picking up on this a bit later....
--On Saturday, 01 June, 2002 20:03 +0200 Ben Nagy <[EMAIL PROTECTED]> wrote: >> -----Original Message----- >> From: Brett Lymn [mailto:[EMAIL PROTECTED]] >> Sent: Saturday, June 01, 2002 3:27 PM >> To: Ben Nagy >> Cc: 'Ron DuFresne'; 'Brett Lymn'; [EMAIL PROTECTED] >> Subject: Re: Opinions? Wireless access point, firewall, eth., DSL box >> >> >> On Fri, May 31, 2002 at 10:14:18AM +0200, Ben Nagy wrote: >> > I'm interested in the possible TEMPEST [1] style attacks, >> because they >> > really shouldn't be possible except for up extremely close, >> > >> >> OK, you are missing something here. > > Well, not really - I'm just trying to see if anyone can do better than > speculation. > >> Most equipment is not >> designed to emit RF at all so a TEMPEST attack has to rely on >> accidental radiation of signals that the equipment was never >> meant to radiate. This makes TEMPEST difficult because the >> radiation is very low level and requires sensitive equipment >> - even then some devices simply don't radiate enough. but.... > > Wellll - it's well known that CRT monitors spit RF like crazy, because > the painting of the monitor rows is really prone to that, and low enough > frequency that it's not really hard to grab - people do undergrad > projects on it. Things like LCD screens are much much harder because the > screen gets drawn differently and it's much lower power. This we know. > For more sensitive stuff, like we're talking about, it's probably a much > different story in terms of equipment required. i would have put it differently: most equipment is not designed to not emit RF. Ross Anderson's book "Security Engineering" has a chapter "Emission Security" that talks about various ways to get information from devices, including signals leaked by conduction over circuits (e.g., power lines) or via RF. the former includes things like power analysis, such as that used against smart cards. ross mentions, without citing a reference, that LCDs "are also generally easy for the eavesdropper." > Right - but what I said originally was "with any reasonable design of > the AP". i'd be curious to know what that kind of design implies for the cost of the device. if one is going to attempt to design a "secure" card that would protect against this kind of problem, should one attempt to design it to also protect against other attacks, such as power attacks? i suppose not, as all the wireless cards i've seen load the key from the host computer, and it is probably much easier to get the key off of such a computer (or off of the storage used by the AP). >> [1] Well... maybe there is. I may be mistaken but I do >> believe that in "Spycatcher" there was a story about a >> certain embassy's encryptor that had an interesting habit of >> leaking the unencrypted data at a lower level on to the >> encrypted data channel, all the spies had to do was filter >> off the encrypted data to pick up the unencrypted information. > > Sorry, but I really can't let you get away with quoting "Spycatcher" as > a reference. 8) for what it is worth, ross quotes this story (the UK prime minister ordering surveillance on the french embassy during negotiations about EEC entrance) and cites "Spycatcher" as the reference. he goes on to say that "this is more common than one might suppose; there has been more than one case of a cipher machine broadcasting in clear on radio frequencies, though often there is reason to suspect that the vendor's government was aware of this." -paul -- Firewalls mailing list - [ [EMAIL PROTECTED] ] To unsubscribe: http://www.isc.org/services/public/lists/firewalls.html
