On the issue of increasing the level of information protection from leakage from technical means.

On the issue of increasing the level of information protection from leakage from technical means.

Dorokhov Stanislav Vasilyevich

Source: magazine «Special Equipment»

When discussing confidential information in any premises, there is always a possibility of its leakage due to the conversion of sound pressure into electrical signals by various elements of technical means located in this room. These are, as a rule, analog and digital telephone sets of the PBX and GATS, loudspeakers of the warning system, 3-program receivers, secondary electric clocks, etc.

Electrical signals of speech information through the circuits of the specified technical means go beyond the premises and can be received at significant distances.

Reception can be carried out either by directly listening to them at the output of the low-frequency amplifier, or by high-frequency probing along the specified circuits with subsequent detection.

The article examines the existing level of information protection from leakage of the above-mentioned means of protection (MSP) and formulates recommendations for its improvement.

Note that for analog and digital telephones, the MPPs considered protect confidential information in call waiting mode.

Passive and active means of protection are used to block this leakage channel. The first samples used either passive or active means of protection. For example, purely passive means of protection (PPP) are the products «Granit-8M», «Korund», and active means of protection (APP) are «Granit-12». Both PSP and ASP have their own characteristic advantages and disadvantages.

The advantages of PSP are:

1. Relative simplicity of the electrical circuit and small dimensions.
2. PSP does not require power sources.
3. PSZ are included in the break of the TSPI circuits and, therefore, the failure of some elements of the electrical circuit is detected during operation.
4. Relatively low cost.

The disadvantages of PSZ are:

1. The lack of operational control of proper operation leads to the need to carry out routine maintenance, which requires disconnecting the PSS and using complex and expensive measuring equipment during the measurement process. As a result, the costs of these works, taking into account the payment for technical personnel, are many times higher than the cost of the PSS itself, and, consequently, the cost of protecting information from leakage increases sharply.
2. In the interval between routine maintenance, there is a risk of deliberately bypassing the PSS (short-circuiting) or replacing it with an externally indistinguishable dummy.
3. The possibility of a sharp decrease in its special properties with active methods of influence, for example, when applying a high-frequency signal to it.

The advantages of the ASZ are:

1. Possibility of constructing an APS with a built-in continuous monitoring scheme for its operability, which dramatically reduces or completely eliminates operating costs.
2. Possibility of constructing an APS that is resistant to active impacts, in which its protective properties are fully preserved.
3. Impossibility of undetectable bypass, blocking or reduction of the APS protective properties.

The disadvantages of an APS are:

1. Relative complexity of the electrical circuit. To ensure that the operation of the APS cannot be blocked by breaking the power supply circuit, the APS must have a guaranteed power source or a backup battery, the capacity of which should be sufficient for several days of continuous operation.
2. Higher cost compared to the PSZ.

From the analysis of the advantages and disadvantages of the PSZ and APS, it is easy to see that the optimal SZ can be built based on their combination. In addition, to guarantee the exclusion of information leakage, it is very useful to have two lines of defense.

The following requirements should be imposed on combined SNVs:

1. As part of a combined SNV, it is advisable to use a PSZ with detectable failures and an ASZ with a circuit for signaling correct operation and a guaranteed power source.
2. PSZs should be connected in the break of the TSPI circuits, and the ASZ should be connected in parallel to them.
3. Prospective information protection systems should, as a rule, have two lines of information protection against leakage, representing an optimal combination of ASZ and PSZ in order to completely exclude or maximally complicate its interception. The costs of intercepting information should be economically disadvantageous in comparison with the costs of its protection.
4. The cost of information protection should be determined mainly by the cost of the information protection system, and not by the cost of its operation.

The optimal solution is a complete absence of the need for any preventive maintenance and inspections throughout the entire service life of the information protection system.

The products «Korund», «Granit-8M», «Buket», «MP-3» and «MP-5» are PSZ. The product «Korund» is the simplest PSZ, the only function of which is to protect information from leakage in the presence of the acoustoelectric effect in analog 2-wire TA. The operating principle is suppression of the information signal by 80 dB using a diode-capacitive divider.

The products «Granit-8M» and «Buket» are analogs of each other and simultaneously perform the functions of the product «Korund», and also introduce attenuation for high-frequency signals in the frequency band of 30 kHz — 30 MHz ? 70 dB.

The product «Gran-300» in the call waiting mode at frequencies of 300 Hz — 32 MHz introduces attenuation in the acoustoelectric signal of at least 60 dB and additionally blocks the TA in the event that the handset of any parallel TA was previously picked up.

The MP-3 product eliminates information leakage along the TSPI power supply circuit when exposed to acoustic impact and the supply voltage is disconnected. Note that, unlike the products discussed above, which provide the necessary attenuation for the information signal using only one circuit, the MP-3 product simultaneously implements both a power supply circuit break using relay contacts and attenuation using a diode-capacitive circuit, which together provides attenuation at a frequency of f =1 kHz more than 90 dB. The interval of scheduled maintenance is determined only by the probability of abnormal closure of the relay contacts. All other faults are detectable.

The product «MP-5» is designed to protect the loudspeakers of the warning system or single-program receivers from leakage of acoustic signals of the room through them. In the absence of warning signals (or broadcast signals), the loudspeaker is switched off using the relay contacts. When a standard signal appears after a time t =5 ms the loudspeaker is switched on and this state is maintained if t pause ? 10 s. With these parameters, the MP-5 product does not affect the quality of the message. When the loudspeaker is switched off, the acoustoelectric signal measured at a frequency of f = 1 kHz undergoes attenuation of ? 90 dB before reaching the broadcast line, which eliminates information leakage from the room along the broadcast chain.

The MP-4 product is an ACZ, and the MP-1A, MP-1C, MP-2, MP-6 and MP-7 products are include both ASZ and PSZ.

The MP-4 product is a masking interference generator with an optical control circuit for its operation, which is triggered every 2 minutes and indicates proper operation by briefly lighting the LED. The circuit is very economical. The continuous operation time from a Krona battery is ? 10,000 h. Operating costs — battery replacement once a year.

The MP-1A and MP-1C products protect information from leakage from analog and digital telephones in call waiting mode, respectively. They simultaneously use both PSZ and ASZ. The PSZ are built on the principle of the Granit-8 product, and the ASZ are built on the principle of the Granit-11 and Granit-12 products. An essential feature of the MP-1A and MP1-1C products is that they is that, surpassing the specified products of the «Granit» type in all special parameters, they are an order of magnitude or more better in terms of weight and size characteristics and power consumption, which allows them to be placed inside telephone sockets of various types. Operating costs for the «MP-1A» product are not required, and for the «MP-1C» product they are reduced to periodic audio monitoring of the presence of MP in the subscriber line.

The MP-2 product includes a PSZ (disconnection of the 3-program receiver from the broadcast line using relay contacts) and an ASZ (MP generator) to create a second line of defense. Operating costs — periodic monitoring of the MP level and shape in the control socket.

The MP-6 product is a further development of the protection system based on the MP-1A and MP-1C. It is universal and can be used to protect both analog and digital telephones. During normal operation of the MP-6 product from the subscriber line, the backup power source (Krona battery) is not used. If the subscriber line is broken, the product automatically switches to power from the Krona battery. The continuous operation time from the Krona battery is 1500 h. The presence of an optical control circuit for the MP and the state of the battery discharge reduces operating costs to virtually zero, since the battery life is up to 5 years.The MP-7 product is in the final stage of development. It is based on the MP-6 product with the addition of a function for protecting loudspeaker circuits of telephone sets. The functional diagram of the MP-7 product and its design as an autonomous universal device (several modifications are possible) for various types of analog and digital telephone sets are subject to final selection.

Based on the above, the following recommendations can be briefly formulated for increasing the level of information protection from leakage from the considered TSPI while simultaneously reducing operating costs.

1. Promising are the SPs that can minimize the costs of protecting information from leakage during the operation of certain TSPI.
2. Efficient information protection from leakage requires at least two lines of defense. The optimal combination is a combination in the protection device of both a PSZ with detectable element failures or their redundancy and an ASZ with minimization of power consumption, dimensions, weight, signaling of correct operation and its own backup power source.

The recommendations presented are of a general nature and can be useful in the development of PSZ and ASZ and for other types of TSPI.