Interception of Sensitive Information
When disposing of a draft
copy of a confidential report containing its sales strategies for the next five
years, a company wants to be especially sure that the report is not
reconstructable by one of its competitors. When the report exists only as hard
copy, destroying the report is straightforward, usually accomplished by
shredding or burning. But when the report exists digitally, destruction is more
problematic. There may be many copies of the report in digital and paper form
and in many locations (including on the computer and on storage media). There
may also be copies in backups and archived in e-mail files. In this section, we
look at several ways to dispose of sensitive information.
Shredding
Shredders have existed for a
long time, as devices used by banks, government agencies, and others
organizations to dispose of large amounts of confidential data. Although most
of the shredded data is on paper, shredders can also be used for destroying
printer ribbons and some types of disks and tapes. Shredders work by converting
their input to thin strips or pulp, with enough volume to make it infeasible
for most people to try to reconstruct the original from its many pieces. When
data are extremely sensitive, some organizations burn the shredded output for
added protection.
Overwriting Magnetic Data
Magnetic media present a
special problem for those trying to protect the contents. When data are stored
on magnetic disks, the ERASE or DELETE functions often simply change a
directory pointer to free up space on the disk. As a result, the sensitive data
are still recorded on the medium, and they can be recovered by analysis of the directory.
A more secure way to destroy data on magnetic devices is to overwrite the data
several times, using a different pattern each time. This process removes enough
magnetic residue to prevent most people from reconstructing the original file.
However, "cleaning" a disk in this fashion takes time. Moreover, a
person using highly specialized equipment might be able to identify each
separate message, much like the process of peeling off layers of wallpaper to
reveal the wall beneath.
Degaussing
Degaussers destroy magnetic
fields. Passing a disk or other magnetic medium through a degausser generates a
magnetic flux so forceful that all magnetic charges are instantly realigned,
thereby fusing all the separate layers. A degausser is a fast way to cleanse a
magnetic medium, although there is still question as to whether it is adequate
for use in the most sensitive of applications. (Media that have had the same
pattern for a long time, such as a disk saved for archival purposes, may retain
traces of the original pattern even after it has been overwritten many times or
degaussed.) For most users, a degausser is a fast way to neutralize a disk or
tape, permitting it to be reused by others.
Protecting Against Emanation: Tempest
Computer screens emit signals
that can be detected from a distance. In fact, any components, including
printers, disk drives, and processors, can emit information. Tempest is a U.S.
government program under which computer equipment is certified as emission-free
(that is, no detectable emissions). There are two approaches for preparing a
device for Tempest certification: enclosing the device and modifying the
emanations.
The obvious solution to
preventing emanations is to trap the signals before they can be picked up.
Enclosing a device in a conductive case, such as copper, diffuses all the waves
by conducting them throughout the case. Copper is a good conductor, and the
waves travel much better through copper than through the air outside the case,
so the emissions are rendered harmless.
This solution works very well
with cable, which is then enclosed in a solid, emanation-proof shield.
Typically, the shielded cable is left exposed so that it is easy to inspect
visually for any signs of tapping or other tampering. The shielding must be
complete. That is, it does little good to shield a length of cable but not also
shield the junction box at which that cable is connected to a component. The
line to the component and the component itself must be shielded, too.
The shield must enclose the
device completely. If top, bottom, and three sides are shielded, emanations are
prevented only in those directions. However, a solid copper shield is useless
in front of a computer screen. Covering the screen with a fine copper mesh in
an intricate pattern carries the emanation safely away. This approach solves
the emanation problem while still maintaining the screen's usability.
Entire computer rooms or even
whole buildings can be shielded in copper so that large computers inside do not
leak sensitive emanations. Although it seems appealing to shield the room or
building instead of each component, the scheme has significant drawbacks. A
shielded room is inconvenient because it is impossible to expand the room
easily as needs change. The shielding must be done carefully, because any
puncture is a possible point of emanation. Furthermore, continuous metal
pathways, such as water pipes or heating ducts, act as antennas to convey the
emanations away from their source.
Emanations can also be
designed in such a way that they cannot be retrieved. This process is similar
to generating noise in an attempt to jam or block a radio signal. With this
approach, the emanations of a piece of equipment must be modified by addition
of spurious signals. Additional processors are added to Tempest equipment
specifically to generate signals that fool an interceptor. The exact Tempest
modification methods are classified.
As might be expected,
Tempest-enclosed components are larger and heavier than their unprotected
counterparts. Tempest testing is a rigorous program of the U.S. Department of
Defense. Once a product has been approved, even a minor design modification,
such as changing from one manufacturer's power supply to an equivalent one from
another manufacturer, invalidates the Tempest approval.
Therefore, these components
are costly, ranging in price from 10 percent to 300 percent more than similar
non-Tempest products. They are most appropriate in situations in which the data
to be confined are of great value, such as top-level government information.
Other groups with less dramatic needs can use other less rigorous shielding.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.