Problems of optimizing the process of instrumental control of information processing equipment.
Goryachev Sergey Vyacheslavovich
PROBLEMS OF OPTIMIZING THE PROCESS OF INSTRUMENTAL CONTROL OF INFORMATION PROCESSING EQUIPMENT
Source: journal «Special Equipment»
When determining the possibility of using certain technical means to process information that constitutes a secret (state, official, confidential, commercial), as is known, a whole series of tests are carried out to determine the possibility of this information reaching a potential enemy.
Issues related to the need to protect information depending on its value are discussed in detail in the pages of domestic and foreign press. This aspect is not considered within the framework of this publication. Let us consider the purely technical aspect of testing the technical means indicated above. Further, for simplicity, we will call these technical means the equipment that processes the information subject to protection, or the protected object.
Thus, one of the necessary types of testing of the protected object is instrumental control to determine the possibility of information processed by this equipment getting to third parties through the so-called technical leakage channels.
As the practice of carrying out such works shows, the process of instrumental control is constantly becoming more complex and the required volume of works is increasing. This is due to a number of reasons:
- improvement of measuring equipment for obtaining information, improvement of its technical characteristics in terms of sensitivity, frequency and dynamic ranges;
- complication of equipment processing information subject to protection, increase in data transfer rates, increase in the number of functional capabilities;
- improvement of scientific and methodological foundations of the process of obtaining information by a potential enemy and a number of other factors.
Over the last four decades, the process of studying objects of protection has become so complex qualitatively and has grown in volume that by now certain prerequisites for a crisis have matured. In this regard, the issue of the need to optimize the process of instrumental control and, in particular, the selection of criteria and the mechanism for this optimization is becoming very relevant.
Consideration of the issue of the possibility of information getting to third parties due to its leakage through technical channels is directly related to the issue of the technical leakage channel itself, its properties and features.
Without dwelling on this fundamental issue in detail, it is worth noting only a few points.
A technical leakage channel is understood to be a physical environment through which information (or its features) can, while spreading in space, reach an outsider and be recorded by his technical means. The mechanism of spreading is determined by known physical laws.
During the normal operation of the equipment, there are information transmission channels that are initially incorporated into its design at the development stage, and without which the normal process of creating, transmitting, storing, and processing information is impossible. These channels can be internal (internal interface buses, discrete elements of the product, galvanic elements, etc.) and external (connecting cables, data transmission channels) in relation to the equipment itself. Conventionally, they can be called functional channels.
To prevent information circulating through these channels from reaching a potential enemy, a number of organizational and technical methods are used. These include, for example, methods of protection against unauthorized access, methods of cryptographic protection. The main thing in this case is the fact that these channels are specially created, and their parameters are selected in such a way that information circulates in them in an optimal way without losses and distortions.
On the other hand, in the process of equipment operation, such channels appear that are not functionally built into it, but which are actually present due to the action of physical laws. In an elementary case, for example, the creation of an electric field around a conductor through which current flows.
Such channels are not functional and are called side channels in a number of sources.
Thus, summing up the above, we can state that in order to determine the possibility and conditions of information processing on this equipment, it is necessary to conduct a set of preliminary tests, during which it is necessary to find out the possibility of its leakage through side technical channels.
In determining the order of such work, we proceed from a number of premises.
Premise one.
Certain physical laws operate in the channel under consideration. Our consideration should not go beyond their scope.
Premise two.
The research must cover all possible leakage channels, and each channel must be considered in its entirety. Ideally, the researcher should not allow himself to miss anything that would lead to information leakage.
If we consider the order of testing equipment for temperature effects for comparison, then, as a rule, it is sufficient to conduct tests of its operation at boundary points to conclude that it can operate in the entire temperature range.
In our case, each point of the investigated range in all operating modes of the equipment must be tested. Moreover, this study can be of both instrumental and analytical nature.
Premise three.
The enemy's ability to extract information in a particular technical leak channel is limited by its technical capabilities. These include:
- sensitivity of the receiving recording device;
- frequency range;
- dynamic range;
- the ability to use certain technical means in various conditions.
Premise four.
When conducting research, we limit ourselves to certain safety criteria. These criteria are clearly defined by current regulatory and guidance documents. They depend on the type of information, its value, operating conditions, and a number of other conditions.
Premise five.
As a rule, when conducting tests, the researcher is limited by time frames. In the case of checking for the possibility of obtaining information processed by the equipment, the researcher puts himself in the place of a potential adversary, subject to compliance with his real capabilities.
When determining the number of possible technical leakage channels and the scope of their research, the following can be said.
The equipment under study must be used in the real physical world, in which, as has already been said above, universal physical laws and phenomena operate. These physical laws manifest themselves in the interaction of our object of protection with other objects. Moreover, our object, on the one hand, influences other objects, and on the other, is itself subject to their influence. (We can even talk abstractly about its interaction with the Moon and other cosmic bodies).
There are many purely physical characteristics of such interaction. As a result, we can talk about an infinite number of technical channels of information leakage processed by the equipment under study. The need for a detailed check of such a number of channels will obviously lead us to a dead end.
When considering the volume of research conducted, the following should be noted. The time that must be spent on conducting instrumental control in one technical leakage channel can be determined by the formula:
Tis = Tism + Tobr + Tper + Tan + Tpr,
where:
Tis– the total time required to perform instrumental testing in one technical leak channel;
Тизм – the total time required to perform measurements in the leak channel under study;
Тобр – the time to process measurement results;
Тпер – the time to transfer measurement results or primary processing results to the analyzing device;
Тан – the time to analyze the results according to any criterion and issue a decision;
Тпр– time of presentation of research results.
The measurement time is the sum of the total number of individual measurements in the entire working range of the leak channel under study:
where:
Ti – the time of a single measurement. This time is determined by the time of tuning the measuring device to the operating point (for example, the time of tuning the selective measuring receiver to the operating frequency under study) and the time of the measurement itself. This time, in turn, is determined by the technical characteristics of the measuring device, as well as the averaging time of the measurement selected during the experiment.
N– the total number of test points in the working range of the leak channel under test. This parameter is determined by the size of the working range, a number of technical conditions, such as the operating features of the equipment being tested, and the features of the leak channel under test. In each case, this parameter is determined individually.
The processing time Tobr is determined by the sum of two terms:
Tobr = Tobr1 + Tobr2,
where:
Tobr1 is the time of primary processing of measurement results;
Tobr2 is the time of secondary processing of results.
These two elements are present in any measuring system, both automated and “manual”. They are determined by the technical characteristics of the measuring device, the technical parameters of the counting and analyzing device, and the processing algorithm.
Result presentation time is the time required for visual display of measurement results and processing of results on electronic or paper media.
Analysis time is the time required for analyzing measurement and processing results and subsequent conclusion based on a certain criterion.
The time of transmission of measurement and processing results is determined by the protocol of information exchange via the communication interface organized in the given system. In existing automated measuring complexes, standard communication and instrument interfaces RS-232, IEC and others are used as such.
Let us consider, as an example, the simplest case of studying the amplitude-frequency spectrum of a signal from a pulse converter with a conversion frequency of 25 kHz of a power supply in the leakage channel “power supply network” in the frequency range of 10 Hz — 1 GHz using a typical automated complex built on the basis of a scanning receiver of the AR-3000 type. In practice, such a task arises in most cases when conducting research.
Without going into simple but tedious calculations, it can be shown that the number of frequency (working) points at which signal measurements need to be made is 40,000.
Having carried out calculations according to the formulas given above, we determine that the time required to carry out such a volume of measurements exceeds 30 hours.
If we are talking about a full examination of equipment that processes information subject to protection, we must remember that:
- it is necessary to investigate the possibility of information leakage in all possible leakage channels;
- research must be carried out in all possible operating modes of the equipment;
- when conducting research, it is necessary to analyze the presence of a leak in this channel not only of the information itself that is subject to protection, but also of the information by which it can be restored. For example, this could be key information during cryptographic processing, or signals of the original information transformed by some algorithm.
Even with a superficial examination of this problem, it becomes clear that its solution in full does not seem realistic. Thus, we cannot do without optimizing this process.
It should be said that the task of optimizing the process of equipment research is set from the very beginning. The current regulatory and methodological documents developed by the State Technical Commission of Russia, the Federal Agency for Government Communications and a number of other organizations define the optimization criteria in the methodological plan.
Within the framework of these documents:
- a specific list of all possible technical leakage channels is determined, in which it is necessary and sufficient to conduct research on the protected object;
- the maximum possible degree of excess of the signal possibly present in the channel over the noise in a specific leakage channel is determined for a specific type of signal and operating conditions of the protected object;
- other points are determined that allow the research process to be specified.
The requirements of the above-mentioned guidelines are axiomatic in nature and cannot be adjusted. The task is to develop criteria for optimizing research without affecting the requirements of regulatory documents.
In passing, it should be said that the development of such criteria, their detailing and mathematical justification is a very complex and voluminous task and requires special consideration.
The initial premise for considering the issue of developing optimization criteria is the fact of the high complexity of the existing equipment that processes information and the processes that occur during this process.
The main goal of optimization may be the following: determining specific criteria that allow for a reduction in the volume of research while increasing its reliability.
Optimization of the research process may be carried out in two directions:
- hardware optimization;
- methodological optimization.
If we are talking about hardware optimization, then this should be understood as introducing into the design of the equipment such solutions that make it possible to facilitate the process of instrumental control.
As an example of such a design solution, we can cite the placement of contacts with control points connected to them on the external panel of the product for connecting measuring equipment during research.
Another example of implementing such optimization is the introduction of control test algorithms into the equipment, in which the functioning of real operating modes of information processing is simulated in a cyclic mode.
These techniques allow for a more efficient organization of the research process and significantly reduce time costs.
When speaking about the selection of optimization criteria in the methodological aspect, the following should be kept in mind:
1. On the way from the place of circulation to the location of a potential enemy, information may undergo changes both in the equipment itself and in the propagation environment.
2. The mechanism of these modifications in technical terms can be of four types:
- changes in energy;
- changes in the frequency spectrum;
- modulation;
- demodulation (detection).
Moreover, speaking about the mechanism of such modification, it is necessary to keep in mind that both a weakening of energy and frequency characteristics and their strengthening (expansion) are possible.
3. An exact description of this mechanism is practically impossible.
In the equipment itself, we deal with side radiation and interference, which in turn are determined by parasitic elements. It is not possible to calculate the parameters of these parasitic elements. In addition, they change over time.
In the propagation environment of a signal carrying information, there are a number of factors that inevitably make its real characteristics significantly different from the theoretical ones. For example, the process of propagation of an electromagnetic wave in space is affected by objects present, elements of the building structure, etc. In this case, the effects of shielding, re-reflection, changes in the frequency spectrum and others appear. The nature of these effects depends significantly on the operating conditions. Just like the parasitic parameters of the equipment, these parameters can change over time.
Thus, it is practically impossible to accurately describe or model the process of signal propagation in the information leakage channel. In some approximation, its assessment can be obtained by collecting statistics, but in this case, again, we will get an assessment that differs from reality.
So, we come to a certain contradiction. On the one hand, as was said above, it is not really possible to conduct a full survey of the protected object. On the other hand, we do not have a reliable mechanism that allows us to extend the results of the studies obtained at some selected operating points to the entire operating range.
Obviously, the optimization of the process of instrumental control of the object of study should consist in finding a compromise on this issue.
In any case, before starting the studies, some hypothetical model of the process under consideration is built, and then, when comparing it with the practically obtained data, a conclusion is made about the correctness of the actions and the need to adjust the research process.
In general, the following options can be proposed:
1. From the entire required volume, individual points characteristic of a given process are selected, and according to a certain criterion, a conclusion is made about the possibility of extending the obtained results to the entire range of studies.
2. From the entire required volume of research, individual blocks are selected, within which careful tests are carried out at all operating points, and also, according to a certain criterion, a conclusion is made about the possibility of extending the research results to the entire range.
In any case, there remains the possibility that some points that significantly affect the overall results will not fall into the scope of consideration. The appearance of such anomalous points is associated with the presence in practice of processes that do not fit into the initially adopted theoretical model.
The task of choosing optimization criteria is to ensure that the error of the selected method does not reduce the level of safety of the protected object during its operation.
To summarize, the main points should be noted:
-
in the process of conducting research on equipment that processes information subject to protection, there is a problem of a large volume of tests, which makes it unrealistic to conduct these studies with real time and material costs;
- the task of reducing the volume of research conducted has been there from the beginning of work on the protection of information processed by technical means;
- the task is to optimize the process of conducting research, choosing the criteria for this optimization;
- the main goal of choosing the criteria for optimizing the research process is to reduce the time and material costs of conducting work while simultaneously increasing the reliability of the results and increasing the security of information processing.