TEMPEST Supposedly the acronym for "Transient Electromagnetic Pulse Emanation Surveillance Technology." Originally, the potential insecurity due to the electromagnetic radiation which i
Trang 1It is now easy to construct large hardware or software systems which are almost unmanageably complex and never error-free But a good design and development approach can produce systems with far fewer problems One such approach is:
1 Decompose the system into small, testable components
2 Construct and then actually test each of the components individually
This is both easier and harder than it looks: there are many ways to
decompose a large system, and finding an effective and efficient
decomposition can take both experience and trial-and-error But many of the possible decompositions define components which are less testable or even
untestable, so the testability criterion greatly reduces the search
Testing is no panacea: we cannot hope to find all possible bugs this way But
in practice we can hope to find 90 percent or more of the bugs simply by actually testing each component (Component testing means that we are forced to think about what each component does, and about its requirements and limits Then we have to make the realized component conform to those
tests, which were based on our theoretical concepts This will often expose problems, whether in the implementation, the tests, or the concepts.) By testing all components, when we put the system together, we can hope to avoid having to debug multiple independent problems simultaneously
Other important system design concepts include:
Build in test points and switches to facilitate run-time inspection, control, and analysis
Use repeatable comprehensive tests at all levels, and when a
component is "fixed," run those tests again
Start with the most basic system and fewest components, make that
"work" (pass appropriate system tests), then "add features" one-by-one Try not to get too far before making the expanded system work again
Table Selection Combiner
A combining mechanism in which one input selects a table or substitution alphabet, and another input selects a value from within the selected table,
Trang 2said value becoming the combined result Also called a Polyalphabetic
Combiner
TEMPEST
Supposedly the acronym for "Transient Electromagnetic Pulse Emanation Surveillance Technology." Originally, the potential insecurity due to the electromagnetic radiation which inherently occurs when a current flow
changes in a conductor Thus, pulses from digital circuitry might be picked
up by a receiver, and the plaintext data reconstructed The general concept can be extended to the idea that plaintext data pulses may escape on power lines, or as a faint background signal to encrypted data, or in any other
unexpected electronic way
Some amount of current change seems inevitable when switching occurs, and modern digital computation is based on such switching But the amount
of electromagnetic radiation emitted depends upon the amount of current switched, the length of the conductor, and the speed of the switching (that is, dI/dt, or the rate-of-change in current) In normal processing the amount of radiated energy is very small, but the value can be much larger when fast power drivers are used to send signals across cables of some length This typically results in broadband noise which can be sensed with a shortwave receiver, a television, or an AM portable radio Such receivers can be used to monitor attempts at improving the shielding
Ideally, equipment would be fully enclosed in an electrically unbroken
conducting surface In practice, the conductive enclosure may be sheet metal
or screening, with holes for shielded cables Shielding occurs not primarily
from metal per se, but instead from the flow of electrical current in that
metal When an electromagnetic wave passes through a conductive surface,
it induces a current, and that current change creates a similar but opposing electromagnetic wave which nearly cancels the original The metallic
surface must conduct in all directions to properly neutralize waves at every location and from every direction
Stock computer enclosures often have huge unshielded openings which are hidden by a plastic cover These should be covered with metal plates or screening, making sure that good electrical contact occurs at all places
around the edges Note that assuring good electrical connections can be difficult with aluminum, which naturally forms a thin but hard and non-conductive surface oxide It is important to actually monitor emission levels with receivers both before and after any change, and extreme success can be
Trang 3very difficult We can at least make sure that the shielding is tight (that it electrically conducts to all the surrounding metal), that it is as complete as possible, and that external cables are effectively shielded
Cable shielding extends the conductive envelope around signal wires and into the envelope surrounding the equipment the wire goes to Any
electromagnetic radiation from within a shield will tend to produce an
opposing current in the shield conductor which will "cancel" the original
radiation But if a cable shield is not connected at both ends, no opposing
current can flow, and no electromagnetic shielding will occur, despite
having a metallic "shield" around the cable It is thus necessary to assure that
each external cable has a shield, and that the shield is connected to a
conductive enclosure at both ends (Note that some equipment may have an
isolating capacitor between the shield and chassis ground to minimize
"ground loop" effects when the equipment at each end of the cable connects
to different AC sockets.) When shielding is impossible, it can be useful to place ferrite beads or rings around cables to promote a balanced and
therefore essentially non-radiating signal flow
Perhaps the most worrisome emitter on a personal computer is the display cathode ray tube (CRT) Here we have a bundle of three electron beams, serially modulated, with reasonable current, switching quickly, and
repeatedly tracing the exact same picture typically 60 times a second This produces a recognizable substantial signal, and the repetition allows each display point to be compared across many different receptions, thus
removing noise and increasing the effective range of the unintended
communication All things being equal, a liquid-crystal display should
radiate a far smaller and also more-complex signal than a desktop CRT
Transformer
A passive electrical component composed of magnetically-coupled coils of wire When AC flows through one coil or "primary," it creates a changing magnetic field which induces power in another coil A transformer thus
isolates power or signal, and also can change the voltage-to-current ratio, for
example to "step down" line voltage for low-voltage use, or to "step up" low voltages for high-voltage devices (such as tubes or plasma devices)
Transistor
An active semiconductor component which performs analog amplification
Trang 4Originally, a bipolar version with three terminals: Emitter (e), Collector (c), and Base (b) Current flow through the base-emitter junction (Ibe) is
amplified by the current gain or beta (B) of the device in allowing current to flow through the collector-base junction and on through the emitter (Ice)
In a sense, a bipolar transistor consists of two back-to-back diodes: the base-collector junction (operated in reverse bias) and the base-emitter junction (operated in forward bias) which influence each other Current through the base-emitter junction releases either electrons or "holes" which are then drawn to the collector junction by the higher potential there, thus increasing collector current The current ratio between the base input and the collector output is amplification
Field-Effect Transistors (FET's, as in MOSFET, etc.) have an extremely high input impedence, taking essentially no input current, and may be more easily fabricated in integrated circuits than bipolars In an FET, Drain (d) and Source (s) contacts connect to a "doped" semiconductor channel
Extremely close to that channel, but still insulated from it, is a conductive area connected to a Gate (g) contact Voltage on the gate creates an
electrostatic field which interacts with current flowing in the drain-source channel, and can act to turn that current ON or OFF, depending on channel material (P or N), doping (enhancement or depletion), and gate polarity Sometimes the drain and source terminals are interchangeable, and
sometimes the source is connected to the substrate Instead of an insulated gate, we can also have a reverse-biased diode junction, as in a JFET
N-channel FET's generally work better than p-channel devices JFET's can only have "depletion mode," which means that, with the gate grounded to the source, they are ON N-channel JFET devices go OFF with a negative voltage on the gate Normally, MOSFET devices are "enhancement mode" and are OFF with their gate grounded N-channel MOSFET devices go ON with a positive voltage (0.5 to 5v) on the gate Depletion mode n-channel MOSFET devices are possible, but not common
Transposition
The exchange in position of two elements The most primitive possible permutation or re-ordering of elements Any possible permutation can be constructed from a sequence of transpositions
Trap Door
Trang 5A cipher design feature, presumably planned, which allows the apparent strength of the design to be easily avoided by those who know the trick Similar to back door
Triple DES
The particular block cipher which is the U.S Data Encryption Standard or DES, performed three times, with two or three different keys
Truly Random
A random value or sequence derived from a physical source Also called really random and physically random
Trust
The assumption of a particular outcome in a dependence upon someone else Trust is the basis for communications secrecy: While secrecy can involve
keeping one's own secrets, communications secrecy almost inevitably
involves at least a second party We thus necessarily "trust" that party with the secret itself, to say nothing of cryptographic keys It makes little sense to talk about secrecy in the absence of trust
In a true security sense, it is impossible to fully trust anyone: Everyone has their weaknesses, their oversights, their own agendas But normally "trust"
involves some form of commitment by the other party to keep any secrets
that occur Normally the other party is constrained in some way, either by their own self-interest, or by contractual, legal, or other consequences of the failure of trust The idea that there can be any realistic trust between two people who have never met, are not related, have no close friends in
common, are not in the same employ, and are not contractually bound, can
be a very dangerous delusion It is important to recognize that no trust is without limit, and those limits are precisely the commitment of the other party, bolstered by the consequences of betrayal Trust without
consequences is necessarily a very weak trust
Truth Table
Typically, a Boolean function expressed as the table of the value it will
produce for each possible combination of input values
Type I Error
In statistics, the rejection of a true null hypothesis
Type II Error
In statistics, the acceptance of a false null hypothesis
Unary