S 4.89 Emission security

Initiation responsibility: IT Security Management

Implementation responsibility: IT Security Management

Every electronic device emits electromagnetic waves of a greater or lesser strength. These emissions are known as stray radiation or radiated interference. Their maximum permissible strength is stipulated in the Law on the Electromagnetic Compatibility of Devices (German abbreviation: EMVG). In devices which process information (PCs, printers, fax machines, modems etc.), this stray radiation may also carry the information currently being processed. Information-bearing radiation of this nature is referred to as compromising emanations. If the compromising emanations can be received some distance away, for example in a neighbouring building or in a vehicle parked nearby, it is possible to reconstruct the information from the emanations. The confidentiality of the data is therefore called into question. The limiting values set by the EMVG are generally not sufficient to prevent interception of compromising emanations. Usually it is necessary to take additional steps to ensure this.

Compromising emanations can emerge from a room in different ways:

• In the form of electromagnetic waves, which are propagated through free space in the same way as radio waves.

• As conducted radiation along metallic conductors (cables, air-conditioning ducts, heating pipes).

• By cross-talking from a data cable to other cables laid parallel. The radiation propagates along the parallel cables and can be picked off from these even a long distance away.

• As acoustic radiation, for example in the case of printers. The detailed information from the printing process is disseminated as sound or ultrasound, and can be picked up with microphones.

• In the form of acoustic cross-talk to other devices. Sound is converted into electrical signals by sound-sensitive parts of equipment, which under certain conditions can function in a similar way to a microphone. The sound is then propagated further along metallic conductors, or also in the form of electromagnetic radiation.

• Compromising emanations may also be caused by external manipulation of devices. If a device is irradiated with high-frequency energy, for example, the electrical processes in the device can influence the radiated waves in such a way that they subsequently carry the processed information with them.

In all of these cases the nature of the installation, in other words the cabling between the devices and from the devices to the electricity supply system, has a substantial influence on propagation and hence on the range of the radiation.

The BSI has developed and is still developing various protective measures which effectively reduce the risk without significantly increasing costs. These include:

• Zone model

The BSI has developed a zone model which takes account of the propagation conditions of compromising emanations in relation to particular conditions in certain buildings and on certain sites. The attenuation of the radiation on its way from the originating IT device to the potential receiver is determined by metrological means. Depending on the circumstances at the place of use, it may be possible to use devices to which only minor interference suppression measures have to be applied, or no measures at all.

• Emanation suppression at source

Emanation suppression at source is particularly valuable when developing new IT products. This involves suppressing the compromising emanations at their place of origin within the device, or modifying them in such a way that they can no longer be utilised. This method might also allow the use of low-cost plastic housings, for example, with a negligible impact on the batch production price.

• Set of radiation criteria

The purpose of a detailed set of radiation criteria is the graduated testing of IT devices and systems The rationale behind this concept is to adapt the scope of the protection measures as closely as possible to the threat situation assumed to exist by the user, so as in that way to achieve an optimum of emission security with the minimum of cost.

• Accelerated measurement procedures

Devising accelerated measurement procedures and manipulation test procedures enables emission security to be ensured at as low a cost as possible after maintenance, repair or potentially unauthorised access.

• Use of low-emission or emission-protected equipment

Manufacturers of PC monitors often make use of the term "low-emission" according to MPR II, TCO or SSI in their advertising material. However, these guidelines only take account of the possible damaging effects to health of radiation from equipment. The measuring techniques and limit values for radiation are therefore entirely unsuited to producing evidence of compromising emanations and do not allow any assessment to be made of security against the unauthorised interception of data via compromising emanations.

In addition, special emission-protected IT systems are also offered by some suppliers. There are numerous levels of emission protection provided in this field. In order to allow the classification of IT systems with high protection requirements, in particular, the BSI developed a set of criteria known as TEMPEST (Temporary Emission and Spurious Transmission) criteria. Whether a manufacturer includes emission protected devices conforming to the TEMPEST criteria in its range of products should be clarified by asking the manufacturer or the BSI, or by checking the official product overview in BSI 7206. The statement that a device has been awarded TEMPEST approval should always be accompanied by indication of the level of approval.