Masking of information emissions from computer equipment.

Masking of information radiation from computing equipment.

Masking of information radiation from computing equipment

In recent years, much attention has been paid to the protection of commercial and secret information processed using computer technology. Information leakage can occur both through unauthorized access to computer databases and through the interception of secondary electromagnetic radiation (SEMR) from electronic computing equipment.

In the latter case, sensitive electronic equipment can receive PEMI and fully restore the information processed by the computer. The frequency range of information emissions extends from tens of kilohertz to gigahertz and higher and is determined by the clock frequency of the computing equipment used. For example, for monitors, information can be intercepted at frequencies up to 10-15 harmonics of the clock frequency, but the maximum of information emissions usually falls in the ranges of 100-350 MHz. It should be borne in mind that information can be intercepted at each harmonic of the clock frequency emitted into space with sufficient intensity.

The first experiments on intercepting PEMI and restoring information were conducted with the participation of one of the authors in 1981-83. The receiver for visual control of monitor radiation was built on the basis of a household TV set «Elektronika-100» with minimal modification of the electrical circuit. Even such a simple device allowed intercepting side radiation with full restoration of information on the TV screen at a distance of 100-150 m. The device itself could be placed in a briefcase and was powered by a car battery.

These experiments allowed to refute the opinion of some specialists, which consisted in the fact that the simultaneous operation of several computers would make it impossible to receive and restore information due to the mutual interference effect of their radiation on the operation of the receiving device. It turned out that on the screen of the television device it was possible to consistently read text information from any of 10-15 simultaneously operating monitors or constantly read information from one of them. At the same time, at one of the enterprises the reception and complete restoration of information from a monitor at a distance of 20 m from a completely shielded room was demonstrated.

In addition to electromagnetic radiation, quasi-static information magnetic and electric fields are always present near computing devices, rapidly decreasing with distance, but causing interference to nearby outgoing circuits (security alarms, telephone wires, power supply networks, metal pipes, etc.). Such fields are significant at frequencies from tens of kilohertz to tens of megahertz. In this case, interception of information is possible with direct connection of receiving equipment to these communications outside the protected area.

The most dangerous computing devices from the point of view of information leakage via PEMI are monitors with television-type image scanning. The use of cryptographic protection methods is possible only during inter-machine exchange of information or during its processing and is not used when outputting information to end devices (display, printer, storage device).

According to foreign sources, when 10-20% of commercial information ends up with competitors, this most often leads to the bankruptcy of the company. Domestic bankers and entrepreneurs often focus on physical security, not attaching due importance to issues of protection against information leakage via radio engineering channels during its processing using computing equipment.

A leak of classified information in military-industrial complex organizations can lead to a decrease in the country's defense capability, since new high-tech technologies and technical solutions used in the development of military equipment become known to potential adversaries long before the development is completed. And imported computers and network equipment protected from information leakage due to PEMI are practically not supplied to Russia.

Along with organizational, software, and cryptographic methods of protecting information to eliminate the possibility of interception via electromagnetic radiation, the following technical options are used:

• modification of computing devices to minimize radiation;

• electromagnetic shielding of devices or rooms in which computing equipment is located;

• active radio-technical camouflage.

Upgrading of computing devices can significantly reduce the level of information emissions, but it is not possible to completely eliminate them. The cost of performing these works is usually commensurate with the cost of the protected computing equipment. Properly performed electromagnetic shielding is a radical way to protect information from interception via a radio channel, but requires significant capital expenditures and regular monitoring of the shielding efficiency. In addition, complete electromagnetic shielding causes discomfort to the work of the personnel servicing the computing equipment, and it is usually not possible to create shielded rooms in the offices of commercial firms. Active radio masking of side electromagnetic emissions was proposed by specialists of the Institute of Radio Engineering and Electronics (IRE) of the Russian Academy of Sciences [1]. It consists of forming and emitting in the immediate vicinity of computing devices a broadband noise signal with a level exceeding the level of information emissions in the entire frequency range where these emissions occur, as well as in the implementation of interference (via the air), masking noise oscillations in the outgoing circuits.

To implement active radiotechnical masking of PEMI, a device is required that creates a noise electromagnetic field in the frequency range from tens of kilohertz to 1000 MHz with a spectral level significantly exceeding the levels of natural noise and information radiation of computing equipment.

The Special Design Bureau of the IRE RAS has developed and manufactured small-sized ultra-wideband transmitters of noise masking oscillations GSh-1000 and GSh-K-1000, which are a modernization of the well-known products «Shater-4».

Their development is based on the principle of nonlinear stochastization of oscillations, in which noise oscillations are realized in a self-oscillating system not as a result of fluctuations, but due to the internal complex nonlinear dynamics of the generator. The noise signal generated by the generator is emitted into space using an active antenna.

The spectral density of the emitted electromagnetic field is uniformly distributed over the frequency range and ensures the required excess of the masking signal over the information signal by a given number of times (as required by the regulatory documents of the State Technical Commission of Russia) at the boundaries of the controlled zone of objects of computing equipment of categories 1-3 on the air, and also induces a masking signal on outgoing low-current circuits and on the power supply network.

The statistical characteristics of the masking oscillations formed by the generator are close to the characteristics of normal white noise.

Fig. 3

The operating frequency range of noise generators is 0.01-1000 MHz. The spectral characteristics of both models under consideration are identical and are shown in Fig. 3 and 4. They also show spectrograms of side information emissions from some of the most frequently used computing equipment.

Fig. 4

The noise generators have an ultra-wideband weakly directional antenna with a directivity factor of approximately 2 and form an electromagnetic noise field (EMNF) with polarization close to circular.

The levels of the generated electromagnetic field do not exceed the medical and biological standards for service personnel in accordance with GOST 12.1.006-84, and also have a constantly operating (for GSh-1000 light, and for GSh-K-1000 light and sound) indication of the normal operating mode with the possibility of additional connection of executive (for example, blocking) devices.

The power consumption of noise generators is about 5.0 W, the weight is no more than 1.2 kg for GSh-1000 and 0.5 kg for GSh-K-1000.

Noise generators form a random process with a normalized quality factor of the electromagnetic field of at least 0.87 with a minimum value of 0.8 established by regulatory documents of the State Technical Commission of Russia for first-category computing equipment.

Compared to similar products such as «Gnome», «Sphere») GSS, «Smog», «Octava», the noise generators in question have the advantage of having an increased quality factor of the masking signal, form a noise electromagnetic field with circular polarization, have smaller dimensions and weight, and are more convenient to operate.

The noise generators are located at a distance of 1-2.5 m from the computing devices (GSh-1000) or are built into a personal computer (GSh-K-1000) and provide reliable masking of information emissions from currently existing printers, plotters, input-output ports, monitors, floppy disk drives, hard disk drives, network devices, RAM, etc., as well as masking of information induced over the air to outgoing circuits. This conclusion is confirmed by the results of measuring the ratio of the spectral level of information emissions from computing equipment to the level of the spectral density of the formed noise (interference) field (Figs. 3 and 4), as well as the results of the operation of the noise generators in question on many (more than 200) computing objects.

Each generator provides masking of equipment located on an area of ​​about 50 m^ in larger rooms it is necessary to install several noise generators.

The intensity of the emitted masking signal does not exceed the permissible standards for industrial radio interference, so no approval from the radio monitoring service is required for the installation of noise generators. At the same time, the generators do not affect the operation of the computing equipment itself and do not have a harmful effect on the service personnel. They can be installed and turned on without any labor-intensive installation work and do not require qualified maintenance.

When installing PEMI masking devices, you only need to make sure that the protective measures are sufficient, which requires the short-term involvement of specialists with the appropriate measuring equipment.

The noise generators are certified by the State Technical Commission of Russia for information security requirements, as well as for the compliance of the formed electromagnetic field with medical and biological standards for service personnel.