Gone with the Wind – Unauthorised Disclosure of Information

Information may sometimes be disclosed to people for whom it is not intended. This usually does not bode well for information stake holders. Information may be disclosed either intentionally or unintentionally. Information can be disclosed unintentionally by social engineering, covert channels, malicious code etc. Accidental disclosure includes object reuse and emanation.


Object Reuse – Can I use your pen drive please?
Many a times, USB drives are exchanged in work places. Before a USB is handed over to someone, make sure that it does not contain any information. This concept also applies to memory. When a process uses a particular part of memory it should remove all residual data in memory before giving up that portion of memory. Otherwise subsequent processess may be able to read what was left over and may be able to use it in a malicious way. Deleting a file or formatting a disk only removes pointers to the file does not delete the file itself. So, in case of highly sensitive information, more drastic ways like degaussing may be used.

Emanation Security – Abracadabra – here is your data
All electronic devices emit electrical signals. These signals can contain data. An intruder with the right equipment and at the right place may be able to read the data off the emitted signals. Details about covert operations could be thus extracted literally out of thin air.

Countermeasures against emanation

Tempest – oh! what a storm
Tempest refers to a program started by the DoD and became a standard. Tempest now refers to a standard which describes how to develop countermeasures that control emission of electrical signal from electronic devices. The devices have an outer metal coating referred to as ‘Faraday Cage’. This is made of a metal with the necessary depth to ensure that only the permitted amount of electrical signal is emitted from the device – monitor/ printer/ computer. This countermeasure is generally used in highly sensitive military establishments.

White Noise – The silence is killing
White noise is also a countermeasure that protects intruders capturing data in electrical signals that emanate from electronic systems. White noise is a uniform spectrum of random electrical signals. It is distributed over the full spectrum so that the intruder cannot separate the real data from the noise.

Control Zone – The wall’s turn
This refers to a practice of layering the wall of a highly sensitive area with special material so that electrical signals emitted by computers containing sensitive information cannot be captured by an intruder.

Comments are closed.