ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Information leakage from optical emanations
Full text PdfPdf (383 KB)
Source ACM Transactions on Information and System Security (TISSEC) archive
Volume 5 ,  Issue 3  (August 2002) table of contents
Pages: 262 - 289  
Year of Publication: 2002
ISSN:1094-9224
Authors
Joe Loughry  Lockheed Martin Space Systems, Denver, CO
David A. Umphress  Auburn University, AL
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 18,   Downloads (12 Months): 155,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/545186.545189
What is a DOI?

ABSTRACT

A previously unknown form of compromising emanations has been discovered. LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated optical signal that is significantly correlated with information being processed by the device. Physical access is not required; the attacker gains access to all data going through the device, including plaintext in the case of data encryption systems. Experiments show that it is possible to intercept data under realistic conditions at a considerable distance. Many different sorts of devices, including modems and Internet Protocol routers, were found to be vulnerable. A taxonomy of compromising optical emanations is developed, and design changes are described that will successfully block this kind of "Optical Tempest" attack.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Agilent Technologies. 1999. T-1¾ (5 mm) Diffused LED Lamps Technical Data. Agilent Technologies. Data sheet 5968-4161E (2/99).
 
2
Ross J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, John Wiley & Sons, Inc., New York, NY, 2001
 
3
Anderson, R. J. and Kuhn, M. G. 1999. Soft tempest---an opportunity for NATO. In Protecting NATO Information Systems in the 21st Century. NATO Research & Technology Organisation, Washington, D.C.
 
4
Ulysses D. Black, Physical Level Interfaces and Protocols, IEEE Computer Society Press, Los Alamitos, CA, 1988
 
5
Common Criteria Project Sponsoring Organizations. 1999. Common Criteria for Information Technology Security Evaluation. Common Criteria Project Sponsoring Organizations. CCIMB-99-031, Version 2.1.
 
6
Electronic Industries Association, Engineering Department. 1991. Interface Between Data Terminal Equipment and Data Circuit-Terminating Equipment Employing Serial Binary Data Interchange. Electronic Industries Association, Engineering Department. EIA/TIA-232-E.
 
7
EXPO Electro-Optical Engineering, Inc. 1999. LFD-100 Live Fiber Detector. EXFO Electro-Optical Engineering, Inc. Data sheet SPLFD100.4AN.
 
8
Philip E. Fites , Martin P. J. Kratz, Information systems security: a practitioner's reference, Van Nostrand Reinhold Co., New York, NY, 1994
 
9
Gagliardi, R. 1995. Optical Communications, 2nd ed. Wiley, New York.
 
10
Simson Garfinkel , Deborah Russell, PGP: Pretty Good Privacy, O'Reilly & Associates, Inc., Sebastopol, CA, 1996
 
11
Hewlett--Packard Company. 1993a. HFBR-4663 Single Chip 10BASE--FL Transceiver Technical Data. Hewlett--Packard Company. Data sheet 5091-7391E.
 
12
Hewlett--Packard Company. 1993b. Low-Cost Fiber-Optic Links for Digital Applications up to 155 MBd. Hewlett--Packard Company. Application Bulletin 78, 5091-9102E.
 
13
Hodara, H. 1991. Secure fiberoptic communications. In Proceedings of Symposium on Electromagnetic Security for Information Protection. Fondazione Ugo Bordoni, Rome, Italy.
 
14
Johnson, P. 1995. Circuit adapts signals for visual perception. Electronic Design News 40, 21 (12 October), 104.
 
15
Markus G. Kuhn, Optical Time-Domain Eavesdropping Risks of CRT Displays, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.3, May 12-15, 2002
 
16
Markus G. Kuhn , Ross J. Anderson, Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations, Proceedings of the Second International Workshop on Information Hiding, p.124-142, April 14-17, 1998
17
Butler W. Lampson, A note on the confinement problem, Communications of the ACM, v.16 n.10, p.613-615, Oct. 1973  [doi>10.1145/362375.362389]
 
18
Donald E. Lancaster, TTL Cookbook, Sams, Indianapolis, IN, 1974
 
19
David L. Lathrop, Security aspects of wireless local area networks, Computers and Security, v.11 n.5, p.421-426, Sept. 1992  [doi>10.1016/0167-4048(92)90006-D]
 
20
McCarthy, D. C. 2001. Faster vs. denser: Networks reach another crossroad. Photon. Spectra 35, 9 (Sept.), 110--118.
 
21
Morris, J. 1996. Re: blinking lights on computers. Article ⟨55ni3a$bm3top.mitre.org⟩, in USENET newsgroup alt.folklore.computers.
 
22
National Computer Security Center. 1988. Glossary of Computer Security Terms. National Computer Security Center. NCSC-TG-004, Version 1.
 
23
National Computer Security Center. 1993. A Guide to Understanding Covert Channel Analysis of Trusted Systems. National Computer Security Center. NCSC-TG-030, Version 1.
 
24
National Security Agency. 1992. NACSIM 5000 TEMPEST Fundamentals. National Security Agency, Fort George G. Meade, Md. http://cryptome.org/nacsim-5000.htm.
 
25
National Security Agency. 1994. Specification NSA No. 94-106, Specification for Shielded Enclosures. National Security Agency, Fort George G. Meade, Md. http://cryptome.org/nsa-94-104.htm.
 
26
National Security Agency. 1995. TEMPEST/2-95 Red/Black Installation Guidance. National Security Agency, Fort George G. Meade, Md. http://cryptome.org/tempest-2-95.htm.
 
27
Paradyne Corporation. 1985. InfoLock Model 2811-11 Installation and Operation Manual, 1st ed. Paradyne Corporation. 2811-A2-GN32-00.
 
28
Tekla S. Perry, M. George Craford, IEEE Spectrum, v.32 n.2, p.52-55, Feb. 1995  [doi>10.1109/6.343989]
 
29
Petitcolas, F. A., Anderson, R. J., and Kuhn, M. G. 1999. Information hiding---A survey. Proc. IEEE 87, 7 (July), 1062--1078.
 
30
John G. Proakis , Masoud Salehi, Communication systems engineering, Prentice-Hall, Inc., Upper Saddle River, NJ, 1994
 
31
Proctor, N. E. and Neumann, P. G. 1992. Architectural implications of covert channels. In Proceedings of the 15th National Computer Security Conference. National Institute of Standards and Technology, National Computer Security Center, Baltimore, Md., 28--43.
 
32
Deborah Russell , G. T. Gangemi, Sr., Computer security basics, O'Reilly & Associates, Inc., Sebastopol, CA, 1991
 
33
Peter Smulders, The threat of information theft by reception of electromagnetic radiation from RS-232 cables, Computers and Security, v.9 n.1, p.53-58, Feb. 1990  [doi>10.1016/0167-4048(90)90157-O]
 
34
Stephenson, N. 1999. Cryptonomicon. Avon Books, New York.
 
35
Telecommunications Industry Association. 1996. Standard for Start--Stop Signal Quality for Non-Synchronous Data Terminal Equipment. Telecommunications Industry Association. TIA/EIA-404-B.
 
36
Umphress, D. and Williams, G. 1985. Identity verification through keyboard characteristics. Int. J. Man--Machine Studies 23, 263--273.
 
37
United States Department of Defense. 1985. Trusted Computer System Evaluation Criteria. United States Department of Defense. DOD 5200.28-STD.
 
38
United States Department of Defense. 1987. Red/Black Engineering--Installation Guidelines. United States Department of Defense. MIL-HDBK-232A.
 
39
Wim van Eck, Electromagnetic radiation from video display units: an eavesdropping risk?, Computers and Security, v.4 n.4, p.269-286, Dec. 1985  [doi>10.1016/0167-4048(85)90046-X]
 
40
Frank Van Gilluwe, The Undocumented PC, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1993
 
41
Wilkins, J. 1641. Mercury, or the Secret and Swift Messenger. I. Norton, London.
 
42
Wray, J. C. 1991. An analysis of covert timing channels. In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy (Oakland, Calf.). IEEE Computer Society, Los Alamitos, Calif. 2--7.
 
43
Wright, P. 1987. Spycatcher: The Candid Autobiography of a Senior Intelligence Officer. Viking Press, New York.

CITED BY  2
Yigael Berger , Avishai Wool , Arie Yeredor, Dictionary attacks using keyboard acoustic emanations, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
Hidema Tanaka, Evaluation of Information Leakage via Electromagnetic Emanation and Effectiveness of Tempest, IEICE - Transactions on Information and Systems, v.E91-D n.5, p.1439-1446, May 2008

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Invasive software (e.g., viruses, worms, Trojan horses)

  E. Data
  E.3 DATA ENCRYPTION
      Subjects: Code breaking

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)


General Terms:
Experimentation, Security


Keywords:
COMINT, COMSEC, EMSEC, SIGINT, TEMPEST, communication, compromising emanations, covert channel, encryption, fiber optics, information displays, light emitting diode (LED)

Collaborative Colleagues:
Joe Loughry: colleagues
David A. Umphress: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player