Re: Secure passwords?

nemo_outis wrote:
"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
news:eYvnf.75$G8.0@xxxxxxxxxxxxxxxxxxxx: 


The putative effects of interference are frequently overestimated.
It is electronic child's play to filter interference and even,
given the enormous redundancy in many signals, to extract
information many decibels *below* the noise floor.


"Child's play"? Gotta have a cite for that one.. admittedly, I'm
assuming that the box is somewhere close to the CRT and keyboard.

Here's one example of a "canned solution" extracting signals from
noise using FFT integration. This particular device concentrates on
audio but the processes are quite general and apply to virtually all
signal processing. Hell, these things are now pretty standard - they
last were cutting edge when I read about them in Aviation Week in the
60s!

http://www.baudline.com/manual/process.html 

And hardly the same level of complexity! Being able to integrate a
cuboid doesn't mean that you can provide a pure solution for, say, a
four-way partial differential equation

Not that I'm saying it *can't* be done, of course - after all, aren't
weather forecasts 100% accurate?  ;o)




An FFT is an FFT is an FFT is an FFT! (with apologies to Gertrude Stein :-)

The technique is *very broadly applicable* to extracting signals that contain redundancy from below the noise floor in *many* areas of signal processing. It is one of a family of time & frequency domain transform techniques widely used in DSP. See, for instance, a discussion of their application with emphasis on radar in:

Time-frequency Transforms for Radar Imaging and Signal Analysis
http://www.scitechpub.com/Chen_Time_Freq.htm

As for partial differential equations, all of E&M reduces to Maxwell's 4 differential equations. And I've solved a few cases of them (trivial cases just for waveguides). Instead, my differential equation solving usually deals with the nastier Navier-Stokes differential equations applicable to fluid dynamics. But, really, all this is beside the point; DEs have only a tangential bearing on the issues we're discussing.

As an index of how commonplace an EE problem extracting signals from noise is, googling for it gives almost a million hits! Here's one example drawn at random that discusses how an entire technology, spread-
spectrum transmission, depends on the ability to extract signals from noise:

Open Spectrum: A Path to Ubiquitous Connectivity
http://acmqueue.com/modules.php?name=Content&pa=showpage&pid=37



I disagree.  Few have access to Tempest kit to make observations,
other than illustrations in manufacturers' brochures (which
disclose little other than the obvious).


Few != None

Some of us may well have used such equipment for years (hint, hint)

See above for the trivial classification level, at least here in
the UK.



....snip...

For the third time of saying - the classification level is the lowest
level possible, at least for the basics (i.e. how to build it). And
the techniques used aren't exactly cutting-edge, either. Nor the
materials. 

Have to say that I can't really understand your problem, if you've
ever used such kit. Which may or may not be likely, based on simple
age - it's far more common these days to shield the building and use
off-the-shelf equipment, except for the higher-classification
networks. Even then, a small amount of proximity control goes an awful
long way.




I've used 'em but only briefly - but I've never been under the hood in the sense of taking one apart (the lads there frowned on those taking such liberties :-)

However,hubris is the vice the Greek gods punished most severely. It is unwise to believe that a nickel's worth of math, electronics, a tinkerer's enthusiasm, and a few parts suppliers' catalogues, can create good emsec shielding. There's just a little more to it than that.

Any fool can apply general principles to shielding and get, perhaps, 20 dB of suppression. However, achieving 100 dB takes enormous attention to detail. General shielding is easy (that's why any fool can get 20 dB) but finding and closing all the leakage paths (even from, say, flexing causing inadequate compression of RF sealing gaskets) is distinctly non-
trivial (and that's why any fool cannot get 100 dB). And building without testing to ensure one has achieved one's objective is folly. And testing is f**king expensive - there are relatively few certified labs and even some Tempest builders outsource the testing rather than carry the expense and bother!

As just one example, it is expensive and difficult to get the special metallic-deposition-layer glass used for emsec shielding where visibility is required (e.g., screens). The specialized manufacturers don't want to deal in small quantities and it's awkward to ship (including lots of paperwork if borders are crossed).

Now, none of this says emsec shielding can't be done - it IS being done every day - has been for decades. But by *specialty* firms. If you need the technology there's no sense jacking around trying to cobble up these things oneself - just pony up the cash and buy one from Siemens or Cordsen or Emcom (the ones I've used) or whomever.

But before you whip out your chequebook consider whether the not inconsiderable sums of money could be better spent on other aspects of your security - in almost all cases, unless you are as rich as Croesus, you will find yourself deferring the purchase of those Tempest toys.


Moving on to your comment on proximity control, I can only presume you have a Real Estate licence and are hoping to cash in. Increasing the distance by a factor of 10 only gives a 20 dB drop in signal strength; a distance factor of 100 gives 40 dB, 1000 give 60 dB, and 100,000 gives 100 dB! Most of us do not own hundreds of square miles of Nevada desert in order to get 100 dB signal reduction through "proximity control" - it is only a supplementary method that, in practice, might save you one zone.

No, for a real-world discussion of emsec and some of the issues that bear on it let me direct you to the following recent paper by one of Ross Anderson's disciples:

Security Limits for Compromising Emanations
www.cl.cam.ac.uk/~mgk25/ches2005-limits.pdf

Regards,



I gotta live more dangerous n get me a secret....I have been in Venus rooms..not much fun and always stuffy, in several ways... If one wants tempest buy it. If your laying out the cash for the equipment, room mods etc, you should not neglect the security system and trusted guys (always must be more than one) with guns who are anxious to shoot someone and like no one. The room mods and the appropriate crypto gear to secure the data and transmit it securely to some other equally secure environment. Of course perimeter zoning must be controlled even with tempest (tempest only addresses one of many security issues).

After one has invested these funds you have to wonder if paper and pencil might not have been a better solution...

I just gotta get me a secret

As to waveguides and magnatrons, the PFM factor is sufficient for me, it makes my head hurt..I have a difficult enough time figuring what process is calling a specific generic dll and exactly what the process is doing.

There are a couple graphic files floating around the net at the moment that are quite remarkable in their activity...that actually also display a graphic. I already know there are bright bulbs out there... I am not convinced that the graphic decompression engine problem is totally fixed even with the latest MS patch.

Winged
.

Relevant Pages

  • Re: Secure passwords?
    ... >> noise using FFT integration. ... An FFT is an FFT is an FFT is an FFT! ... As an index of how commonplace an EE problem extracting signals from ... metallic-deposition-layer glass used for emsec shielding where visibility ...
    (alt.computer.security)
  • Re: help with navtex/medium wave receiver sensitivity and decoding
    ... the system is too high to pick up anything but the strongest navtex ... above the background noise, and navtex signals are much lower power. ... antenna such as yours it should still dominate. ...
    (sci.electronics.design)
  • Re: Will Radio Engineering be QMs worst nightmare?
    ... Ham radio operators bounce VHF and UHF radio signals off of the ... >> dig the signal out of the noise. ... >> will EVER get a photon emitted. ... >>> One is that there will be no radiation resistance. ...
    (sci.physics)
  • Re: help with navtex/medium wave receiver sensitivity and decoding
    ... the system is too high to pick up anything but the strongest navtex ... above the background noise, and navtex signals are much lower power. ... antenna such as yours it should still dominate. ...
    (sci.electronics.design)
  • Re: help with navtex/medium wave receiver sensitivity and decoding
    ... the receiver just picks up too much noise. ... the system is too high to pick up anything but the strongest navtex ... and navtex signals are much lower power. ... Atmospheric noise is very strong at MF, so even with a capacitive probe antenna such as yours it should still dominate. ...
    (sci.electronics.design)