In the working process of information technology equipment, the current changes in analog and digital signal processing will generate electromagnetic emissions. These electromagnetic emissions may restore relevant information if they are received and analyzed. Cause information leakage. The problem of information security and confidentiality caused by electromagnetic emission is electromagnetic leakage, or electromagnetic information leakage, information electromagnetic leakage, TMEPEST, etc. In the study of electromagnetic leakage, "red signal" refers to the electrical signal related to sensitive information, otherwise it is a black signal. Electromagnetic leakage has always existed with the operation of equipment, threatening the information security of all kinds of equipment at all times. With the continuous development of technology, the potential safety hazards of electromagnetic leakage to information technology equipment have become increasingly prominent.
Electromagnetic interference and electromagnetic leakage
The performance degradation of equipment, transmission channels or systems due to electromagnetic phenomena is called electromagnetic interference, and the systematic research on electromagnetic interference and protection issues is Electromagnetic compatibility (electromagnetic compatibility, EMC). Electromagnetic interference is divided into conducted interference and radiated interference according to the way of propagation, divided into natural interference and man-made interference according to the nature of the interference source, and divided into intentional interference and unintentional interference according to the subjective intention of the interference implementer. The content of electromagnetic compatibility research is how to ensure that electromagnetic interference does not affect the normal operation of information technology equipment.
Electromagnetic leakage is a problem of information leakage caused by unintentional electromagnetic emission during the operation of information technology equipment. Electromagnetic interference is concerned with the impact of electromagnetic emission on sensitive equipment, which is essentially the transmission of electromagnetic energy from the interference source to the sensitive equipment; while electromagnetic leakage focuses on the information-related components in electromagnetic emission, and the essence is that the information of the leakage source is transmitted to theft in the form of electromagnetic emission.收设备。 Receiving equipment.
From the emission source, the electromagnetic emission of the leakage source comes from the voltage and current changes related to information processing on the information technology equipment, and the interference source includes the natural heat in addition to the signal changes of the information technology equipment. Noise, lightning, electrostatic discharge, etc., as well as the release of a wide range of electromagnetic energy such as power switch actions, lighting equipment, and strong electromagnetic pulses in human activities. The transmission path of both refers to electromagnetic radiation in space and signal conduction in conductors, but in transmission, electromagnetic energy will no longer affect sensitive equipment after attenuation to a certain degree; and the possibility of weak electromagnetic signals being stolen to restore the problem It still exists, and with the development of stealing analysis technology, weaker and weaker electromagnetic signals can be received and processed. In addition, the consequences of electromagnetic interference and electromagnetic leakage are not the same. The former affects the performance of sensitive equipment to degrade, or even damages the device and cannot work, which endangers the physical safety of the equipment; the latter causes the leakage of source equipment information and destroys the information. Confidentiality, endangering information security.
From the perspective of electromagnetic emission signal generation and transmission, according to the working process and characteristics of information technology equipment, electromagnetic leakage sources can be divided into three modules: data information, electrical signals, and natural antennas. The operation of information technology equipment is accompanied by the processing of data and information, and the information is processed and transmitted in the form of electrical signals in the equipment hardware. The changing electrical signals will excite the antenna effect devices in the equipment, which are natural antennas (i.e. natural antennas). Antenna), which converts the energy of electrical signals into electromagnetic waves and emits outwards.
The electrical signal is the form of the specific encoding of the data information, and its changing characteristics will be loaded into the electromagnetic wave and emitted, and the content of the data information may be restored after being intercepted. Electromagnetic leakage is the process of information transmission through electromagnetic emission, so it can be compared and analyzed with the communication system to study electromagnetic leakage and its protection.
Electromagnetic leakage signal link composition
The electromagnetic leakage signal link composition is comparable to the communication system. The communication system consists of five parts: source, sink, channel, sending equipment and receiving equipment. The function of the sending device is to match the source and the transmission medium, that is, to transform the message signal generated by the source into a signal form that is convenient for transmission. Modulation, coding and encryption are common transformation methods; the signal propagation in the transmission medium will inevitably be subject to noise The interference affects the transmission of information; and the function of the receiving device is to complete the inverse transformation of the sending device, demodulate, decode, and decrypt the signal carrying the interference to recover the original message.
According to the analysis of the electromagnetic leakage process, it can be seen that electromagnetic leakage is actually the unintentional transmission of information from the "leak source" to the "stealing system", so electromagnetic emission is generated from the leakage source to the recovery of information by the stealing system Each link can be regarded as a "unintentional transmission, deliberate reception" communication system, called "electromagnetic leakage communication system". In this system, the information technology equipment is the source of information, and it is also a potential transmitting equipment. The information processed by the equipment is modulated and loaded into the electromagnetic wave signal for transmission. The transmission medium is electromagnetic wave and a medium suitable for electromagnetic emission. The transmission methods include radiation and conduction. Both transmission methods will be interfered by space electromagnetic noise. The stealing system has strong signal receiving and processing capabilities, and can receive leaked transmissions to restore information. To sum up, the leakage source of the electromagnetic leakage communication system is both the source and the sending equipment, and the stealing system serves as the receiving equipment and accommodation at the same time.
Electromagnetic Leakage Protection
Analyze the influence of various components of the communication system on the communication quality, and study the technical means of electromagnetic leakage protection from the perspective of obstructing the receiving and processing of information from stolen equipment. The communication capability and quality of the communication system are affected by the three links of source, channel and sink, and the only controllable electromagnetic leakage is the source and channel. Therefore, the safety protection of electromagnetic leakage can be studied from the two aspects of leakage source and leakage path.
Leak source protection design
Leak source information transformation has two parts: data signal encoding processing and natural antenna transmission processing, so the leakage source protection can be expanded from these two processing.
Firstly, the data signal is encoded and processed, and information is encrypted under appropriate circumstances. Even if the antenna transmission and channel attenuation are both favorable, the stealing system can only restore the encrypted information, thereby protecting sensitive information. To achieve a good protection effect; in the case of not suitable for encryption, the level and characteristics of the encoded signal will affect the electromagnetic emission, so when conditions permit, the encoding method with low level and slow signal edges should be selected.
Secondly, the emission of natural antennas, in information technology equipment, the antenna effect of metal and electronic devices on the red signal should be avoided. The use of low-radiation devices, the implementation of red and black separation, cable filtering, and red signal module shielding are common methods to suppress natural antenna emissions.
Leak source protection design mainly considers three factors. Firstly, the influence of signal encoding method on leakage emission; secondly, weaken the electromagnetic emission directly related to the red signal; thirdly, prevent cross-modulation and secondary emission. Leakage source protection technologies include red signal module source suppression method low radiation design, red and black module partition isolation design, filter design of each connection between module equipment, module-level and device-level shielding design, etc.
Zone isolation is to place the red signal and the black signal separately and centrally during the design stage. You can also set up multiple red signal modules or black signal modules as needed, and then carry out independent and strict protection for the red signal modules. Red-black isolation technology helps prevent more complex electromagnetic leakage problems such as crosstalk loading, cross-coupling, and secondary emission.
In the equipment development stage, low-radiation design technology is used in the red signal area to reduce the intensity of red signal emission and control the leakage of electromagnetic information from the source through steps such as device selection and circuit design.
The connection between the red signal module and other modules, power supplies and peripherals is designed with filtering, which prevents information by filtering out specific frequency components on cables such as signal transmission lines, power lines, and common ground wires. Leakage occurs through conduction emission and prevents secondary emission of signals.
Shielding restricts electromagnetic energy within a certain area and weakens the emission of electromagnetic energy. Module-level shielding is a partial shielding of the red signal module. A reasonable module-level shielding can not only control the red signal transmission range, but also effectively avoid cross-coupling of red and black signals; device-level shielding is the protection of the entire device and electromagnetic emission of red signals. For further electromagnetic isolation.
Protection on the leakage path
The leakage path only has channel processing, so the safety protection on the leakage path should be studied based on the channel capacity. Reducing the signal-to-noise ratio in the electromagnetic leakage emission frequency range can reduce the channel capacity, reducing the red signal energy emission and increasing the electromagnetic noise are the basic ways to reduce the signal-to-noise ratio. The method of increasing noise to reduce the signal-to-noise ratio is known as interference technology. This technology deliberately releases false electromagnetic emissions when the source device is working. The basis is electromagnetic leakage protection to ensure that information is not compromised as the goal to suppress electromagnetic emissions of useful information. Obstructing the reception and restoration of stolen equipment is the main means, and does not care about the transmission without information.
In order to achieve the desired effect, the interference noise should meet the requirements in the time domain, space domain, energy domain, and frequency domain. Consistent with the emission direction of the red signal, the frequency requirements include the frequency range of the red signal emission, and the energy should be able to cover the electromagnetic emission of the red signal.
The requirements of time domain and space domain are easy to realize, and according to the relationship between interference noise and red signal emission in energy and frequency domain, interference technology can be divided into white noise interference and related interference. White noise interference is the generation of electromagnetic radiation in a certain frequency band, which covers the red signal emission from the energy. However, because it is not designed for the emission of the target device, the white noise and the red signal emission are not related, and the electromagnetic noise may not be in the analysis of the leakage emission frequency range. Therefore, it is still possible to recover useful signals.
Video information leakage protection
Computer video information leakage is one of the most widely studied electromagnetic leakage problems. The electromagnetic leakage model is used to analyze the existing video leakage prevention technologies and learn from them. The protection ideology and methods will provide reference for the leakage protection of other sensitive information. In the electromagnetic protection of video information, shielding, filtering, interference, etc. are still the most used methods. Some specialized protection technologies have shown good protection effects, including video signal-based interference methods, synchronized clock modulation methods, and human brain-based methods. Color mixing protection technology, etc.
The interference method based on video signals is to add hardware modules to scramble the main signal of the video signal, and feed the garbled signal to the video output terminal, and generate electromagnetic emission through a common antenna effect device. Achieve the effect of related interference. Combined with the electromagnetic leakage model, this method is to specially set the false red signal and generate electromagnetic emission through the same antenna effect device, so that the receiver cannot recover the real red signal and its corresponding information.
The synchronous clock modulation method is to modulate the synchronous clock of the video signal, so that the electromagnetic emission of the synchronous signal has a moderate change, so that the stealer cannot reconstruct the video image and does not affect the normal image display of the display. The protection method based on the color mixing of the human brain is to use the color synthesis feature of the human eye to add different noises to the image at intervals. On the fast-switching display terminal, two adjacent frames of images return to normal visually, and more noise components are added to the electromagnetic emission of the video signal. Both methods change its electromagnetic emission by processing the video signal to achieve the purpose of electromagnetic leakage protection. Combined with the electromagnetic leakage model, it is equivalent to randomly reducing or increasing the content of the signal at the transmitting end, but for the stealing device, the random change of the signal cannot be restored due to irreversibility. Aiming at the electromagnetic leakage problem of video information that has a large amount of data and needs to be repeatedly displayed, combined with the analysis of the three protection technologies, the electromagnetic leakage protection mainly includes the following types. One is to use effective shielding, filtering and related interference technologies. It is to encrypt and modulate the transmitted video signal. The third is to perform differential transmission of video information to reduce redundant information. The fourth is to transmit and display video information with optical signals from the main board.