Re: Secure passwords?

"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
news:eYvnf.75$G8.0@xxxxxxxxxxxxxxxxxxxx:

>
>> >> The putative effects of interference are frequently overestimated.
>> >> It is electronic child's play to filter interference and even,
>> >> given the enormous redundancy in many signals, to extract
>> >> information many decibels *below* the noise floor.
>> >
>> > "Child's play"? Gotta have a cite for that one.. admittedly, I'm
>> > assuming that the box is somewhere close to the CRT and keyboard.
>>
>> Here's one example of a "canned solution" extracting signals from
>> noise using FFT integration. This particular device concentrates on
>> audio but the processes are quite general and apply to virtually all
>> signal processing. Hell, these things are now pretty standard - they
>> last were cutting edge when I read about them in Aviation Week in the
>> 60s!
>>
>> http://www.baudline.com/manual/process.html
>
> And hardly the same level of complexity! Being able to integrate a
> cuboid doesn't mean that you can provide a pure solution for, say, a
> four-way partial differential equation
>
> Not that I'm saying it *can't* be done, of course - after all, aren't
> weather forecasts 100% accurate? ;o)



An FFT is an FFT is an FFT is an FFT! (with apologies to Gertrude Stein
:-)

The technique is *very broadly applicable* to extracting signals that
contain redundancy from below the noise floor in *many* areas of signal
processing. It is one of a family of time & frequency domain transform
techniques widely used in DSP. See, for instance, a discussion of their
application with emphasis on radar in:

Time-frequency Transforms for Radar Imaging and Signal Analysis
http://www.scitechpub.com/Chen_Time_Freq.htm

As for partial differential equations, all of E&M reduces to Maxwell's 4
differential equations. And I've solved a few cases of them (trivial
cases just for waveguides). Instead, my differential equation solving
usually deals with the nastier Navier-Stokes differential equations
applicable to fluid dynamics. But, really, all this is beside the point;
DEs have only a tangential bearing on the issues we're discussing.

As an index of how commonplace an EE problem extracting signals from
noise is, googling for it gives almost a million hits! Here's one
example drawn at random that discusses how an entire technology, spread-
spectrum transmission, depends on the ability to extract signals from
noise:

Open Spectrum: A Path to Ubiquitous Connectivity
http://acmqueue.com/modules.php?name=Content&pa=showpage&pid=37


>> >> I disagree. Few have access to Tempest kit to make observations,
>> >> other than illustrations in manufacturers' brochures (which
>> >> disclose little other than the obvious).
>
>> > Few != None
>> >
>> > Some of us may well have used such equipment for years (hint, hint)
>> >
>> > See above for the trivial classification level, at least here in
>> > the UK.
>>
>>
....snip...
> For the third time of saying - the classification level is the lowest
> level possible, at least for the basics (i.e. how to build it). And
> the techniques used aren't exactly cutting-edge, either. Nor the
> materials.
>
> Have to say that I can't really understand your problem, if you've
> ever used such kit. Which may or may not be likely, based on simple
> age - it's far more common these days to shield the building and use
> off-the-shelf equipment, except for the higher-classification
> networks. Even then, a small amount of proximity control goes an awful
> long way.



I've used 'em but only briefly - but I've never been under the hood in
the sense of taking one apart (the lads there frowned on those taking
such liberties :-)

However,hubris is the vice the Greek gods punished most severely. It is
unwise to believe that a nickel's worth of math, electronics, a
tinkerer's enthusiasm, and a few parts suppliers' catalogues, can create
good emsec shielding. There's just a little more to it than that.

Any fool can apply general principles to shielding and get, perhaps, 20
dB of suppression. However, achieving 100 dB takes enormous attention to
detail. General shielding is easy (that's why any fool can get 20 dB)
but finding and closing all the leakage paths (even from, say, flexing
causing inadequate compression of RF sealing gaskets) is distinctly non-
trivial (and that's why any fool cannot get 100 dB). And building
without testing to ensure one has achieved one's objective is folly. And
testing is f**king expensive - there are relatively few certified labs
and even some Tempest builders outsource the testing rather than carry
the expense and bother!

As just one example, it is expensive and difficult to get the special
metallic-deposition-layer glass used for emsec shielding where visibility
is required (e.g., screens). The specialized manufacturers don't want to
deal in small quantities and it's awkward to ship (including lots of
paperwork if borders are crossed).

Now, none of this says emsec shielding can't be done - it IS being done
every day - has been for decades. But by *specialty* firms. If you
need the technology there's no sense jacking around trying to cobble up
these things oneself - just pony up the cash and buy one from Siemens or
Cordsen or Emcom (the ones I've used) or whomever.

But before you whip out your chequebook consider whether the not
inconsiderable sums of money could be better spent on other aspects of
your security - in almost all cases, unless you are as rich as Croesus,
you will find yourself deferring the purchase of those Tempest toys.


Moving on to your comment on proximity control, I can only presume you
have a Real Estate licence and are hoping to cash in. Increasing the
distance by a factor of 10 only gives a 20 dB drop in signal strength; a
distance factor of 100 gives 40 dB, 1000 give 60 dB, and 100,000 gives
100 dB! Most of us do not own hundreds of square miles of Nevada desert
in order to get 100 dB signal reduction through "proximity control" - it
is only a supplementary method that, in practice, might save you one
zone.

No, for a real-world discussion of emsec and some of the issues that bear
on it let me direct you to the following recent paper by one of Ross
Anderson's disciples:

Security Limits for Compromising Emanations
www.cl.cam.ac.uk/~mgk25/ches2005-limits.pdf

Regards,


.

Relevant Pages

  • Re: Secure passwords?
    ... It is electronic child's play to filter interference and even, given the enormous redundancy in many signals, to extract information many decibels *below* the noise floor. ... metallic-deposition-layer glass used for emsec shielding where visibility ...
    (alt.computer.security)
  • Re: Artifact Audibility Comparisons
    ... temporal coherency), should show in a FFT, ... In general a (noise) signal that is correlated with an audio signal ... will NOT have high temporal coherence (even if the jitter on the clock ... The only other point is that temporally coherent signals, ...
    (rec.audio.pro)
  • Re: anyone have an answer to this?
    ... size of FFT, ... ... noise and choice of signal. ... % Signals arriving at input of microphones...with different phase ... %Phase Correlation ...
    (comp.dsp)
  • Re: anyone have an answer to this?
    ... size of FFT, ... ... noise and choice of signal. ... % Signals arriving at input of microphones...with different phase ... %Phase Correlation ...
    (comp.dsp)
  • Re: FFT Averaging
    ... You do understand you are doing a portion of a zoom FFT when you add the ... >variance of the noise. ... >averaging in this fashoin does indeed show the noise floor falling. ... >Even if the signals were not synchronous you might imagine advancing the ...
    (comp.dsp)