Determination of the maximum value of a dangerous signal induced by a personal computer and a local area network into the power supply network.

opredelenie predelnoi velichini opasnogo signala navodimo

Determination of the maximum value of a dangerous signal induced by a personal computer and a local area network into the power supply network.

Determination of the maximum value of a dangerous signal induced by a personal computer and a local area network into the power supply network

Determination of the maximum value of a dangerous signal induced by a personal computer and a local area network into the power supply network

The considerable length of power supply networks, the variety of possible configurations of their connections, and the relative freedom of access to them make the task of protecting information processed in PCs and LANs from leakage through these networks very urgent. This problem is especially acute for organizations renting one or more rooms in buildings where other companies, including competing ones, are located. The authors of the article propose a practical method for solving this problem, allowing you to plan the necessary measures to protect information even in conditions where it is not possible to measure the physical parameters of the leakage channel

Information signal leakage through power supply circuits can occur in various ways. For example, electromagnetic connections may arise between two electrical circuits located at some distance from each other, creating objective prerequisites for the appearance of an information signal in the power supply circuits of computing equipment (CE) objects that are not intended to transmit this signal and potentially forming uncontrolled information leakage channels. These processes are called interference and imply the transfer of energy from one device to another, not provided for by circuit or design solutions.

Characteristics of parasitic interference

In the literature, interference is considered as a combination of three elements: a source, a receiver, and parasitic coupling between them. In relation to the problem under consideration, the sources of interference are devices in which the information signal is processed; receivers are power supply circuits that act as a conductive medium that goes beyond the controlled territory and at the same time represent a dangerous channel for leakage of information processed by the PC and LAN.

The main danger of parasitic interference is the possibility of creating several sources of information signal and parasitic coupling in many circuits simultaneously. In most radio electronic systems and means of military equipment, the secondary power supply (SPS) and the power distribution system are common to many elements, blocks and units. In accordance with ideal requirements, the purpose of the power distribution system is to provide all loads (circuits and devices) with the most stable voltage under conditions of changing currents consumed by them. In addition, any AC signal arising in the load should not create AC voltage on the power buses. That is, in the ideal case, the SPS is an EMF generator with zero impedance. However, real VIPs and power conductors do not have zero resistance, which ultimately leads to the following: when processing confidential information, currents of information signals flow in the elements of circuits, structures, supply and connecting wires of the cybersecurity equipment, which are formed as a result of the mutual influence of active and passive elements and devices during their operation (nonlinear signal conversion in circuits with a wide frequency spectrum and significant changes in pulse voltages and currents; reflection of signals in the corresponding communication lines due to heterogeneity and inconsistency of loads; interference from external electromagnetic fields). Information leakage during the operation of cybersecurity equipment is also possible either through direct radiation and guidance of information pulses circulating between functionally complete nodes and blocks, or by means of high-frequency electromagnetic signals modulated by information pulses and capable of self-guiding to wires and common power supply buses through parasitic connections.

Parasitic connections

There are several types of parasitic connections: capacitive; inductive; through: common impedance, common wire, electromagnetic field. The occurrence of certain connections is due to the circuit and design of the personal computer and local area network used for information processing, as well as the circuit design of the power supply system of the computer equipment object. Fig. 1 shows a possible option for transmitting information signals in the power supply circuit. Inside the computer equipment (in this case, the personal computer), information signals, circulating in the information circuits, through parasitic capacitive and inductive connections, through common resistance and electromagnetic field are induced on the power supply circuits directly, going beyond the body of the computer equipment through the VIP.

Fig. 1. Scheme of distribution of information signal through the power supply network

Between the source of confidential information in the data processing device circuit and the power supply network, there may be 4 types of electromagnetic connections through:

• electric field;

• magnetic field;

• electromagnetic field;

• wires connecting 2 electrical circuits.

The occurrence of possible information leakage channels depends on the relative position of information boards, VIPs, and power supply circuits. For example, near a working PC there are quasi-static magnetic and electric fields that rapidly decrease with distance, but cause interference on any conductive circuits (metal pipes, telephone wires, power lines, etc.). They are significant at frequencies from tens of kHz to tens of MHz. With increasing distance, connections through nearby electric and magnetic fields disappear, then connection through the electromagnetic field and at greater distances affects connection via wires.

opredelenie predelnoi velichini opasnogo signala navodimo 2

Fig. 2. Radiation of the source of the informative signal

The radiation from the «information source — power line» system is close in its operating mode to a random antenna (Fig. 2), the parameters of which depend on the configuration and length of the power supply lines. The spread of parameters for different schemes can be quite large and, therefore, the parameters of such a random antenna in the frequency range of the narrow-band pulse spectrum used in modern personal computers can be very different.

To determine the nature and frequency range in which information leakage channels from the network may appear, it is more appropriate to use the method of practical measurement of such characteristics of a specific number of information processing facilities and the results obtained.

Knowledge of the maximum values ​​of a dangerous signal in the power supply network allows planning the necessary measures to organize the protection of confidential information processed by a PC and LAN, even in conditions when it is not possible to measure it.

Experimental measurements

For this purpose, to determine the degree of susceptibility of power supply circuits to PC and LAN emissions, an experiment was carried out in which the values ​​of interference levels from 100 randomly selected IBM PC PCs of various generations (286-Pentium) and 12 Arsnet LANs were measured. The maximum values ​​of dangerous signals were obtained, which are the upper limits of confidence intervals, allowing us to assert that any PC or LAN chosen in advance will, with a high probability, not have interference levels outside this interval.

For the PC, a test was launched by a specific program with a clock frequency of 12.5 MHz and a pulse duration of 0.04 μs. For the LAN, a test of multiple transmissions from the workstation to the server was launched by a special program with a clock frequency of 2.5 MHz and a pulse duration of 100 ns. Measurement errors were no more than 5% of the average weighted level of the measured value over the entire frequency range.

When analyzing the measurement results, it was found that PCs with earlier generations of processors (8086-80286 — «old» PCs), due to their design features (low processor clock frequency), have a maximum signal level at the test signal clock frequency (12.5 MHz) and then a tendency for it to decrease. In PCs of later generations (IBM PC AT 386-Pentium — «new» PCs), the signal spectrum shifts to a higher frequency region and the main signal power is concentrated on higher harmonics of the test signal. In addition, «new» PCs use built-in filters of power supply circuits, which ensures a lower level of dangerous signal compared to «old» ones. Based on this, the measurement data were divided into 2 arrays, taking into account the PC generation. The first array included the results of measurements of the induced dangerous signal from the IBM XT and AT-286 personal computers, and the second array included the more modern IBM AT 386-486-Pentium personal computers.

Since the experimental data were not obtained at all the expected measurement frequencies due to the absence of signals or too low signal levels compared to the existing noise, in each array they were summarized into samples by summation intervals determined by the expression DF = 1/t. For them, statistical estimates of the initial moment of the random variable X were determined, which was understood as the value of the level of the dangerous signal induced in the power supply circuits of a specific PC at a given frequency.

The results of determining the belonging of these samples to any distribution law (according to the Pearson c2 goodness-of-fit criterion) showed that the studied arrays of samples with a probability of 0.8 and 0.75 belong to the exponential distribution law.

opredelenie predelnoi velichini opasnogo signala navodimo 3

Fig. 3. The maximum value of a dangerous signal induced by «old» and «new» PCs

The next step was to determine the upper limits of the confidence intervals of the frequency sample arrays with a probability of 5%, shown in the graph (Fig. 3), where the upper limit of the confidence interval for the «old» PCs is shown by the upper dotted curve, for the «new» ones — by the lower curve.

For ease of further use, the values ​​​​are presented in dB (relative to 1 μV). It follows from the graph that the maximum level of a dangerous signal, determined by the upper limit of the confidence intervals of all samples of both arrays, tends to decrease its level with increasing frequency.

Thus, it is most expedient to carry out further protective measures, focusing on the majority of PCs with interference levels within the five percent confidence interval. Those PCs that have interference levels outside this interval must be protected using individual additional protective measures or not allowed to process confidential information on them at all.

In view of the significant connection between interference levels and the length of the joint installation of LAN lines with power supply circuits, which is not always amenable to accounting, when planning protective measures for the Arsnet LAN, one should focus on the maximum values ​​of dangerous signals obtained as a result of the experiment and presented in Fig. 4.

opredelenie predelnoi velichini opasnogo signala navodimo 4

Fig. 4. Maximum value of dangerous signal induced by LAN

Мы используем cookie-файлы для наилучшего представления нашего сайта. Продолжая использовать этот сайт, вы соглашаетесь с использованием cookie-файлов.
Принять