Classification and characteristics of technical channels for leakage of information processed by TSPI and transmitted via communication channels.

Classification and characteristics of technical channels for leakage of information processed by TSPI and transmitted via communication channels.

Anatoly Anatolyevich Khorev, Candidate of Military Sciences

Classification and characteristics of technical channels for leakage of information processed by TSPI and transmitted via communication channels

The article is reprinted from the journal «Special Equipment» No. 2 1998

Under technical means of receiving, processing, storing and transmitting information (TSPI)understand technical means that directly process confidential information. Such means include: electronic computing equipment, secure automatic telephone exchanges, operational command and loudspeaker communication systems, sound amplification systems, sound accompaniment and sound recording systems, etc.

When identifying technical channels of information leakage, the TSPI must be considered as a system that includes the main (stationary) equipment, terminal devices, connecting lines (a set of wires and cables laid between individual TSPI and their elements), distribution and switching devices, power supply systems, and grounding systems.

Individual technical means or a group of technical means intended for processing confidential information, together with the premises in which they are located, constitute a TSPI facility. TSPI facilities also include designated premises intended for holding closed events.

Along with the TSPI, technical means and systems are installed in the premises that are not directly involved in the processing of confidential information, but are used together with the TSPI and are located in the zone of the electromagnetic field created by them. Such technical means and systems are called auxiliary technical means and systems (ATMS). These include: technical means of open telephone, loudspeaker communication, fire and security alarm systems, electrification, radio, clock systems, household appliances, etc.

As a channel for information leakage, the most interesting are technical means of open telephone, loudspeaker communication, fire and security alarm systems, electrification, radio, clock systems, household appliances, etc.

As a channel for information leakage, the most interesting are technical means of open telephone, loudspeaker communication, which go beyond the controlled zone (KZ), i.e. the zone in which the appearance of persons and vehicles without permanent or temporary passes is excluded

In addition to the TSPI and VTSS connecting lines, wires and cables that are not related to them, but pass through rooms where technical equipment is installed, as well as metal pipes of heating and water supply systems and other conductive metal structures, may go beyond the controlled area. Such wires, cables and conductive elements are called extraneous conductors.

Depending on the physical nature of the origin of information signals, as well as the environment of their propagation and interception methods, technical information leakage channels can be divided into electromagnetic, electrical and parametric.

Electromagnetic information leakage channels

K electromagnetic include information leakage channels that arise due to various types of side electromagnetic radiation (EMR) of the TSPI:

· radiation of TSPI elements;

· radiation at operating frequencies of high-frequency (HF) generators of the TSPI;

· radiation at self-excitation frequencies of low-frequency amplifiers (LFA) of the TSPI.

Electromagnetic radiation of TSPI elements.In the TSPI, the information carrier is an electric current, the parameters of which (current strength, voltage, frequency and phase) change according to the law of the information signal. When an electric current passes through the current-carrying elements of the TSPI, an electric and magnetic field arises around them (in the surrounding space). Due to this, the elements of the TSPI can be considered as emitters of an electromagnetic field modulated according to the law of change in the information signal.

Electromagnetic radiation at the operating frequencies of the HF generators of the TSPI and VTSS.The TSPI and VTSS may include various types of high-frequency generators. Such devices include: master oscillators, clock frequency generators, erasure and magnetization generators of tape recorders, heterodynes of radio and television receivers, generators of measuring instruments, etc.

As a result of external influences of the information signal (for example, electromagnetic oscillations), electrical signals are induced on the elements of the high-frequency generators. The receiver of the magnetic field can be the inductance coils of the oscillatory circuits, chokes in the power supply circuits, etc. The receiver of the electric field is the wires of the high-frequency circuits and other elements. Induced electrical signals can cause unintentional modulation of the generators' own high-frequency oscillations. These modulated high-frequency oscillations are emitted into the surrounding space.

Electromagnetic radiation at the frequencies of self-excitation of the ULF TSPI.Self-excitation of the ULF TSPI (for example, amplifiers of sound reinforcement and sound accompaniment systems, tape recorders, public address systems, etc.) is possible due to random transformations of negative feedback (inductive or capacitive) into parasitic positive feedback, which leads to the amplifier switching from the amplification mode to the signal autogeneration mode. The self-excitation frequency lies within the operating frequencies of the nonlinear elements of the ULF (for example, semiconductor devices, vacuum tubes, etc.). The signal at the self-excitation frequencies, as a rule, turns out to be a modulated information signal. Self-excitation is observed mainly when the ULF is switched to a nonlinear operating mode, i.e. to an overload mode.

Interception of side electromagnetic emissions of the ULF is carried out by means of radio and radio-technical reconnaissance located outside the controlled zone.

The zone in which it is possible to intercept (with the help of a reconnaissance receiver) side electromagnetic emissions and subsequently decipher the information contained in them (i.e. the zone within which the ratio «information signal/interference» exceeds the permissible standard value) is called (dangerous) zone 2.

Electrical information leakage channels

The causes of the occurrence of electrical information leakage channels can be:

· interference of electromagnetic emissions of the TSPI on the connecting lines of the VTSS and extraneous conductors extending beyond the controlled zone;

· leakage of information signals into the power supply circuits of the TSPI;

· leakage of information signals into the grounding circuits of the TSPI.

Interference of electromagnetic radiation of the TSPIarise when elements of the TSPI (including their connecting lines) emit information signals, as well as in the presence of galvanic coupling between the TSPI connecting lines and extraneous conductors or VTSS lines. The level of induced signals largely depends on the power of the emitted signals, the distance to the conductors, and the length of the combined path of the TSPI connecting lines and extraneous conductors.

The space around the TSPI, within which an information signal above the permissible (standardized) level is induced on random antennas, is called (dangerous) zone 1.

A random antenna is a VTSS circuit or extraneous conductors capable of receiving side electromagnetic radiation.

Random antennas can be concentrated and distributed. Concentratedrandom antenna is a compact technical device, such as a telephone, a loudspeaker of a radio broadcasting network, etc. distributed random antennas include random antennas with distributed parameters: cables, wires, metal pipes and other conductive communications.

Leakage of information signals into power supply circuitspossible if there is a magnetic connection between the output transformer of the amplifier (e.g., the low-frequency power amplifier) ​​and the transformer of the rectifier. In addition, the currents of the amplified information signals are closed through the power supply, creating a voltage drop on its internal resistance, which, if there is insufficient attenuation in the filter of the rectifier, can be detected in the power supply line. The information signal can also penetrate into the power supply circuits as a result of the fact that the average value of the current consumed in the final stages of the amplifiers depends to a greater or lesser extent on the amplitude of the information signal, which creates an uneven load on the rectifier and leads to a change in the current consumed according to the law of change in the information signal.

Leakage of information signals into grounding circuits.In addition to the grounding conductors used for direct connection of the TSPI to the grounding circuit, various conductors extending beyond the controlled area may have a galvanic connection to the ground. These include the neutral wire of the power supply network, screens (metal sheaths) of connecting cables, metal pipes of heating and water supply systems, metal reinforcement of reinforced concrete structures, etc. All these conductors, together with the grounding device, form a branched grounding system to which information signals can be induced. In addition, an electromagnetic field arises in the soil around the grounding device, which is also a source of information.

Interception of information signals via electrical leakage channels is possible by direct connection to the VTSS connecting lines and extraneous conductors passing through the premises where the TSPI are installed, as well as to their power supply and grounding systems. For these purposes, special means of radio and radio-technical intelligence, as well as special measuring equipment, are used.

Removal of information using hardware bugs.In recent years, there have been more frequent cases of interception of information processed in TSPI by installing electronic devices for intercepting information — bugs.

Electronic devices for intercepting information installed in TSPI are sometimes called hardware bugs. They are mini-transmitters whose radiation is modulated by an information signal. Most often, bugs are installed in TSPI of foreign manufacture, but they can also be installed in domestic devices.

Information intercepted with the help of bugs is either directly transmitted via radio channel, or first recorded on a special storage device, and then, upon command, transmitted to the object that requested it.

Parametric channel of information leakage

Interception of information processed in technical means is also possible by their “high-frequency irradiation”. When the irradiating electromagnetic field interacts with the elements of the TSPI, the electromagnetic field is re-radiated. In some cases, this secondary radiation is modulated by the information signal. When reading information, to eliminate the mutual influence of the irradiating and re-radiated signals, their time or frequency decoupling can be used. For example, pulse signals can be used to irradiate the TSPI.

When re-radiated, the signal parameters change. Therefore, this information leakage channel is often called parametric.

To intercept information via this channel, special high-frequency generators with antennas that have narrow directional patterns and special radio receiving devices are required.

After processing in the TSPI, information can be transmitted via communication channels, where it can also be intercepted.

Currently, HF, VHF, radio relay, tropospheric and space communication channels, as well as cable and fiber-optic communication lines are mainly used to transmit information. Depending on the type of communication channels, technical channels for intercepting information can be divided into electromagnetic, electrical and inductive.

High-frequency electromagnetic radiation from communication transmitters, modulated by an information signal, can be intercepted by portable radio reconnaissance equipment and, if necessary, transmitted to the processing center for decoding.

This channel for intercepting information is most widely used for listening to telephone conversations conducted via radio telephones, cell phones, or radio relay and satellite communication lines.

The electrical channel for intercepting information transmitted via cable communication lines involves contact connection of reconnaissance equipment to cable communication lines.

The simplest method is a direct parallel connection to the communication line. But this fact is easily detected, since it leads to a change in the characteristics of the communication line due to a drop in voltage.

Therefore, reconnaissance equipment is connected to the communication line either through a matching device, which somewhat reduces the voltage drop, or through special devices for compensating for the voltage drop. In the latter case, the reconnaissance equipment and the device for compensating for the voltage drop are connected to the communication line in series, which significantly complicates the detection of the fact of unauthorized connection to it.

The contact method is used mainly to remove information from coaxial and low-frequency communication cables. For cables in which increased air pressure is maintained, devices are used that prevent its reduction, as a result of which the activation of a special alarm is prevented.

The electric channel is most often used to intercept telephone conversations. In this case, the intercepted information can be directly recorded on a dictaphone or transmitted via a radio channel to a receiving point for its recording and analysis. Devices connected to telephone lines and integrated with devices for transmitting information via a radio channel are often called telephone bugs.

In case of using signal devices for monitoring the integrity of the communication line, its active and reactive resistance, the fact of contact connection of reconnaissance equipment to it will be detected. Therefore, special services most often use an inductive channel for intercepting information, which does not require contact connection to communication channels. This channel uses the effect of the emergence of an electromagnetic field around the communication cable when information electrical signals pass through it, which are intercepted by special inductive sensors. Inductive sensors are used mainly for reading information from symmetrical high-frequency cables. The signals from the sensors are amplified, frequency division of the channels is performed, and the information transmitted via individual channels is recorded on a tape recorder or the high-frequency signal is recorded on a special tape recorder.

Modern induction sensors are capable of reading information from cables protected not only by insulation, but also by double armor made of steel tape and steel wire tightly wrapped around the cable.

Special low-frequency amplifiers equipped with magnetic antennas can be used for contactless reading of information from unprotected telephone lines.

Some means of contactless reading of information transmitted via communication channels can be combined with radio transmitters for retransmission to the processing center.