EMISSIONS SECURITY

1
EMISSIONS SECURITY
Elizabeth Eykman lizeyk_at_hotmail.com
Supervisors Stephen Gould Matt Barrie
2
OBJECTIVES

• Set up a successful lab experiment to measure
  optical emanations from a computer terminal
• Investigate the information contained in optical
  emissions from CRT monitors
• Reconstruct information from the optical signal
• Suggest improvements to experiment and further
  work
• Consider Countermeasures

3
BACKGROUND
Emissions Security (Emsec) refers to the
protection of a system from being attacked by way
of compromising emanations.

• In 1985, Van Eck demonstrated the reconstruction
  of a television CRT display by using the
  information carried in the electromagnetic
  radiation
• In May 2002, Markus Kuhn published a paper
  (Optical Time-Domain Eavesdropping risks of CRT
  displays) to describe the reconstruction of a CRT
  display using the information contained in the
  optical emissions

4
EQUIPMENT SET UP
Diffuse reflections of information carrying
emissions can be detected
5
RASTER SCAN DISPLAY
6
TEST PATTERNS
Source Display
PMT Output

• Resolution of 640x480 pixels used for source
  display
• Refresh rate period 16.5ms
• One pixel period 16.5/(640x480)
• 53.71 ns

7
SINGLE PIXEL DECAY CURVES
The intensity function of the light emitted
corresponds to the video signal convolved with
the impulse response of the screen phosphors
The phosphor decay curve can be thought of a
low-pass filter applied to the video signal as it
is emitted
8
PIXELS ON THE SAME SCAN LINE
Two white pixels on the same scan line were moved
closer together
Pixels on the same scan line can be clearly
differentiated in the received signal if they are
2 or more pixels apart. (using the equipment
available)
9

ADAPTIVE FILTER DESIGN

• The transfer function of the model, H(z), is a
  best-fit to the inverse of the unknown transfer
  function of the system
• Once converged, the adaptive filter output is a
  best least-squares match to the plant input
• The derived inverse filter can now be used to
  reconstruct the video signal/data

10
The LMS algorithm is used to find the
coefficients of the inverse filter
LMS Algorithm Wk1 Wk 2µ?kXk

• W weight vector
• µ convergence parameter
• error
• X input signal vector

Sk Synthesized video signal Xk
Photomultiplier output
11
COUNTERMEASURES

• Break the line of sight to display surfaces
  exhibiting sensitive information
• Surrounded monitors by broadband background
  light to increase shot noise
• Set the monitor to the highest resolution
  possible, minimum workable contrast and maximum
  brightness comfortable
• Encrypt the raster scan algorithm of the CRT
• Liquid Crystal Display (LCD) monitors can be
  used to replace CRT monitors as all pixels in a
  line are refreshed simultaneously and the pixel
  response times are slower

12
CONCLUSIONS
With the use of this simple, inexpensive
experiment, it has been shown that information
leakage from a CRT monitor via optical emissions
is a security concern.
FURTHER WORK

• Development of a Real-Time application
• Reconstruction of data to its true colours
• Development of further countermeasures