PEMIN.
author: Arkady Veits
Why PEMIN?
|
The tasks of information security are so diverse, and their solution raises so many problems that managers and technical specialists in information security departments sometimes find it difficult to set priorities.
It is necessary to deal with organizational issues of office work, physical security and control of allocated premises, protection from unauthorized access to production, personal computers and network servers, search for and elimination of special electronic devices for covert information collection (so-called «bookmarks»), soundproofing and vibration protection.
Just listing the tasks would take too much time.
At the same time, insufficient attention is often paid to the detection and closure of possible «natural» technical channels for information leakage.
It is estimated that no more than 1-2 percent of data stored and processed on personal computers and other technical means of information transmission (TMI) can be intercepted via the PEMIN (side electromagnetic radiation and interference) channel.
At first glance, it may seem that this channel is really less dangerous than, for example, the acoustic channel, through which up to 100% of speech information circulating in a room can leak.
However, we must not forget that at present almost all information containing state secrets or commercial, technological secrets undergoes the stage of processing on personal computers.
The specificity of the PEMIN channel is such that those same two percent of information vulnerable to technical means of interception are data entered from the computer keyboard or displayed on the monitor, that is, paradoxically, a very significant part of the information subject to protection may be accessible to prying eyes.
Our enemy
It is traditionally believed that intercepting PEMIN and extracting useful information is a very labor-intensive and expensive task, requiring the use of complex specialized equipment.
Methods for monitoring the effectiveness of protection of information technology objects were created based on the enemy's use of so-called optimal receivers.
At the time when these documents were developed, receiving devices that approached optimal characteristics were bulky, weighed several tons, and were cooled with liquid nitrogen…
It is clear that only technical intelligence services of highly developed countries could afford such means. They were also considered the main (and perhaps the only) enemy.
But life does not stand still.
Reconnaissance radio equipment is developing towards miniaturization and cheapening, and the objects of attack are no longer concentrated in restricted, well-guarded enterprises behind high fences with barbed wire.
Today, all companies without exception have workstations equipped with personal computers, and many of them process data that must be protected. And many can try to illegally intercept them, including via the PEMIN channel.
These include competitors, criminals, and various «security companies»
Unfortunately, they have the ability to do this.
The weapon of crime is a household radio
Many people half-jokingly call a personal computer monitor a television. And indeed, displays with a cathode-ray tube are in many ways similar to televisions.
Early models of domestic (and foreign) graphic monitors were simply converted from color television receivers. Later, interlaced scanning was replaced with progressive scanning in monitors, the frame rate was increased, but the operating principle and the characteristic form of video signals, of course, did not undergo significant changes.
Electromagnetic fields that arise near the conductors through which the video signal is fed to the monitor's kinescope are side electromagnetic radiation.
And they can often be intercepted using a regular television receiver placed several meters away from the personal computer monitor. The image clarity may be sufficient for reading text.
Radio receivers with a bandwidth of 8-10 MHz and a sensitivity of about 10 nV (for example, measuring receivers of accuracy class I) allow interception of information displayed on the monitor from a significantly greater distance, and the use of various algorithms for filtering signals and accumulating information sharply increases the clarity of the image.
A personal computer has a large number of generators of periodic signals modulated by information. And most of them can be detected on the air or in the power supply network without resorting to highly sensitive radio receivers.
There are programs that directly use PEMIN to transmit information stored in the computer.
Unbeknownst to the user, they find files on disks, for example, containing specified keywords, and transmit them letter by letter into the air, modulating one of the generators, for example, a keyboard controller.
A household radio receiver can be used to retrieve information, and a personal computer with a sound card can be used to restore the original text.
The price of such a «reconnaissance complex» does not exceed several thousand US dollars. And the «spy program» can get into the «client's» computer in many different ways — together with a multimedia presentation received on a CD at an exhibition, from the Internet, from your own employees, in the end…
Health is more important
Along with underestimating the danger of information leakage via the PEMIN channel, there is also the opposite problem: excessive measures taken to prevent possible interception of information. And often, enterprises that certify information technology facilities do information security departments a «disservice» by issuing orders for the operation of TSPI with deliberately inflated sizes of controlled zones.
Without the ability to provide controlled zones of the specified sizes, employees of special departments are forced to protect technical equipment with noise generators.
Sometimes the required power of noise generators exceeds sanitary standards, and the operation of facilities protected in this way can be dangerous to the health of personnel.
The reasons for issuing orders for operation with zone values greater than the actual reconnaissance accessibility zone are rooted both in the understandable desire of special laboratories to «play it safe», and in gross violations of the methodology for conducting special research, errors by research engineers, and the notorious «human factor».
Automation of the process of conducting the PEMIN measurement was intended to minimize the probability of error. Unfortunately, this is not always possible.
Pitfalls of automation
As long as the methodology for conducting special studies has existed, attempts have been made to delegate this work to machines.
Since the measurements themselves are reduced to simply measuring the signal levels that arose when a special test mode of the TSPI was turned on, the first automatic systems created in the 1970s and later performed exactly this routine procedure: they recorded the background noise levels when the test mode was turned off, and then found and measured the signal levels that exceeded the noise when the test mode was turned on.
Then the research engineers had to check the table of measured levels and leave only the information-colored signals in it. However, as is known, the levels of etheric noise are not constant over time. Numerous sources of interference are turned on and off, the characteristics of the Earth's ionosphere change…
More or less accurate results of automatic measurements can only be obtained in an anechoic shielded chamber, but such chambers are expensive and few can afford them. But even in the chamber, the number of non-information signals that arise when the test mode of the TSPI is switched on is depressingly high.
And again, an operator error in not excluding a non-hazardous high-level signal can lead to a significant increase in the calculated size of the controlled zone.
The emergence of measuring complexes that automatically search for information-colored signals and do not require manual verification of measurement results significantly reduces the possible influence of the «human factor».
Such, among others, are the «Legend» complexes for conducting special studies, developed by our company.
And, although «Legend» — a kind of «pioneer» of a new generation, we are making every effort to improve this product. We hope we are doing a good job.