S 4.89 Emission security

Initiation responsibility: IT Security Officer

Implementation responsibility: IT Security Officer

Every electronic device emits electromagnetic waves of a certain strength. These emissions are considered to be interference, and there are generally statutory limits on their maximum permissible strength. In Germany, this is regulated by the Electromagnetic Compatibility Act ( EMVG ). Devices that process information (PCs, printers, fax machines, modems, etc.) this interference can also contain the information currently being processed. Emissions carrying such information are referred to as compromising emanations. If compromising emanations can be received nearby, meaning in a neighbouring building or even in a vehicle parked in the vicinity, then it is possible to reconstruct the information. The confidentiality of the data is therefore questionable. The limit values of the Electromagnetic Compatibility Act are generally not low enough to prevent someone from eavesdropping on the compromising emanations. Additional safeguards need to be taken as a general rule to prevent this.

Compromising emanations can escape from a room in various ways:

• In the form of electromagnetic waves that spread throughout free space like radio waves.
• As conductor-bound interference along metallic conductors (cables, air conditioning ducts, heating pipes, etc.).
• Through coupling when a data cable is installed parallel to other cables. The emissions can propagate along the parallel cables and can even be picked up on these cables at great distances.
• As acoustic emissions, as is the case with printers. Detailed information of the print operation spreads as sound waves or as ultrasound waves and can be recorded with a microphone.
• In the form of acoustic coupling with other devices. Sound is converted to electrical signals by parts of the devices that are sensitive to sound and that can act like a microphone under certain conditions. The information is then further disseminated along metallic conductors or even in the form of electromagnetic radiation.
• Compromising emanations can also by caused by external manipulations to devices. For example, if a device is irradiated with high frequency radiation, then information on the electrical processes in the device can influence the electromagnetic waves radiating into the device to the point that they will carry the information being processed as well.

In all of these cases, the installation itself, meaning how the devices are connected by cables to each other and to the power supply grid, has a significant influence on their propagation, and therefore on the range at which the emissions can be received.

The BSI has developed safeguards that reduce this threat without a significant increase in cost. This includes the following:

• Zone model
  
  The zone model takes the conditions for the propagation of compromising emanations created by the particular building and terrain into account. In this model, the attenuation of the emissions is measured on their route from the IT device generating the emissions to the potential recipient. Depending on the conditions prevalent at the site, it may also be possible to use devices that do not require any anti-emission measures or only require minor anti-emission measures.
• Emanation suppression at source
  
  The suppression of emanations at source when developing new IT products is a particularly effective method. In this case, the compromising emanations are suppressed directly at the source inside the device or are changed so that they cannot be analysed any more. This method also permits the use of inexpensive plastic housing, and therefore has a negligible effect on the production price per unit.
• Survey measurement methods
  
  The development of survey measurement methods and manipulation test procedures makes it possible to test the emission security quickly and easily, even after maintenance, repair, or unauthorised access.
• Use of low-emission or emission-protected devices
  
  Manufacturers of PC monitors often advertise their products using the phrase "low emission according to MPR II, TCO, or SSI". However, these guidelines only consider the potential health hazards of the emissions from the device. For this reason, the measuring methods and limit values for the emissions are unsuitable for verifying the presence of compromising emanations and, like measurements of electromagnetic compatibility (EMC), do not permit an evaluation of the security provided against unauthorised reading of the data.
  
  However, some vendors offer specially shielded IT systems. The BSI uses a detailed test concept for the graduated testing of IT devices and IT systems. The basic idea behind this concept is to adapt the scope of the safeguards as best as possible to the threat scenario assumed by the users in order to obtain a maximum of emission security at minimal cost. The BSI test concept was originally developed for the protection of classified government material, but its use can also helpful in private industry when data with a high protection requirement in terms of its confidentiality needs to be protected. In many cases, for example, a device certified according to the zone model and authorised for use in Zones 1-3 (referred to as a "Zone 1" device) will already offer adequate protection against unauthorised eavesdropping of confidential data by exploiting compromising emanations. In case of high or very high protection requirements in terms of confidentiality it should be checked whether the use of low-emission or emission-protected devices is useful or even required. Whether or not a manufacturer offers devices shielded according to the TEMPEST standard in its range of products should be clarified by asking the manufacturer or the BSI or by checking the official product overview in BSI TL 03305 published on the BSI web site under the Publications heading. When asking if a given device is TEMPEST certified, it is also always necessary to ask what level of certification was awarded (e.g. if the device is authorised for use in Zones 1-3 according to the zone model).

Review questions:

• Was considered if additional safeguards to ensure emission security are required?