Recommendations for assessing the security of confidential information from leakage due to EMI.

Recommendations for assessing the security of confidential information from leakage due to PEMI..

Recommendations for assessing the security of confidential information from leakage due to PEMI.

E. V. Kurenkov, A. V. Lysov, A. N. Ostapenko
FSUE «NPP «Gamma», VIKA im. A. F. Mozhaisky, PPSH Laboratory

Almost any enterprise or organization sooner or later has to face the need to protect commercial information (CII), the loss of confidentiality of which can lead to serious financial losses. Since the ways of information leakage are very diverse, the heads of security services are faced with the task of assessing the degree of protection of information from leakage through technical channels. For this purpose, they are forced to certify objects, premises, technical means for their compliance with the requirements for information protection for the relevant security classes, during which technical leakage channels and the degree of their danger are identified. Certification can be carried out independently or with the involvement of specialized organizations licensed by the State Technical Commission under the President of the Russian Federation for this type of activity.

Currently, the cost of such work is quite high, but many enterprises, for example, not associated with the implementation of government orders, do not need to analyze all possible leakage channels.

One of the most dangerous channels is the presence of side electromagnetic radiation (SEMR) arising during the operation of various electronic devices (fax and telephone machines, mini-PBX, computers, printers, modems, scanners, servers, etc.). The nature of the SEMR is determined by the purpose, circuit solutions, element base, power of the device, as well as the materials from which the case is made, and its design. Radiation can occur in a wide range of frequencies (from a few hertz to gigahertz), and the range of real interception of information can reach hundreds of meters.

To carry out a full scope of work on the study of the danger of PEMI, it is necessary to have:

• a fleet of expensive control and measuring equipment with the appropriate metrological support;
• highly qualified personnel;
• special methods for conducting measurements and a mathematical apparatus for calculating the results.

However, in the case of protecting commercial information, the risk of PEMI can be assessed using limited means. To do this, it is sufficient to be able to set a test mode for the equipment being tested and to have a set of radio receivers (RRU) operating in the range from 0.01 to 1000 MHz. It is desirable that the RRUs used
have the ability to disable the automatic gain control system and the bandwidth control function.

Control can be carried out both by an instrumental method, consisting of a physical check of the impossibility of intercepting PEMI outside the controlled area, and by a calculation and instrumental method.

In both cases, the test mode must be set by generating a signal in the equipment being tested that, on the one hand, is easily identifiable upon reception, and on the other hand, transfers the equipment to a state in which the level of spurious emissions it creates is maximum.

For example, for telephone network elements (mini-PBX, fax machines, telephones, etc.) — this is the passage of the «busy» signal when the telephone handset is lifted. For internal television systems — transmission of a target (a picture consisting of alternating black and white stripes). For electronic computer equipment — the use of pulse trains with a duration of:
= 0.6 μs — to check the processor;
= 0.25 μs — to check the floppy disk;
= 0.05 μs — for checking the hard magnetic disk;
= 0.06 μs — for checking the monitor;
= 4 μs — for checking the matrix printing device.

The simplest way to control the adequacy of the ZKI from leakage through the PEMI is by means of an instrumental method. In this case, the following sequence of operations is performed:

1. The control equipment is installed in places where technical reconnaissance equipment may be located.

2. The automatic gain control system of the RPU is switched off.

3. The required bandwidth value of the receiving device is set ( = 6 kHz — when monitoring the emissions of telephone network equipment; = 15.6 x M kHz, where M is the number of «white» bands in the world; = 1/, when monitoring the radiation of electronic computing equipment, where — pulse duration in a test signal packet).

4. The test signal is turned on on the equipment being tested.

5. The search for radiation modulated by the test signal is carried out in the frequency range from 0.01 to 1000 MHz.

6. When it is detected, a decision is made on the need to carry out additional measures on the ZKI.

The disadvantage of the considered method is the relatively high requirements for the threshold sensitivity of the receiving devices (not worse than 1 μV) and the presence of special combined magnetic and electric antennas, which ensure .

If these requirements are not met or there is no possibility of conducting research at the border of the controlled territory, you can use the calculation and measurement method, which is as follows:

1. The monitoring equipment is installed at a certain distance >= 1 m from the device being tested.
2. The test signal is turned on.
3. The test signal is searched for in the same way as in the above method.
4. When a signal is detected, its level is measured in the presence of noise at the input of the radio control unit using measuring radio monitoring equipment.

5. For all frequencies at which signal changes were detected, the results of measurements of the value are entered into Table 1.

   Table No. 1.

   No.	Signal frequency fc , MHz	Signal level in the presence of noise , μV	Noise level , µV	Signal level, µV

6. The monitored equipment is switched off, and the noise levels are measured at all frequencies where the test signal was detected , and their values ​​are entered into Table 1.
   If the sensitivity of the RPU is below 10 μV, then to determine the level it is advisable to use an analytical method, according to which = x , where — effective antenna height, and — noise electric field strength. Approximate values ​​ for a large industrial city are given in Table. 2.
   
   Table No. 2.
   

   f, MHz	0.1…1	1…10	10…100	100&# 8230;1000
   Ep, µV/m	1…500	0.8…100	0.1…10	0.1…1

7. By the formula the signal level values ​​ at the input of the control receiver are calculated, which are also entered into Table 1.
8. Calculated range , at which interception of PEMI is possible, is found from the ratio = /.
9. If the calculated value greater than the radius of the controlled area , it is necessary to take into account the weakening of the electromagnetic field strength by artificial (or natural) barriers.
   Taking into account the weakening of electromagnetic waves, the possible range of interception of PEMI will be determined by the value:
   ,
   where K is the attenuation of the barrier at the signal frequency.
10. In the case when the value of still exceeds the radius of the controlled zone , it is necessary to take additional measures to protect information from interception.

Note:
If the control equipment is not equipped with built-in measuring devices, the signal and noise levels at the input of the RPU are determined using the equivalent generator method.

A voltmeter is connected to the input of the receiving device with the automatic gain control system disabled, and a fixed output voltage value is set using the gain knobs (low and intermediate frequencies).

The antenna is switched off, and a signal from the generator output tuned to the radio receiver frequency is fed to the receiver input (in the internal amplitude modulation mode with a depth of 30%).

Without changing the gain factors of the receiving device, the selected fixed value of the output signal is achieved by changing the output voltage level of the generator Ug.

This procedure is carried out at all frequencies at which emissions from the monitored equipment were detected (Table 1). Measurements are made separately for the signal in the presence of noise () and
noise ().

We hope that the proposed methods will be useful for representatives of the security services of commercial structures when assessing the adequacy of measures to ensure the protection of confidential information.