, have some level of access to these things. But
> whether that translates into understanding either the defensive and
> offensive capabilities of emsec as applied to computers is not clear -
> and likely to remain that way, I guess. Use != understand But even if
> you do understand, your understanding is of (nearly) zero value to anyone
> else if you are constrained from communicating it.


?

For the third time of saying - the classification level is the lowest level
possible, at least for the basics (i.e. how to build it). And the techniques
used aren't exactly cutting-edge, either. Nor the materials.

Have to say that I can't really understand your problem, if you've ever used
such kit. Which may or may not be likely, based on simple age - it's far
more common these days to shield the building and use off-the-shelf
equipment, except for the higher-classification networks. Even then, a small
amount of proximity control goes an awful long way.

> > Wouldn't surprise me overmuch if the exact performance characteristics
> > were stil classified - basically for what they tell you about the
> > sensors being employed. Simply estimating the weight of Tempested kit
> > should tell you how much steel has been involved in the shielding, let
> > alone simply buying something and taking it apart!

>
> Oh, the performance of most such machines is fairly clearly defined: they
> conform to some level of NATO standard AMSG 788 (& 719, 720, 784, etc. as
> well as corresponding national standards, including the simple BSI zone
> model). However, the contents of those standards are classified!
>
> But even if the standards were right in front of me, I don't want just a
> cookbook recipe (standards are generally heavy on "shalls" but silent on
> the underlying rationale). No, I want an understanding of what could be
> deployed against me, with what capabilities, at what cost, by which
> agencies. And none of that is available.
>
> Any fool (well, any technologically competent fool) can shield from emsec
> if he just throws money at the problem. RFI/EMI shielding is not exotic
> by any means; it's well-travelled technological ground. No, the trick is
> knowing whether, say, 50 dB suppression is sufficient (for a particular
> class of threat) or whether 100 dB is necessary. Big difference in cost
> (including the secondary problems that arise re ventilation & cooling,
> etc. and issues regarding usability). Moreover, even technologically
> competent fools don't just build and pray - they test and do QA on their
> designs. That means very expensive test equipment, equipment that is
> prohibitively expensive for onesy-twosy do-it-yourself projects.
>
> Regards,
>
> PS And so far we have largely confined our discussions to passive
> emsec. There is a whole other dimension of active emsec where equipment
> to be scanned is "bathed" in EM signals which the computer (or whatever
> is under investigation) modulates.


http://www.google.co.uk/search?&q=de...se+engineering

http://www.google.co.uk/search?&q=de...+of+mild+steel

)

H1K


 
Reply With Quote
 
nemo_outis
Guest
Posts: n/a
 
      12-13-2005
"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
news:eYvnf.75$(E-Mail Removed):

>
>> >> The putative effects of interference are frequently overestimated.
>> >> It is electronic child's play to filter interference and even,
>> >> given the enormous redundancy in many signals, to extract
>> >> information many decibels *below* the noise floor.
>> >
>> > "Child's play"? Gotta have a cite for that one.. admittedly, I'm
>> > assuming that the box is somewhere close to the CRT and keyboard.

>>
>> Here's one example of a "canned solution" extracting signals from
>> noise using FFT integration. This particular device concentrates on
>> audio but the processes are quite general and apply to virtually all
>> signal processing. Hell, these things are now pretty standard - they
>> last were cutting edge when I read about them in Aviation Week in the
>> 60s!
>>
>> http://www.baudline.com/manual/process.html

>
> And hardly the same level of complexity! Being able to integrate a
> cuboid doesn't mean that you can provide a pure solution for, say, a
> four-way partial differential equation
>
> Not that I'm saying it *can't* be done, of course - after all, aren't
> weather forecasts 100% accurate? ;o)




An FFT is an FFT is an FFT is an FFT! (with apologies to Gertrude Stein


The technique is *very broadly applicable* to extracting signals that
contain redundancy from below the noise floor in *many* areas of signal
processing. It is one of a family of time & frequency domain transform
techniques widely used in DSP. See, for instance, a discussion of their
application with emphasis on radar in:

Time-frequency Transforms for Radar Imaging and Signal Analysis
http://www.scitechpub.com/Chen_Time_Freq.htm

As for partial differential equations, all of E&M reduces to Maxwell's 4
differential equations. And I've solved a few cases of them (trivial
cases just for waveguides). Instead, my differential equation solving
usually deals with the nastier Navier-Stokes differential equations
applicable to fluid dynamics. But, really, all this is beside the point;
DEs have only a tangential bearing on the issues we're discussing.

As an index of how commonplace an EE problem extracting signals from
noise is, googling for it gives almost a million hits! Here's one
example drawn at random that discusses how an entire technology, spread-
spectrum transmission, depends on the ability to extract signals from
noise:

Open Spectrum: A Path to Ubiquitous Connectivity
http://acmqueue.com/modules.php?name...howpage&pid=37


>> >> I disagree. Few have access to Tempest kit to make observations,
>> >> other than illustrations in manufacturers' brochures (which
>> >> disclose little other than the obvious).

>
>> > Few != None
>> >
>> > Some of us may well have used such equipment for years (hint, hint)
>> >
>> > See above for the trivial classification level, at least here in
>> > the UK.

>>
>>

....snip...
> For the third time of saying - the classification level is the lowest
> level possible, at least for the basics (i.e. how to build it). And
> the techniques used aren't exactly cutting-edge, either. Nor the
> materials.
>
> Have to say that I can't really understand your problem, if you've
> ever used such kit. Which may or may not be likely, based on simple
> age - it's far more common these days to shield the building and use
> off-the-shelf equipment, except for the higher-classification
> networks. Even then, a small amount of proximity control goes an awful
> long way.




I've used 'em but only briefly - but I've never been under the hood in
the sense of taking one apart (the lads there frowned on those taking
such liberties

However,hubris is the vice the Greek gods punished most severely. It is
unwise to believe that a nickel's worth of math, electronics, a
tinkerer's enthusiasm, and a few parts suppliers' catalogues, can create
good emsec shielding. There's just a little more to it than that.

Any fool can apply general principles to shielding and get, perhaps, 20
dB of suppression. However, achieving 100 dB takes enormous attention to
detail. General shielding is easy (that's why any fool can get 20 dB)
but finding and closing all the leakage paths (even from, say, flexing
causing inadequate compression of RF sealing gaskets) is distinctly non-
trivial (and that's why any fool cannot get 100 dB). And building
without testing to ensure one has achieved one's objective is folly. And
testing is f**king expensive - there are relatively few certified labs
and even some Tempest builders outsource the testing rather than carry
the expense and bother!

As just one example, it is expensive and difficult to get the special
metallic-deposition-layer glass used for emsec shielding where visibility
is required (e.g., screens). The specialized manufacturers don't want to
deal in small quantities and it's awkward to ship (including lots of
paperwork if borders are crossed).

Now, none of this says emsec shielding can't be done - it IS being done
every day - has been for decades. But by *specialty* firms. If you
need the technology there's no sense jacking around trying to cobble up
these things oneself - just pony up the cash and buy one from Siemens or
Cordsen or Emcom (the ones I've used) or whomever.

But before you whip out your chequebook consider whether the not
inconsiderable sums of money could be better spent on other aspects of
your security - in almost all cases, unless you are as rich as Croesus,
you will find yourself deferring the purchase of those Tempest toys.


Moving on to your comment on proximity control, I can only presume you
have a Real Estate licence and are hoping to cash in. Increasing the
distance by a factor of 10 only gives a 20 dB drop in signal strength; a
distance factor of 100 gives 40 dB, 1000 give 60 dB, and 100,000 gives
100 dB! Most of us do not own hundreds of square miles of Nevada desert
in order to get 100 dB signal reduction through "proximity control" - it
is only a supplementary method that, in practice, might save you one
zone.

No, for a real-world discussion of emsec and some of the issues that bear
on it let me direct you to the following recent paper by one of Ross
Anderson's disciples:

Security Limits for Compromising Emanations
www.cl.cam.ac.uk/~mgk25/ches2005-limits.pdf

Regards,


 
Reply With Quote
 
Winged
Guest
Posts: n/a
 
      12-14-2005
nemo_outis wrote:
> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
> news:eYvnf.75$(E-Mail Removed):
>
>
>>>>>The putative effects of interference are frequently overestimated.
>>>>>It is electronic child's play to filter interference and even,
>>>>>given the enormous redundancy in many signals, to extract
>>>>>information many decibels *below* the noise floor.
>>>>
>>>>"Child's play"? Gotta have a cite for that one.. admittedly, I'm
>>>>assuming that the box is somewhere close to the CRT and keyboard.
>>>
>>>Here's one example of a "canned solution" extracting signals from
>>>noise using FFT integration. This particular device concentrates on
>>>audio but the processes are quite general and apply to virtually all
>>>signal processing. Hell, these things are now pretty standard - they
>>>last were cutting edge when I read about them in Aviation Week in the
>>>60s!
>>>
>>>http://www.baudline.com/manual/process.html

>>
>>And hardly the same level of complexity! Being able to integrate a
>>cuboid doesn't mean that you can provide a pure solution for, say, a
>>four-way partial differential equation
>>
>>Not that I'm saying it *can't* be done, of course - after all, aren't
>>weather forecasts 100% accurate? ;o)

>
>
>
>
> An FFT is an FFT is an FFT is an FFT! (with apologies to Gertrude Stein
>
>
> The technique is *very broadly applicable* to extracting signals that
> contain redundancy from below the noise floor in *many* areas of signal
> processing. It is one of a family of time & frequency domain transform
> techniques widely used in DSP. See, for instance, a discussion of their
> application with emphasis on radar in:
>
> Time-frequency Transforms for Radar Imaging and Signal Analysis
> http://www.scitechpub.com/Chen_Time_Freq.htm
>
> As for partial differential equations, all of E&M reduces to Maxwell's 4
> differential equations. And I've solved a few cases of them (trivial
> cases just for waveguides). Instead, my differential equation solving
> usually deals with the nastier Navier-Stokes differential equations
> applicable to fluid dynamics. But, really, all this is beside the point;
> DEs have only a tangential bearing on the issues we're discussing.
>
> As an index of how commonplace an EE problem extracting signals from
> noise is, googling for it gives almost a million hits! Here's one
> example drawn at random that discusses how an entire technology, spread-
> spectrum transmission, depends on the ability to extract signals from
> noise:
>
> Open Spectrum: A Path to Ubiquitous Connectivity
> http://acmqueue.com/modules.php?name...howpage&pid=37
>
>
>
>>>>>I disagree. Few have access to Tempest kit to make observations,
>>>>>other than illustrations in manufacturers' brochures (which
>>>>>disclose little other than the obvious).

>>
>>>>Few != None
>>>>
>>>>Some of us may well have used such equipment for years (hint, hint)
>>>>
>>>>See above for the trivial classification level, at least here in
>>>>the UK.
>>>
>>>

> ....snip...
>
>>For the third time of saying - the classification level is the lowest
>>level possible, at least for the basics (i.e. how to build it). And
>>the techniques used aren't exactly cutting-edge, either. Nor the
>>materials.
>>
>>Have to say that I can't really understand your problem, if you've
>>ever used such kit. Which may or may not be likely, based on simple
>>age - it's far more common these days to shield the building and use
>>off-the-shelf equipment, except for the higher-classification
>>networks. Even then, a small amount of proximity control goes an awful
>>long way.

>
>
>
>
> I've used 'em but only briefly - but I've never been under the hood in
> the sense of taking one apart (the lads there frowned on those taking
> such liberties
>
> However,hubris is the vice the Greek gods punished most severely. It is
> unwise to believe that a nickel's worth of math, electronics, a
> tinkerer's enthusiasm, and a few parts suppliers' catalogues, can create
> good emsec shielding. There's just a little more to it than that.
>
> Any fool can apply general principles to shielding and get, perhaps, 20
> dB of suppression. However, achieving 100 dB takes enormous attention to
> detail. General shielding is easy (that's why any fool can get 20 dB)
> but finding and closing all the leakage paths (even from, say, flexing
> causing inadequate compression of RF sealing gaskets) is distinctly non-
> trivial (and that's why any fool cannot get 100 dB). And building
> without testing to ensure one has achieved one's objective is folly. And
> testing is f**king expensive - there are relatively few certified labs
> and even some Tempest builders outsource the testing rather than carry
> the expense and bother!
>
> As just one example, it is expensive and difficult to get the special
> metallic-deposition-layer glass used for emsec shielding where visibility
> is required (e.g., screens). The specialized manufacturers don't want to
> deal in small quantities and it's awkward to ship (including lots of
> paperwork if borders are crossed).
>
> Now, none of this says emsec shielding can't be done - it IS being done
> every day - has been for decades. But by *specialty* firms. If you
> need the technology there's no sense jacking around trying to cobble up
> these things oneself - just pony up the cash and buy one from Siemens or
> Cordsen or Emcom (the ones I've used) or whomever.
>
> But before you whip out your chequebook consider whether the not
> inconsiderable sums of money could be better spent on other aspects of
> your security - in almost all cases, unless you are as rich as Croesus,
> you will find yourself deferring the purchase of those Tempest toys.
>
>
> Moving on to your comment on proximity control, I can only presume you
> have a Real Estate licence and are hoping to cash in. Increasing the
> distance by a factor of 10 only gives a 20 dB drop in signal strength; a
> distance factor of 100 gives 40 dB, 1000 give 60 dB, and 100,000 gives
> 100 dB! Most of us do not own hundreds of square miles of Nevada desert
> in order to get 100 dB signal reduction through "proximity control" - it
> is only a supplementary method that, in practice, might save you one
> zone.
>
> No, for a real-world discussion of emsec and some of the issues that bear
> on it let me direct you to the following recent paper by one of Ross
> Anderson's disciples:
>
> Security Limits for Compromising Emanations
> www.cl.cam.ac.uk/~mgk25/ches2005-limits.pdf
>
> Regards,
>
>


I gotta live more dangerous n get me a secret....I have been in Venus
rooms..not much fun and always stuffy, in several ways... If one wants
tempest buy it. If your laying out the cash for the equipment, room
mods etc, you should not neglect the security system and trusted guys
(always must be more than one) with guns who are anxious to shoot
someone and like no one. The room mods and the appropriate crypto gear
to secure the data and transmit it securely to some other equally secure
environment. Of course perimeter zoning must be controlled even with
tempest (tempest only addresses one of many security issues).

After one has invested these funds you have to wonder if paper and
pencil might not have been a better solution...

I just gotta get me a secret

As to waveguides and magnatrons, the PFM factor is sufficient for me, it
makes my head hurt..I have a difficult enough time figuring what
process is calling a specific generic dll and exactly what the process
is doing.

There are a couple graphic files floating around the net at the moment
that are quite remarkable in their activity...that actually also display
a graphic. I already know there are bright bulbs out there... I am not
convinced that the graphic decompression engine problem is totally fixed
even with the latest MS patch.

Winged
 
Reply With Quote
 
Hairy One Kenobi
Guest
Posts: n/a
 
      12-14-2005
"nemo_outis" <(E-Mail Removed)> wrote in message
news:Xns972B61FA75F27abcxyzcom@127.0.0.1...
> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
> news:eYvnf.75$(E-Mail Removed):
>
> >> >> The putative effects of interference are frequently overestimated.
> >> >> It is electronic child's play to filter interference and even,
> >> >> given the enormous redundancy in many signals, to extract
> >> >> information many decibels *below* the noise floor.
> >> >
> >> > "Child's play"? Gotta have a cite for that one.. admittedly, I'm
> >> > assuming that the box is somewhere close to the CRT and keyboard.


<much snippage>

> > And hardly the same level of complexity! Being able to integrate a
> > cuboid doesn't mean that you can provide a pure solution for, say, a
> > four-way partial differential equation
> >
> > Not that I'm saying it *can't* be done, of course - after all, aren't
> > weather forecasts 100% accurate? ;o)


> Instead, my differential equation solving
> usually deals with the nastier Navier-Stokes differential equations
> applicable to fluid dynamics. But, really, all this is beside the point;
> DEs have only a tangential bearing on the issues we're discussing.


If I hadn't covered them 20+ years ago in my first year of college, I'd
probably be very impressed with that statement ;o)

What can be neatly solved is used as examples, what can't (i.e. anything
other than special cases) takes either a helluva lot of computing power,
some dodgy graphs, or a bit of work with a La Place table. My Top Tip for
that one is "try not to be taught by the world expert in Nyquist plots" - La
Place saves hours of work, but (obviously) is only ever applicable on an
individual basis.

Oh, and if you think /that's/ hard, then just wait for the second year and
the stress analysis of statically-indeterminate structures..

> > Have to say that I can't really understand your problem, if you've
> > ever used such kit. Which may or may not be likely, based on simple
> > age - it's far more common these days to shield the building and use
> > off-the-shelf equipment, except for the higher-classification
> > networks. Even then, a small amount of proximity control goes an awful
> > long way.

>
> I've used 'em but only briefly - but I've never been under the hood in
> the sense of taking one apart (the lads there frowned on those taking
> such liberties
>
> However,hubris is the vice the Greek gods punished most severely. It is
> unwise to believe that a nickel's worth of math, electronics, a
> tinkerer's enthusiasm, and a few parts suppliers' catalogues, can create
> good emsec shielding. There's just a little more to it than that.


You'd be surprised.. after all, what's actually inside the box is the same
as the semi-shielded version (I say "semi", because EM shielding has been a
requirement for a not inconsiderable time). All that's changed is the degree
of shielding, and materials technology is roughly constant throughout th
universe.

>And
> testing is f**king expensive - there are relatively few certified labs
> and even some Tempest builders outsource the testing rather than carry
> the expense and bother!


Hmm. Hadn't heard of anyone that /didn't/ outsource - and I can't imagine
that the DoD is /that/ more lax than the UK MoD in demanding independant
figures?

> As just one example, it is expensive and difficult to get the special
> metallic-deposition-layer glass used for emsec shielding where visibility
> is required (e.g., screens). The specialized manufacturers don't want to
> deal in small quantities and it's awkward to ship (including lots of
> paperwork if borders are crossed).
>
> Now, none of this says emsec shielding can't be done - it IS being done
> every day - has been for decades. But by *specialty* firms. If you
> need the technology there's no sense jacking around trying to cobble up
> these things oneself - just pony up the cash and buy one from Siemens or
> Cordsen or Emcom (the ones I've used) or whomever.
>
> But before you whip out your chequebook consider whether the not
> inconsiderable sums of money could be better spent on other aspects of
> your security - in almost all cases, unless you are as rich as Croesus,
> you will find yourself deferring the purchase of those Tempest toys.


I'm not entirely sure who you're arguing with at this point. After all, I've
already pointed out that it's been the general rule to shield buildings and
particlar enclosures, rather than buy specialised expensive kit. Maybe I
should have put a timeframe in there? How about "two decades" (true for the
UK, no idea about the US).

> Moving on to your comment on proximity control, I can only presume you
> have a Real Estate licence and are hoping to cash in. Increasing the
> distance by a factor of 10 only gives a 20 dB drop in signal strength; a
> distance factor of 100 gives 40 dB, 1000 give 60 dB, and 100,000 gives
> 100 dB! Most of us do not own hundreds of square miles of Nevada desert
> in order to get 100 dB signal reduction through "proximity control" - it
> is only a supplementary method that, in practice, might save you one
> zone.


Forgive me for saying, but that sounds like some reading from a set of
tables, rather than doing any calculations. You *do* know that dB is an
exponential unit, rather than linear? That each 3dB indicates a /halving/ in
signal level?

Measure your signal drop-off by taking your distance and applying the
inverse-square rule (as defined by Newton in the seventeenth century), then
take the base-10 logarithm and multiply by -10. Simple.

And, of course, largely irrelevant in the electronic Real World (which tends
to have variable permittivity, most of us not living in a complete vacuum
and all ;o)

Or is someone about to argue that taking a signal below
instrument-detectable levels and then dropping it by another order of
magnitude is somehow useful?

Remember, with a simple 400m distance (not a magic number - just thinking of
a particular building) you're talking a 52dB attenuation (assuming that
pesky vacuum) - i.e. you're signal has dropped to 0.000625% of what you were
previously looking at. If you also assume that no establishment with guards
that aren't utterly brain-dead will let you lurk within 100m of the wire
with a suitcaseful of dodgy electronics, then that drops still further, to 4
tenths of a thousandth of a percent.

H1K

P.S. Almost forgot - if you're not willing to order leaded glass from
someone like Pilkington, then it's perfectly possible to buy self-adhesive
gold film off-the-shelf and make you're own, as in the A6 Queer (apologies
to anyone of that disposition - can't remember the official aircraft
designation!)


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Secure your digital information assets with Secure Auditor. SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:53 AM
Secure your digital information assets with Secure Auditor SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:52 AM
Sharing Session state over secure / non-secure requests Daniel Malcolm ASP .Net 0 01-24-2005 04:45 PM
This page contains both secure and non secure items. A.M ASP .Net 5 06-08-2004 05:43 PM



Advertisments