Methods and means of protecting information from leakage through technical channels. Technical channel of information leakage

12.08.2019 Advice

Protected information is owned and protected against legal documents. When carrying out measures to protect non-state information resources that are bank or commercial secrets, the requirements of regulatory documents are advisory in nature. Information protection regimes for non-state secrets are established by the owner of the data.

Actions to protect confidential data from leakage through technical channels are one of the parts of measures at the enterprise to ensure information security. Organizational actions to protect information from leaks through technical channels are based on a number of recommendations when choosing premises where work will be carried out to preserve and process confidential information. Also, when choosing technical means of protection, you must first of all rely on certified products.

When organizing measures to protect the leakage of technical information channels at the protected object, the following stages can be considered:

Preparatory, pre-project
STZI design
The stage of putting into operation of the protected object and the system of technical protection of information

The first stage involves preparation for the creation of a system of technical protection of information at protected objects. When examining possible technical leakage flows at the facility, the following are studied:

The plan of the adjacent area to the building within a radius of 300 m.
Plan of each floor of the building with a study of the characteristics of walls, finishes, windows, doors, etc.
Schematic diagram of grounding systems for electronic objects
The layout of the communications of the entire building, together with the ventilation system
Power supply plan of the building showing all panels and the location of the transformer
Plan-diagram
Schematic diagram of fire and burglar alarms with indication of all sensors

Having learned the leakage of information as an uncontrolled exit of confidential data outside the boundaries of the circle of persons or organization, let us consider how such a leak is implemented. At the heart of such a leak is the uncontrolled removal of confidential data by means of light, acoustic, electromagnetic or other fields or material carriers. Whatever the different reasons for the leaks, they have a lot in common. As a rule, the reasons are associated with gaps in the norms of preserving information and violations of these norms.

Information can be transmitted either by substance or by field. A person is not considered as a carrier, he is a source or subject of relations. Figure 1 shows the means of transferring information. A person takes advantage of different physical fields that create communication systems. Any such system has components: a source, a transmitter, a transmission line, a receiver and a receiver. Such systems are used every day in accordance with their intended purpose and are the official means of data exchange. Such channels provide and control for the secure exchange of information. But there are also channels that are hidden from prying eyes, and through them they can transfer data that should not be transferred to third parties. Such channels are called leakage channels. Figure 2 shows a schematic diagram of the leakage channel.

Picture 1

Drawing - 2

To create a leakage channel, certain temporal, energetic and spatial conditions are needed that facilitate the reception of data on the side of the attacker. Leakage channels can be divided into:

acoustic
visual-optical
electromagnetic
material

Visual optical channels

These channels are usually remote monitoring. Information acts as a light that comes from a source of information. The classification of such channels is shown in Fig. 3. Methods of protection against visual leakage channels:

reduce the reflective characteristics of the protected object
arrange objects in such a way as to exclude reflection to the sides of the potential location of the attacker
reduce object illumination
apply masking methods and others to mislead the attacker
use barriers

Figure - 3

Acoustic channels

In such channels, the carrier has sound that lies in the ultra range (more than 20,000 Hz). The channel is realized through the propagation of an acoustic wave in all directions. As soon as there is an obstacle in the path of the wave, it activates the oscillatory mode of the obstacle, and the sound can be read from the obstacle. Sound propagates in different ways in different propagation media. The differences are shown in Fig. 4. Figure 5. the diagram of vibrational and acoustic channels of information leakage is shown.

Figure - 4

Figure - 5

Protection from acoustic channels is primarily an organizational measure. They imply the implementation of architectural and planning, regime and spatial measures, as well as organizational and technical active and passive measures. Such methods are shown in Figure 6. Architectural and planning measures implement certain requirements at the stage of building design. Organizational and technical methods imply the implementation of sound-absorbing means. Examples are materials such as cotton wool, carpets, foam concrete, etc. They have a lot of porous gaps that lead to a lot of reflection and absorption of sound waves. They also use special hermetic acoustic panels. The value of sound absorption A is determined by the coefficients of sound absorption and the dimensions of the surface of which the sound absorption is: A = Σα * S. The values of the coefficients are known, for porous materials it is 0.2 - 0.8. For concrete or brick, this is 0.01 - 0.03. For example, when treating walls α = 0.03 with a porous plaster α = 0.3, the sound pressure decreases by 10 dB.

Figure - 6

Sound level meters are used to accurately determine the effectiveness of sound insulation protection. A sound level meter is a device that changes sound pressure fluctuations into readings. The scheme of work is shown in Fig. 7. Electronic stethoscopes are used to assess the characteristics of the protection of buildings from leaks through vibration and acoustic channels. They listen to sound through floors, walls, heating systems, ceilings, etc. Stethoscope sensitivity in the range from 0.3 to 1.5 v / dB. At a sound level of 34 - 60 dB, such stethoscopes can listen through structures up to 1.5 m thick. If passive protection measures do not help, noise generators can be used. They are placed around the perimeter of the room in order to create their own vibration waves on the structure.

Figure - 7

Electromagnetic channels

For such channels, the carrier has electromagnetic waves in the range of 10,000 m (frequency< 30 Гц) до волн длиной 1 — 0,1 мм (частота 300 — 3000 Гц). Классификация электромагнитных каналов утечек информации показана на рис.8.

Figure - 8

There are known electromagnetic leakage channels:

With the help of design and technical measures, it is possible to localize some leakage channels using:

weakening of inductive, electromagnetic coupling between elements
shielding of units and elements of equipment
filtering signals in power or ground circuits

Organizational measures to eliminate electromagnetic leakage channels are shown in Fig. 9.

Figure - 9

Any electronic unit under the influence of a high-frequency electromagnetic field becomes a re-emitter, a secondary source of radiation. This is called intermodulation radiation. To protect against such a leakage channel, it is necessary to prevent the passage of high-frequency current through the microphone. It is realized by connecting a capacitor with a capacity of 0.01 - 0.05 μF to a microphone in parallel.

Material channels

Such channels are created in a solid, gaseous or liquid state. This is often the waste of the enterprise. The classification of material-material channels is shown in Fig. 10.

Figure - 10

Protection from such channels is a whole range of measures to control the release of confidential information in the form of industrial or production waste.

conclusions

Data leakage is the uncontrolled escape of information beyond physical boundaries or the circle of persons. Systematic monitoring is needed to identify data leaks. Localization of leakage channels is implemented by organizational and technical means.

The subsystem of engineering and technical protection of information from leakage is designed to reduce the risk (probability) of unauthorized dissemination of information from a source located inside the controlled area to an attacker to acceptable values. To achieve this goal, the system must have mechanisms (forces and means) for detecting and neutralizing threats of eavesdropping, surveillance, interception and information leakage through a material channel.

In accordance with the classification of methods of engineering and technical protection of information considered in the second section, the basis for the functioning of the system of engineering and technical protection of information from leakage is made up of methods of spatial, temporal, structural and energy hiding.

To ensure spatial concealment, the system must have hidden locations for information sources, known only to people who directly work with it. A very limited circle of people has access to the premises in which secret documents are kept. The heads of private structures often use caches in the form of a safe built into the wall and covered with a painting and even a separate room with a camouflaged door to store especially valuable documents.

To implement temporary concealment, the protection system must have a mechanism for determining the time of occurrence of a threat. In general, this time can be predicted, but with a large error. But in some cases it is determined with sufficient accuracy. Such cases include time:

§ flying over the object of protection of the reconnaissance spacecraft;

§ operation of a radio-electronic device or electrical device as a source of dangerous signals;

§ being in the designated room of the visitor.

The ability to accurately determine the location of the reconnaissance spacecraft (SC) in outer space makes it possible to organize effective temporary secrecy of the protected object. This time is calculated according to the parameters of the orbit of the launched spacecraft by a special service, which informs interested organizations about the schedule of its flight. The inclusion of a radio-electronic device and an electrical device that has not passed a special test creates a potential threat to speech information in the room in which this tool or device is installed. Therefore, conversations on closed issues with untested or unprotected radio electronic means and devices turned on are prohibited. Also, the arrival of a visitor to the allocated room should be considered as the emergence of a threat of information leakage. Therefore, in his presence, conversations and the display of tools and materials that are not related to the subject of the issues solved with the visitor are excluded. In order to avoid leakage of information through visitors, negotiations with them, except for cases when it becomes necessary in the discussion to demonstrate the work of funds, are held in a special dedicated room for negotiations,

located at a minimum distance from the checkpoint.

Structural and energetic concealment means differ significantly depending on the threats. Therefore, in the general case, it is advisable to divide the subsystem of engineering and technical protection against information leakage into complexes, each of which combines the forces and means of preventing one of the threats of information leakage (Fig. 19.7).

Array (=> Y => Y => Y => Y => presscenter => 23 => Array () => Array (=> Otype => linked_products => linked_service => linked_solutions) => / press-center / article / # ELEMENT_ID # / => - => - => - => => 1 => N => 1 => 1 => dmY => A => 3600 => Y => => Array (=> 1) => => 1 => Page => => => 1 => 1 => 4761 => => / press-center / article / => N => => => => => => / press- center / article / => ACTIVE_FROM => DESC => ID => DESC [~ DISPLAY_DATE] => Y [~ DISPLAY_NAME] => Y [~ DISPLAY_PICTURE] => Y [~ DISPLAY_PREVIEW_TEXT] => Y [~ IBLOCK_TYPE] => presscenter [~ IBLOCK_ID] => 23 [~ FIELD_CODE] => Array (=> =>) [~ PROPERTY_CODE] => Array (=> Otype => linked_products => linked_service => linked_solutions) [~ DETAIL_URL] => / press -center / article / # ELEMENT_ID # / [~ META_KEYWORDS] => - [~ META_DESCRIPTION] => - [~ BROWSER_TITLE] => - [~ DISPLAY_PANEL] => [~ SET_TITLE] => Y [~ SET_STATUS_404] => N [~ INCLUDE_IBL OCK_INTO_CHAIN] => Y [~ ADD_SECTIONS_CHAIN] => Y [~ ACTIVE_DATE_FORMAT] => dmY [~ CACHE_TYPE] => A [~ CACHE_TIME] => 3600 [~ CACHE_GROUPS] => Y [~ USE_PERMISS] ] => [~ DISPLAY_TOP_PAGER] => N [~ DISPLAY_BOTTOM_PAGER] => Y [~ PAGER_TITLE] => Page [~ PAGER_SHOW_ALWAYS] => N [~ PAGER_TEMPLATE] => [~ PAGER_SHOW_ALLEC] => [YD Y [~ ELEMENT_ID] => 4761 [~ ELEMENT_CODE] => [~ IBLOCK_URL] => / press-center / article / [~ USE_SHARE] => N [~ SHARE_HIDE] => [~ SHARE_TEMPLATE] => [~ SHARE_HANDLERS] => [~ SHARE_SHORTEN_URL_LOGIN] => [~ SHARE_SHORTEN_URL_KEY] => [~ SEF_FOLDER] => / press-center / article / [~ SORT_BY1] => ACTIVE_FROM [~ SORT_ORDER1] => DESC [= ~ SORT_ IDBY2 SORT_ORDER2] => DESC =>)

Modern technologies to protect against leakage of confidential information

Today, automated systems (AS) are the basis for supporting almost any business process, both in commercial and government organizations. At the same time, the widespread use of AS for storing, processing and transmitting information leads to an aggravation of the problems associated with their protection. This is confirmed by the fact that over the past few years, both in Russia and in leading foreign countries, there has been a tendency to an increase in the number of information attacks, leading to significant financial and material losses. So, according to the Ministry of Internal Affairs of the Russian Federation, the number of computer crimes related to unauthorized access to confidential information increased from six hundred in 2000 to seven thousand in 2003.

At the same time, as noted by many research centers, more than 80% of all incidents related to information security breaches are caused by internal threats, the sources of which are legal users of the system. It is believed that one of the most dangerous threats is the leakage of confidential information stored and processed inside the AU. As a rule, the sources of such threats are unscrupulous or infringed on one or another aspect of company employees, who by their actions seek to cause financial or material damage to the organization. All this forces us to take a closer look at both the possible channels of confidential information leakage and to give the reader an opportunity to get acquainted with the range of technical solutions to prevent data leakage.

The intruder model used in this article assumes that company employees who have legal access to confidential information in order to fulfill their functional duties can act as potential intruders. The purpose of this kind of violators is to transfer information outside the AU for the purpose of its subsequent unauthorized use - sale, publishing it in the public domain, etc. In this case, the following possible channels of confidential information leakage can be identified (Fig. 1):

unauthorized copying of confidential information to external media and taking it out of the controlled territory of the enterprise. Examples of such media are floppy disks, CD-ROMs, Flash disks, etc .;

printing confidential information and taking out printed documents outside the controlled area. It should be noted that in this case, both local printers, which are directly connected to the attacker's computer, and remote ones, interaction with which is carried out over the network, can be used;

unauthorized transmission of confidential information over the network to external servers located outside the controlled territory of the enterprise. For example, an attacker can transfer confidential information to external mail or file servers on the Internet, and then download it from there, while at home or anywhere else. To transfer information, the intruder can use the protocols SMTP, HTTP, FTP or any other protocol, depending on the settings for filtering outgoing data packets used in the AU. At the same time, in order to mask his actions, the offender can pre-encrypt the information being sent or transmit it under the guise of standard graphic or video files using steganography methods;

theft of media containing confidential information - hard disks, magnetic tapes, CD-ROMs, etc.

Rice. 1. Channels of leakage of confidential information

Organizational security measures are believed to be at the heart of any defense against a leak of confidential information. As part of these measures, the enterprise should develop and implement organizational and administrative documents defining the list of confidential information resources, possible threats that are associated with them, as well as a list of those measures that must be implemented to counter these threats. Examples of such organizational documents can be the concept and policy of information security, job descriptions of company employees, etc. In addition to organizational security measures, technical solutions should also be used to block the above channels of leakage of confidential information. Below is a description of the various ways to protect information, taking into account their advantages and disadvantages.

An isolated automated system for working with confidential information

The essence of one of the first methods, which began to be used to protect against leakage of confidential information, is to create a dedicated autonomous AS, consisting of computing equipment necessary to work with confidential information (Fig. 2). At the same time, such an AU is completely isolated from any external systems, which makes it possible to exclude possible information leakage over the network.

Rice. 2. Dedicated isolated speaker designed
for processing confidential information

Speakers of this type are equipped with access control systems, as well as video surveillance systems. Access to the premises in which the AU is located is carried out with special passes, while personal searches of employees are usually carried out in order to control electronic and paper information carriers. To block the possibility of information leakage by copying it to external media, all devices that can be used to write information to such media are usually removed from the AC computers. In addition, all system blocks and computer ports are sealed to exclude the possibility of unauthorized connection of new devices. If it is necessary to transfer information outside the allocated premises, this procedure is carried out by one or more employees according to strictly specified regulations using the appropriate equipment. In this case, to work with open information, as well as to access Internet resources, a separate system is used, which is not physically connected in any way with the AS that processes confidential information.

As a rule, the described approach is used in government agencies to protect classified information. It allows you to provide protection against all of the above channels of leakage of confidential information. However, in practice, in many commercial organizations, the majority of employees must simultaneously have access to confidential and public information, as well as work with Internet resources. In such a situation, the creation of an isolated environment for processing confidential information would require the creation of two equivalent AS, one of which was intended only for processing confidential information, and the other - for working with open data and Internet resources. This approach, as a rule, is impossible to implement due to its obvious redundancy and high cost.

Systems for active monitoring of user workstations

Active monitoring systems are specialized software systems designed to detect unauthorized user actions related, in particular, to an attempt to transfer confidential information outside the controlled territory of the enterprise. Monitoring systems consist of the following components (Fig. 3):

sensor modules installed on user workstations and providing collection of information about events registered at these stations;

a module for analyzing data collected by sensors in order to identify unauthorized user actions associated with leakage of confidential information;

a module for responding to detected unauthorized user actions;

module for storing system operation results;

module for centralized management of monitoring system components.

Monitoring system sensors are installed on those workstations where users work with confidential information. Based on the settings specified by the security administrator, system sensors allow you to control the access of user applications to confidential information, as well as impose restrictions on the actions that the user can perform with this information. For example, active monitoring systems allow prohibiting the recording of confidential information on external media, blocking the transfer of information to external network addresses, as well as printing data.

Rice. 3. Typical architecture of systems for active monitoring of user workstations

Examples of commercial software products that can be classified as active monitoring systems are the Uryadnik security policy management system (www.rnt.ru), the DeviceLock access control system (www.devicelock.ru) and the InfoWatch monitoring system "(Www.infowatch.ru).

The advantage of using monitoring systems is the ability to create a virtual isolated environment for processing confidential information without physically separating a separate AS for working with restricted data. In addition, systems of this type make it possible to programmatically restrict the output of information to external media, which eliminates the need to physically remove information recording devices from computers, as well as to seal ports and system blocks. However, the use of active monitoring systems entails the installation of additional software on each workstation, which can potentially lead to an increase in the complexity of the AU administration, as well as to possible conflicts in the operation of the system programs.

Dedicated segment of terminal access to confidential information

Another way to protect against leakage of confidential information is to organize access to confidential information of the AU through intermediate terminal servers. With this access scheme, the user first connects to the terminal server, on which all applications necessary to work with confidential information are installed. After that, the user in a terminal session launches these applications and begins to work with them as if they were installed on his workstation (Fig. 4).

Rice. 4. Scheme of installation of a terminal server for accessing confidential data

In the process of working in a terminal session, only a graphic image of the working area of the screen is sent to the user, while all confidential information with which he works is stored only on the terminal server. One such terminal server, depending on the hardware and software configuration, can simultaneously serve hundreds of users. Examples of terminal servers are Microsoft Terminal Services (www.microsoft.com) and Citrix MetaFrame (www.citrix.com).

Practical use of a technical solution based on a terminal server makes it possible to protect against unauthorized copying of confidential information to external media due to the fact that all information is stored not on workstations, but on the terminal server. Similarly, protection is provided against unauthorized printing of documents. The user can print the document only using a printer installed in the terminal access segment. In this case, all documents output to this printer can be registered in the prescribed manner.

The use of a terminal server also provides protection against unauthorized transmission of confidential information over the network to external servers outside the controlled territory of the enterprise. This is achieved by filtering all data packets directed outside the terminal access segment, with the exception of those packets that provide the transmission of a graphic image of the working area of the screen to the user's station. Such filtering can be implemented using a firewall installed at the interface point of the terminal access segment with the rest of the AS. In this case, all attempts to establish connections from the terminal server to the Internet nodes will be blocked. In this case, the workstation itself can have unhindered access to Internet resources. A dedicated file server located in the terminal access segment can be used to exchange information between users working in terminal sessions.

Tools for content analysis of outgoing data packets

Content analysis tools provide the ability to process network traffic sent outside the controlled area in order to identify possible leakage of confidential information. They are used, as a rule, to analyze outgoing mail and web traffic sent to the Internet. Dozor-Jet (www.jetinfo.ru), Mail Sweeper (www.infosec.ru) and InfoWatch Web Monitor (www.infowatch.com) systems are examples of this type of content analysis tools.
Such means of protection are installed in the gap between the communication channel between the Internet and the enterprise AS, so that all outgoing data packets pass through them (Fig. 5).

Rice. 5. Scheme of installing content analysis tools in the speaker

In the process of analyzing outgoing messages, the latter are divided into service fields, which are processed according to the criteria specified by the security administrator. For example, content analysis tools allow you to block data packets that contain keywords such as "secret", "confidential", etc. These tools also provide the ability to filter messages that are sent to external addresses that are not included in the corporate email system. workflow.

The advantage of this type of protection systems is the ability to monitor and impose restrictions on both the incoming and outgoing traffic flow. However, these systems do not make it possible to guarantee one hundred percent detection of messages containing confidential information. In particular, if an intruder encrypts it or disguises it under the guise of a graphic or music file using steganography methods before sending a message, then the means of content analysis in this case will be practically powerless.

Means of cryptographic protection of confidential information

To protect against information leakage, cryptographic means can also be used to encrypt confidential data stored on hard drives or other media. In this case, the key required to decode the encrypted information must be stored separately from the data. Typically, it is located on an external removable medium such as a floppy disk, Touch Memory key, or USB stick. If the violator manages to steal the carrier with confidential information, he will not be able to decrypt it without the corresponding key.

The considered variant of cryptographic protection does not allow blocking other channels of confidential information leakage, especially if they are committed by the user after he has gained access to the data. Taking into account this drawback, Microsoft has developed the RMS (Windows Rights Management Services) access rights management technology based on the Windows Server 2003 operating system. According to this technology, all confidential information is stored and transmitted in encrypted form, and its decryption is possible only on those computers and those users who have the right to do so. Along with confidential data, a special XML file is also transmitted containing categories of users who are allowed access to information, as well as a list of actions that these users can perform. So, for example, using such an XML file, you can prevent the user from copying confidential information to external media or printing it. In this case, even if the user copies the information to an external medium, it will remain encrypted and he will not be able to access it on another computer. In addition, the owner of the information can determine the time period during which the user will be able to access the information. After this period, user access is automatically blocked. The management of cryptographic keys, with the help of which it is possible to decrypt confidential data, is carried out by the RMS servers installed in the AU.

It should be noted that in order to use the RMS technology, the client software with integrated support for this technology must be installed on the AU workstations. For example, Microsoft has built RMS functionality into its own client software, Microsoft Office 2003 and Internet Explorer. RMS technology is open and can be integrated into any software based on the RMS SDK.

Below is a generalized algorithm for using RMS technology to generate confidential information by user "A" and then gain access to it by user "B" (Fig. 6):

At the first stage, user "A" downloads a public key from the RMS server, which will later be used to encrypt confidential information.

Then user "A" creates a document with confidential information using one of the applications that support RMS functions (for example, using Microsoft Word 2003). After that, the user makes a list of subjects who have access rights to the document, as well as the operations that they can perform. This service information is written by the application into an XML file based on the eXtensible rights Markup Language (XrML).

At the third stage, the user's application "A" encrypts the document with confidential information using a randomly generated symmetric session key, which in turn is encrypted based on the public key of the RMS server. Taking into account the properties of asymmetric cryptography, only the RMS server can decrypt this document, since only it has the corresponding secret key. The encrypted session key is also appended to the XML file associated with the document.

The user sends to the recipient "B" an encrypted document along with an XML file containing service information.

After receiving the document, user "B" opens it using an application with RMS functions.

Since addressee "B" does not have the key required to decrypt it, the application sends a request to the RMS server, which includes an XML file and a public key certificate for user "B".

Having received the request, the RMS server checks the access rights of user B to the document in accordance with the information contained in the XML file. If the user is allowed access, then the RMS server extracts the encrypted session key from the XML file, decrypts it based on its private key, and re-encrypts the key based on the public key of user B. Using the user's public key ensures that only the user can decrypt the key.

In the eighth step, the RMS server sends user B a new XML file containing the encrypted session key obtained in the previous step.

At the last stage, User B's application decrypts the session key based on its private key and uses it to open a document with confidential information. In this case, the application limits the possible actions of the user only to those operations that are listed in the XML file generated by the user "A".

Rice. 6. Scheme of interaction of nodes based on RMS technology

Currently, RMS technology is one of the most promising ways to protect confidential information. As a disadvantage of this technology, it should be noted that it can be implemented only within the Microsoft Windows platform and only on the basis of those applications that use the functions of the RMS SDK.

Conclusion

Currently, one of the most pressing problems in the field of information security is the problem of protection against leakage of confidential information. The technical options for solving this problem, discussed in the article, can be grouped into two types. The first type involves changing the topology of the protected AS by creating an isolated system for processing confidential information, or by allocating a segment of terminal access to confidential data as part of the AS. The second variant of technical solutions consists in the use of various means of protecting the AU, including means of active monitoring, content analysis, as well as means of cryptographic protection of information. The results of the analysis of these two types of technical solutions have shown that each of them is characterized by its own disadvantages and advantages. The choice of a specific protection means depends on many factors, including the topology of the protected AS, the type of application and system-wide software installed in the system, the number of users working with confidential information, and many others. It should be emphasized that the greatest efficiency can be obtained with an integrated approach that provides for the use of both organizational and technical measures to protect information resources from leakage.

Bibliography

1. Official statistics of computer crimes committed in the Russian Federation according to the State Information Center of the Ministry of Internal Affairs of Russia, 2004 (http://www.cyberpol.ru/statcrime.shtml).
2. Technical Overview of Windows Rights Management Services for Windows Server 2003. Microsoft Corporation. November 2003. (http://www.microsoft.com/windowsserver2003/ technologies / rightsmgmt / default.mspx).
3. V.G. Gribunin, I.N. Okov, I.V. Turintsev, Digital steganography, M: Solon-Press, 2002
4. V.A. Serdyuk, A.E. Sharkov, Protection of Information Systems from Fifth Column Threats // PCWeek, No. 34, 2003.

Protection against information leakage - the solution of JSC "DialogueNauka"

Chapter 1.

1. CLASSIFICATION AND BRIEF DESCRIPTION
TECHNICAL CHANNELS OF INFORMATION LEAKAGE

1.1. GENERAL CHARACTERISTICS OF TECHNICAL LEAKAGE CHANNEL

Under the technical channel of information leakage (TKUI) they understand the totality of the reconnaissance object, the technical reconnaissance tool (TSR), with the help of which information about this object is obtained, and the physical environment in which the information signal propagates. In fact, TKUI means method of obtaining reconnaissance information using TCP about the object. Moreover, under intelligence information usually means information or a set of data about objects of exploration, regardless of the form of their presentation.
Signals are material carriers of information. By their physical nature, signals can be electrical, electromagnetic, acoustic, etc. That is, signals, as a rule, are electromagnetic, mechanical and other types of oscillations (waves), and the information is contained in their changing parameters.
Depending on their nature, signals propagate in specific physical environments. In the general case, the propagation medium can be gas (air), liquid (water) and solid media. For example, airspace, building structures, connecting lines and conductive elements, soil (earth), etc.
The technical means of reconnaissance are used to receive and measure the parameters of signals.
This manual examines portable reconnaissance equipment used to intercept information processed in technical means, acoustic (speech) information, as well as covert surveillance and shooting equipment.

1.2. CLASSIFICATION AND CHARACTERISTICS OF TECHNICAL LEAKAGE CHANNELS,
PROCESSED FRUIT

Under technical means of receiving, processing, storing and transmitting information (TSPI) understand technical means that directly process confidential information. Such means include: electronic computing equipment, modeled automatic telephone exchanges, operational command and loud-speaking communication systems, sound reinforcement systems, sound accompaniment and sound recording, etc. ...
When identifying technical channels of information leakage, an electronic device should be considered as a system that includes the main (stationary) equipment, terminal devices, connecting lines (a set of wires and cables laid between individual electronic devices and their elements), distribution and switching devices, power supply systems, and grounding systems.
Separate technical means or a group of technical means intended for the processing of confidential information, together with the premises in which they are located, constitute object of TSPI... TSPI objects are also understood as dedicated premises intended for holding closed events.
Along with the TSPI, technical means and systems are installed in the premises that are not directly involved in the processing of confidential information, but are used in conjunction with the TSPI and are located in the area of the electromagnetic field created by them. Such technical means and systems are called auxiliary technical means and systems (VTSS)... These include: technical means of open telephone, loudspeaker communication, fire and security alarm systems, electrical power systems, radio systems, clock systems, household appliances, etc. ...
As a channel of information leakage, the most interesting are VTSS, which go beyond controlled area (KZ), those. an area in which the appearance of persons and vehicles that do not have permanent or temporary passes is excluded.
In addition to the connecting lines of TSPI and VTSS, wires and cables, which are not related to them, but pass through the rooms where the technical means are installed, as well as metal pipes of heating systems, water supply and other conductive metal structures, can go outside the controlled area. Such wires, cables and conductive elements are called by extraneous conductors.
Depending on the physical nature of the emergence of information signals, as well as the medium of their propagation and methods of interception, technical channels of information leakage can be divided into electromagnetic, electrical and parametric(Figure 1.1).

1.2.1. Electromagnetic channels of information leakage

TO electromagnetic include channels of information leakage arising from various types of spurious electromagnetic radiation (EMP) of TSPI:
· Radiation of the elements of TSPI;
· Radiation at the frequencies of operation of high-frequency (HF) generators TSPI;
· Radiation at frequencies of self-excitation of low-frequency amplifiers (ULF) RTSPI.

1.2.2. Electrical channels of information leakage

The reasons for the emergence of electrical channels of information leakage can be:
· Guidance of electromagnetic radiation of TSPI on the connecting lines of VTSS and foreign conductors that go beyond the controlled area;
· Infiltration of information signals in the power supply circuit of the TSPI;
· Leakage of information signals in the grounding circuit of the TSPI.
Inductions of electromagnetic radiation TSPI arise when the elements of the TSPI (including their connecting lines) emit information signals, as well as in the presence of galvanic connection of the connecting lines of the TSPI and foreign conductors or VTSS lines. The level of the induced signals largely depends on the power of the emitted signals, the distance to the conductors, as well as the length of the joint run of the connecting lines of the RTD and foreign conductors.
The space around the TSPI, within which an information signal is induced on random antennas above the permissible (normalized) level, is called (dangerous) zone 1 .
A random antenna is a BTCC circuit or foreign conductors capable of receiving spurious electromagnetic radiation.
Random antennas can be lumped and distributed. Lumped random antenna is a compact technical means, for example a telephone set, a loudspeaker of a radio broadcasting network, etc. TO distributed random antennas include random antennas with distributed parameters: cables, wires, metal pipes and other conductive communications.
Leakage of information signals in the power supply circuit possible if there is a magnetic connection between the output transformer of the amplifier (for example, ULF) and the transformer of the rectifier device. In addition, the currents of the amplified information signals are closed through the power supply, creating a voltage drop across its internal resistance, which, with insufficient attenuation in the filter of the rectifier device, can be detected in the power supply line. The information signal can penetrate into the power supply circuits also as a result of the fact that the average value of the consumed current in the final stages of the amplifiers depends to a greater or lesser extent on the amplitude of the information signal, which creates an uneven load on the rectifier and leads to a change in the consumed current according to the law of the information signal.
Leakage of information signals in the ground circuit ... In addition to grounding conductors, which are used for direct connection of the RTD with the ground loop, various conductors that extend beyond the controlled area can have a galvanic connection to the ground. These include the neutral wire of the power supply network, screens (metal sheaths) of connecting cables, metal pipes of heating and water supply systems, metal fittings of reinforced concrete structures, etc. All these conductors, together with the grounding device, form a branched grounding system, to which information signals can be induced. In addition, an electromagnetic field appears in the ground around the grounding device, which is also a source of information.
Interception of information signals through electrical leakage channels is possible by direct connection to the VTSS connecting lines and extraneous conductors passing through the premises where the TSPI are installed, as well as to their power supply and grounding systems. For these purposes, special means of radio and electronic reconnaissance are used, as well as special measuring equipment.
Diagrams of electrical channels of information leakage are shown in Fig. 1.3 and 1.4.

Removing information using hardware bookmarks ... In recent years, there has been an increase in the number of cases of information retrieval processed in the TSPI by installing electronic devices for intercepting information in them - embedded devices.
Electronic devices for intercepting information installed in the RTSPI are sometimes called hardware bookmarks... They are mini-transmitters, the radiation of which is modulated by an information signal. Most often, bookmarks are installed in foreign-made TSPI, however, their installation is also possible in domestic means.
The information intercepted with the help of embedded devices is either directly transmitted over the radio channel, or is first recorded on a special storage device, and only then, on command, it is transmitted to the object that requested it. A diagram of an information leakage channel using embedded devices is shown in Fig. 1.5.

1.2.3. Parametric channel of information leakage

Interception of information processed in technical means is also possible by means of their “ high-frequency irradiation”. When the irradiating electromagnetic field interacts with the elements of the TSPI, the re-emission of the electromagnetic field occurs. In some cases, this secondary radiation is modulated by an information signal. When retrieving information, to eliminate the mutual influence of the irradiating and re-emitted signals, their temporal or frequency isolation can be used. For example, pulsed signals can be used to irradiate the DRT.
When re-emitted, the parameters of the signals change. Therefore, this channel of information leakage is often called parametric.
To intercept information on this channel, special high-frequency generators with antennas with narrow radiation patterns and special radio receivers are required. The diagram of the parametric channel of information leakage is shown in Fig. 1.6.