Recommendations for assessing the security of confidential information from leakage due to EMI.

logo11d 4 1

Recommendations for assessing the security of confidential information from leakage due to PEMI..

Recommendations for assessing the security of confidential information from leakage due to PEMI.

Recommendations for assessing the security of confidential information from leakage due to PEMI.

E. V. Kurenkov, A. V. Lysov, A. N. Ostapenko
FSUE «NPP «Gamma», VIKA im. A. F. Mozhaisky, PPSH Laboratory

Almost any enterprise or organization sooner or later has to face the need to protect commercial information (CII), the loss of confidentiality of which can lead to serious financial losses. Since the ways of information leakage are very diverse, the heads of security services are faced with the task of assessing the degree of protection of information from leakage through technical channels. For this purpose, they are forced to certify objects, premises, technical means for their compliance with the requirements for information protection for the relevant security classes, during which technical leakage channels and the degree of their danger are identified. Certification can be carried out independently or with the involvement of specialized organizations licensed by the State Technical Commission under the President of the Russian Federation for this type of activity.

Currently, the cost of such work is quite high, but many enterprises, for example, not associated with the implementation of government orders, do not need to analyze all possible leakage channels.

One of the most dangerous channels is the presence of side electromagnetic radiation (SEMR) arising during the operation of various electronic devices (fax and telephone machines, mini-PBX, computers, printers, modems, scanners, servers, etc.). The nature of the SEMR is determined by the purpose, circuit solutions, element base, power of the device, as well as the materials from which the case is made, and its design. Radiation can occur in a wide range of frequencies (from a few hertz to gigahertz), and the range of real interception of information can reach hundreds of meters.

To carry out a full scope of work on the study of the danger of PEMI, it is necessary to have:

  • a fleet of expensive control and measuring equipment with the appropriate metrological support;
  • highly qualified personnel;
  • special methods for conducting measurements and a mathematical apparatus for calculating the results.

However, in the case of protecting commercial information, the risk of PEMI can be assessed using limited means. To do this, it is sufficient to be able to set a test mode for the equipment being tested and to have a set of radio receivers (RRU) operating in the range from 0.01 to 1000 MHz. It is desirable that the RRUs used
have the ability to disable the automatic gain control system and the bandwidth control function.

Control can be carried out both by an instrumental method, consisting of a physical check of the impossibility of intercepting PEMI outside the controlled area, and by a calculation and instrumental method.

In both cases, the test mode must be set by generating a signal in the equipment being tested that, on the one hand, is easily identifiable upon reception, and on the other hand, transfers the equipment to a state in which the level of spurious emissions it creates is maximum.

For example, for telephone network elements (mini-PBX, fax machines, telephones, etc.) — this is the passage of the «busy» signal when the telephone handset is lifted. For internal television systems — transmission of a target (a picture consisting of alternating black and white stripes). For electronic computer equipment — the use of pulse trains with a duration of:
= 0.6 μs — to check the processor;
rekomendacii po ocenke zashishennosti konfidencialnoi inf = 0.25 μs — to check the floppy disk;
rekomendacii po ocenke zashishennosti konfidencialnoi inf= 0.05 μs — for checking the hard magnetic disk;
rekomendacii po ocenke zashishennosti konfidencialnoi inf = 0.06 μs — for checking the monitor;
rekomendacii po ocenke zashishennosti konfidencialnoi inf = 4 μs — for checking the matrix printing device.

The simplest way to control the adequacy of the ZKI from leakage through the PEMI is by means of an instrumental method. In this case, the following sequence of operations is performed:

  1. The control equipment is installed in places where technical reconnaissance equipment may be located.

  2. The automatic gain control system of the RPU is switched off.

  3. The required bandwidth value of the receiving device is set (rekomendacii po ocenke zashishennosti konfidencialnoi inf 3 = 6 kHz — when monitoring the emissions of telephone network equipment; rekomendacii po ocenke zashishennosti konfidencialnoi inf 4 = 15.6 x M kHz, where M is the number of «white» bands in the world; rekomendacii po ocenke zashishennosti konfidencialnoi inf 4 = 1/rekomendacii po ocenke zashishennosti konfidencialnoi inf, when monitoring the radiation of electronic computing equipment, where rekomendacii po ocenke zashishennosti konfidencialnoi inf — pulse duration in a test signal packet).

  4. The test signal is turned on on the equipment being tested.

  5. The search for radiation modulated by the test signal is carried out in the frequency range from 0.01 to 1000 MHz.

  6. When it is detected, a decision is made on the need to carry out additional measures on the ZKI.

The disadvantage of the considered method is the relatively high requirements for the threshold sensitivity of the receiving devices rekomendacii po ocenke zashishennosti konfidencialnoi inf 5(not worse than 1 μV) and the presence of special combined magnetic and electric antennas, which ensure rekomendacii po ocenke zashishennosti konfidencialnoi inf 5.

If these requirements are not met or there is no possibility of conducting research at the border of the controlled territory, you can use the calculation and measurement method, which is as follows:

  1. The monitoring equipment is installed at a certain distance rekomendacii po ocenke zashishennosti konfidencialnoi inf 6 >= 1 m from the device being tested.
  2. The test signal is turned on.
  3. The test signal is searched for in the same way as in the above method.
  4. When a signal is detected, its level is measured in the presence of noise rekomendacii po ocenke zashishennosti konfidencialnoi inf 7 at the input of the radio control unit using measuring radio monitoring equipment.
  5. For all frequencies at which signal changes were detected, the results of measurements of the value rekomendacii po ocenke zashishennosti konfidencialnoi inf 7 are entered into Table 1.

    Table No. 1.

    No.

    Signal frequency
    fc , MHz

    Signal level in the presence of noise
    rekomendacii po ocenke zashishennosti konfidencialnoi inf 7 , μV

    Noise level
    rekomendacii po ocenke zashishennosti konfidencialnoi inf 8, µV

    Signal level,
    rekomendacii po ocenke zashishennosti konfidencialnoi inf 9 µV

             
  6. The monitored equipment is switched off, and the noise levels are measured at all frequencies where the test signal was detected rekomendacii po ocenke zashishennosti konfidencialnoi inf 8, and their values ​​are entered into Table 1.
    If the sensitivity of the RPU is below 10 μV, then to determine the level rekomendacii po ocenke zashishennosti konfidencialnoi inf 8it is advisable to use an analytical method, according to which rekomendacii po ocenke zashishennosti konfidencialnoi inf 8 = rekomendacii po ocenke zashishennosti konfidencialnoi inf 10x rekomendacii po ocenke zashishennosti konfidencialnoi inf 11, where rekomendacii po ocenke zashishennosti konfidencialnoi inf 11— effective antenna height, and rekomendacii po ocenke zashishennosti konfidencialnoi inf 10 — noise electric field strength. Approximate values ​​rekomendacii po ocenke zashishennosti konfidencialnoi inf 10 for a large industrial city are given in Table. 2.

    Table No. 2.

    f, MHz

    0.1…1

    1…10

    10…100

    100&# 8230;1000

    Ep, µV/m

    1…500

    0.8…100

    0.1…10

    0.1…1

  7. By the formula rekomendacii po ocenke zashishennosti konfidencialnoi inf 12the signal level values ​​rekomendacii po ocenke zashishennosti konfidencialnoi inf 9 at the input of the control receiver are calculated, which are also entered into Table 1.
  8. Calculated range rekomendacii po ocenke zashishennosti konfidencialnoi inf 13, at which interception of PEMI is possible, is found from the ratio rekomendacii po ocenke zashishennosti konfidencialnoi inf 13 = rekomendacii po ocenke zashishennosti konfidencialnoi inf 6rekomendacii po ocenke zashishennosti konfidencialnoi inf 9/rekomendacii po ocenke zashishennosti konfidencialnoi inf 8.
  9. If the calculated value rekomendacii po ocenke zashishennosti konfidencialnoi inf 13greater than the radius of the controlled area rekomendacii po ocenke zashishennosti konfidencialnoi inf 14, it is necessary to take into account the weakening of the electromagnetic field strength by artificial (or natural) barriers.
    Taking into account the weakening of electromagnetic waves, the possible range of interception of PEMI will be determined by the value:
    rekomendacii po ocenke zashishennosti konfidencialnoi inf 15,
    where K is the attenuation of the barrier at the signal frequency.
  10. In the case when the value of rekomendacii po ocenke zashishennosti konfidencialnoi inf 16 still exceeds the radius of the controlled zone rekomendacii po ocenke zashishennosti konfidencialnoi inf 14, it is necessary to take additional measures to protect information from interception.

Note:
If the control equipment is not equipped with built-in measuring devices, the signal and noise levels at the input of the RPU are determined using the equivalent generator method.

A voltmeter is connected to the input of the receiving device with the automatic gain control system disabled, and a fixed output voltage value is set using the gain knobs (low and intermediate frequencies).

The antenna is switched off, and a signal from the generator output tuned to the radio receiver frequency is fed to the receiver input (in the internal amplitude modulation mode with a depth of rekomendacii po ocenke zashishennosti konfidencialnoi inf 17 30%).

Without changing the gain factors of the receiving device, the selected fixed value of the output signal is achieved by changing the output voltage level of the generator Ug.

This procedure is carried out at all frequencies at which emissions from the monitored equipment were detected (Table 1). Measurements are made separately for the signal in the presence of noise (rekomendacii po ocenke zashishennosti konfidencialnoi inf 18) and
noise (rekomendacii po ocenke zashishennosti konfidencialnoi inf 19).

We hope that the proposed methods will be useful for representatives of the security services of commercial structures when assessing the adequacy of measures to ensure the protection of confidential information.

 

Мы используем cookie-файлы для наилучшего представления нашего сайта. Продолжая использовать этот сайт, вы соглашаетесь с использованием cookie-файлов.
Принять