Data Emanation Security

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> Now, our last topic here in domain
00:00
5 is data emanations security.
00:00
This is an attack on access control,
00:00
basically because it's bypassing access control.
00:00
Rather than logging into
00:00
a system providing account credentials,
00:00
access control attacks, can I access this system,
00:00
this information, this data,
00:00
without having to provide those credentials?
00:00
We're going to talk about a study
00:00
that was named Tempest,
00:00
and we're going to talk about how that relates to
00:00
data emanation in some ways we can mitigate.
00:00
Back in the '60 's, the government wanted to find out
00:00
that if you analyze
00:00
radiation emitted by electronic devices,
00:00
wanted to find out if you can learn
00:00
>> anything meaningful,
00:00
>> because all devices that are
00:00
electronic emit some form of radiation.
00:00
The government said, ha,
00:00
wonder if that's a big deal.
00:00
The study called TEMPEST
00:00
examined that emanation and determined,
00:00
yes, you very much can discern important information.
00:00
As a matter of fact, Bruce Schneier,
00:00
who is a huge name in the cyber security world,
00:00
and you might even want to look this up,
00:00
it's a very interesting study,
00:00
but by analyzing the data emanation
00:00
from a specific system,
00:00
Schneier was able to determine what
00:00
the encryption key was
00:00
that they were using for encryption.
00:00
That system was using AES-256,
00:00
so it's not like it was using
00:00
an old broken down algorithm,
00:00
just by studying the emanation.
00:00
What was even more interesting about
00:00
this attack is the total cost of the system that
00:00
he used to analyze the radiation was
00:00
>> less than a $1,000.
00:00
>> That had been done before with high-end equipment,
00:00
but now the costs are getting cheaper and cheaper
00:00
for the devices that can do this for us,
00:00
so we have to be very
00:00
aware that data emanation can be a problem.
00:00
Especially because so many devices
00:00
now are coming with RFID chips,
00:00
or passports, or credit cards,
00:00
and so, emanation there could be very detrimental.
00:00
Now TEMPEST has evolved
00:00
from that study into being more of a standard.
00:00
If I want to make sure that my laptop is configured,
00:00
or is outfitted in such a way that it's going
00:00
to reduce the harm from data emanation,
00:00
I can send it off,
00:00
it'll come back weighing 80 pounds because it's case
00:00
will have heavy material,
00:00
or heavy metal in it to absorb that stray signal,
00:00
because that's one of the ways that we do it.
00:00
We could also use
00:00
these devices in what we refer to as a Faraday cage.
00:00
A Faraday cage is made of mesh,
00:00
or it could be of heavy metal.
00:00
The idea is that it absorbs the signal and
00:00
prevents emanation from the cage outward.
00:00
If you're secure with the secure compartments that
00:00
are used for sensitive discussions in the military,
00:00
SCIFs, those are made out of material to absorb signal.
00:00
Now, another way we can limit the damage with
00:00
data emanations is we can
00:00
disguise what's meaningful from what isn't.
00:00
We have different types of noise that
00:00
can be injected into an environment.
00:00
Sometimes there's white noise, and pink noise,
00:00
and brown noise, and these are
00:00
all at different frequencies,
00:00
so that it's much harder for an attacker to say, oh,
00:00
this is sensitive information
00:00
because there's so much noise in the environment.
00:00
Then the last way we can limit the harm of
00:00
data emanation is,
00:00
be very thoughtful about where we
00:00
put our sensitive devices,
00:00
and our data center.
00:00
We're not going to put that in the corner office with
00:00
all the windows pointing out to the parking lot,
00:00
we're going to put our secure data center
00:00
in the center of our building,
00:00
and we're going to use
00:00
the building's natural building material
00:00
to absorb that signal.
00:00
Those are some of the ways that we can
00:00
avoid leakage through data emanation.
00:00
Let's go ahead and wrap up
00:00
this section on emanation security.
Up Next