Abstract
In this paper we propose a method of detecting the propagation frequencies of compromising emanations in order to evaluate the risk of eavesdropping the display units. By modulating the video signal with an audio file, we have been able to detect the compromising emanations on the frequencies where the audition occurred. The level of those emanations is an important issue in the process of evaluating the security risk. The higher the level, the higher is the probability of detection and reconstruction of displayed information.
Access provided by CONRICYT-eBooks. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
In our days, the effort of protecting sensitive information is a critical one. Any form of security incident that involves protected information has a negative impact on the organization that relies on them. Therefore, a series of protective measures, technical and procedural, are needed in order to ensure information security.
One of those measures is known as Emission Security (EMSEC) or Transient Electromagnetic Pulse Emanation Standard (TEMPEST), which represents a set of technical, organizational and procedural measures applied for analysis, investigation and decrease of compromising emissions generated by electronic or electromagnetic equipment processing information, with the purpose of preventing the processed information recovery. Possible sources of compromising emanations can be, but not limited to: power supplies, power amplifiers, microprocessors, internal circuits and wires, keyboards, printers, modems, scanners and display units. This technique had been introduced in early 60 s [1, 2] and has been developed ever since as newer devices appeared on the market. In [3, 4] a number of security limits for compromising emanations have been highlighted for different existing public standards and devices and types of attack. Numerous testbeds and methodologies had been developed [5, 6] to evaluate the electromagnetic leakage emanations in different setups and for critical systems, sensitive to electromagnetic threats [7,8,9, 14]. It has been shown [1, 5, 10, 11] that display units like LCD, LED and old CRT monitors are ones of the most susceptible to eavesdropping due to their mode of operation. Compromising emanations can be processed by averaging since the video signal is periodic with the frame rate, leading to a processing gain of [2]
where N is the number of averages, and N ≥ 2.
2 Compromising Emanation Generation
In this chapter we present the evaluation method, that implies generation of a video *.avi file, that will be repeatedly played and displayed on a LCD monitor. The video file is bearing audio information, encoded in form of horizontal lines, displayed by the frame rate setting of the LCD. Each frame has a number of horizontal lines which represent 256 bit grayscale coded audio samples. Thus, the compromising emanation will be found in radiofrequency spectrum as an amplitude modulation. Then, by AM demodulating, one can recover the audio file encoded in as a video signal.
2.1 Audio File Parameters
The first step is importing an audio file, which has a number of samples Na and a sampling rate Fs [Hz]. The duration of audio signal is
The samples will be grouped in clusters, corresponding to video display parameters.
2.2 Video Signal Parameters
The LCD has Hpx horizontal pixels, Vpx vertical pixels and Sr [Hz] screen refresh rate corresponding to the visible area. The duration of video signal represented by the *.avi file is equal to the duration of the audio file, namely
Where Nf represents the number of frames in the video file.
2.3 Compromising Emanation Encoding
Each video frame contains a number of M audio samples, determined by
Because LCD’s pixel frequency is larger than the audio file sampling rate by an order of magnitude of 4, the only way to make an image audible is to decrease the pixel frequency by displaying one audio sample on several horizontal video lines. The number of horizontal video lines used to display an audio sample is given by
where Vpx is the number of video lines.
The final step is to convert the audio samples, represented by vector A into a raster-type video stream, represented by matrices, according to values above.
The audio samples are 8-bit encoded in order to obtain 256 grayscale values in order to obtain a video frame, as follows
3 Method Validation and Information Recovery
In order to check the efficiency of the method, an experimental testbed has been built, consisting of:
-
LCD monitor, as the equipment under test with screen resolution of 1024 by 768 pixels and a refresh rate of 60 Hz [15]
-
Log-periodic antenna, for wideband reception
-
Test receiver, with AM demodulation and intermediate frequency output
-
Oscilloscope, connected to the IF output of the receiver, in order to visualize the waveform on the frequency where the compromising emanation is present
-
Speakers, used for audio detection of compromising emanations during the frequency sweep performed by the test receiver.
The experimental setup block diagram is presented in Fig. 1. By sweeping the spectrum and using AF demodulation option on the test receiver, we were able to detect the frequencies where the compromising emanation was identified. The tests were performed under different conditions, using several LCDs at distances between 3 and 30 meters, in line of sight or obstructed by concrete walls.
Next, to view the waveform and validate the method, we used the intermediate frequency output of the receiver connected to the scope input. We found that the waveforms visualized on the scope are correlated to the video frames displayed on the LCD, on those frequencies where the audition was possible.
The received frequency spectrum, presented in Fig. 2, contains several emissions, some of those being generated by the LCDs as spurious emissions. The compromising emanation of interest is marked in Fig. 2, at the frequency of 649.35 MHz.
Compromising emissions can be found on several frequencies, with different amplitude levels and audio quality. In this study the highest level and clearest audio recognition have been taken into consideration. On the other hand, different configurations of the testing scenario might lead to compromising emanations which are masked under the noise and interference, making it possible for the eavesdropper to recover information if he possesses a high quality receiver and strong signal processing capabilities.
One important parameter used for reducing the amount of received noise and increasing the frequency resolution is the resolution bandwidth, RBW. Thus the receiving sensitivity can be calculated as:
where −174 is the thermal noise expressed in dBm, RBW is the bandpass filter of the receiver on the intermediate frequency path, NF is receiver noise figure, SNR is signal to noise ratio and Patt is the sum of antenna factor and cable loss, expressed in dB. By reducing RBW, the power of received noise decreases, compromising emanations can be separated from adjacent interferences making detection possible. Using a range of RBWs instead of a single one offers a higher confidence for our method.
The final step of validation is the visual correlation between displayed frames and received signal. To accomplish that we compared one video frame with corresponding waveform triggered on the oscilloscope. The amplitude and duration of each transition in oscilloscope waveform correspond with the intensity and thickness of displayed horizontal lines, as shown in Figs. 3 and 4.
4 Conclusions
The method presented in this paper can be considered a fast solution for detecting compromising emanations from display units like LCD, LED and CRT monitors, using even a low cost wideband AM receiver.
The main advantage of this method is that it can be used in sites, to verify the conformity of installation process with emission security regulations, where display units operate as a part of a system and can’t be moved or replaced by other display units. The disadvantage is that it is limited only to detection of compromising emanations and is not able to not measure their level, according to emission security regulations.
Information reconstruction by receiving and processing emissions generated by electronic equipment is a security risk and should be treated accordingly. The threat increases with the development of high performance Software Defined Radios that can be found on the market, which are becoming more affordable as the time passes.
Protective measures should be complex but also cost effective, starting with procedural measures which control operating conditions, software solutions like filtering displayed information and hardware measures like electromagnetic shielding and filtering [12, 13].
References
Kuhn, M.G.: Compromising emanations: eavesdropping risks of computer displays, Technical report (2003). http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-577.pdf
Kuhn, M.G.: Security limits for compromising emanations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 265–279. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_20
Kuhn, M.G.: Eavesdropping attacks on computer displays. Inf. Secur. Summit, 24–25 (2006). Prague
Kuhn, M.G.: Compromising emanations of LCD TV sets. IEEE Trans. Electromagn. Compat. 55, 564–570 (2013)
Katamreddy, S.: Experimental testbed for electromagnetic analysis doctoral dissertation. George Mason University (2016)
Kasmi, C., Esteves, J.L., Armstrong, K.: EMC/EMI and functional safety, methodology to characterize effects of interferences on devices. In: IEEE 2016 Asia-Pacific International Symposium on Electromagnetic Compatibility (APEMC), vol. 1, pp. 1178–1180 (2016)
Christopoulos, C.: Electromagnetic compatibility (EMC) in challenging environments. In: Daras, N.J., Rassias, T.M. (eds.) Operations Research, Engineering, and Cyber Security. SOIA, vol. 113, pp. 95–115. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-51500-7_5
Jian, M., Jinming, L.: Information leakage from computer based on electromagnetic radiation. Control Intell. Syst. 43(2) (2016)
Van Eck, W.: Electromagnetic radiation from video display units: an eavesdropping risk? Comput. Secur. 4(4), 269–286 (1985)
Sekiguchi, H., Seto, S.: Measurement of radiated computer RGB signals. Prog. Electromagn. Res. C 7, 1–12 (2009)
Bîndar, V., Popescu, M., Craciunescu, R.: Aspects of electromagnetic compatibility as a support for communication security based on TEMPEST evaluation. In: 2014 10th International Conference on Communications (COMM), Bucharest, pp. 1–4 (2014)
ITU-T K.84: test methods and guide against information leaks through unintentional electromagnetic emissions (2011)
ITU-T K.87: guide for the application of electromagnetic security requirements (2016)
https://www.sans.org/reading-room/whitepapers/privacy/introduction-tempest-981. Accessed Apr 2017
http://tinyvga.com/vga-timing. Accessed Apr 2017
Acknowledgement
This work was supported by the grant of the Ministry of Innovation and Research, UEFISCDI, project number 5 Sol/2017 ToR-SIM within PNCDI III.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Bărtușică, R., Boitan, A., Halunga, S., Popescu, M., Bindar, V. (2018). Security Risk: Detection of Compromising Emanations Radiated or Conducted by Display Units. In: Fratu, O., Militaru, N., Halunga, S. (eds) Future Access Enablers for Ubiquitous and Intelligent Infrastructures. FABULOUS 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 241. Springer, Cham. https://doi.org/10.1007/978-3-319-92213-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-92213-3_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-92212-6
Online ISBN: 978-3-319-92213-3
eBook Packages: Computer ScienceComputer Science (R0)