Security Limits for Electromagnetic Radiation from CRT Displays

Mahshid Zoyousefein/ Saeedeh Hashemniaye Torshizi/ Ayaz Ghorbani

Department of Electrical Engineering Amirkabir University of Technology

Tehran, Iran mahshid.z@aut.ac.ir/hashemniya.s@gmail.com/ghorbani@aut.ac.ir

Abstract—As a key component of personal computer, CRT monitor is the major source of compromising emanation. In this paper we design an emission-security standard which determines the allowable range of unwanted radiation emission from an electronic equipment to prevent eavesdropping of information. We assume a model for radiated emission from CRT and the results show that these emissions are approximately 25 decibel upper than proposed standard in VHF/UHF band. Nevertheless they are acceptable in published EMC standards.

Keywords- Cathode Ray Tube (CRT); Electromagnetic Compatibility (EMC); radiated emission; MIL-STD-461

I. INTRODUCTION Compromising electromagnetic emanation problems appeared already at the end of the 19thψ century. Because of the extensive use of telephones, wire networks became extremely dense. People could sometimes hear other conversations on their phone line due to undesired coupling between parallel wires. This unattended phenomenon, called crosstalk, may be easily canceled by twisting the cables. A description of some early exploitations of compromising emanations has been recently declassified by the National Security Agency [1, 2]. The threat related to compromising emanations has been constantly confirmed by practical attacks such as Cathode Ray Tubes (CRT) displays image recovery [3-5] Liquid Crystal Display(LCD) image recovery [6] or video displays risks [7, 8]. In General, information leakage via electromagnetic emanation from electronic equipments such as computers, CRT(Cathode Ray Tube)monitors, keyboards, communication cables, cable of sources, and power lines is a well known threat. CRT is the major contributor to the radiated emission. Thus, in the paper the radiation model of electron beam in CRT is discussed. Electronic equipments produce conducted and radiated emissions that are related to the data processed by the system. When the content is classified or confidential, as in military applications, the emanations must be severely controlled and restricted so that it is not possible for third parties to recover information intercepting and analyzing the emitted signal [9]. Since in EMC standards, such as FCC, CISPR and MIL-STD-461, nature of radiation emissions and measuring method of them are the most important parameters, investigations

have been done in this paper are not separate from mentioned standards[10-12]. The only difference is that proposed limits are stricter about limits of EMC standards. Unlike in EMC standards that leaked signal is compared with main signal, in proposed standard, leaked signal is compared with noise level. So In this paper, a new secure standard will be presented in order to estimate the limits of radiation fields emitted from an information system. As mentioned above, CRT is the major contributor to the radiated emission. First, the radiation model of electron beam in CRT is discussed and we conclude that most of modern computer monitors generate compromising emanations; hence they are not safe to transmit confidential information. In the next step, a method for designing the purposed standard is presented briefly, and in the following we will demonstrate a general equation for the SNR (signal to noise ratio) at the receiver of eavesdropper, parameters related to the standard and calculation and simulation of mentioned parameters. Finally, the simulation results are compared with limits that obtained in civilian and military EMC standards.

II. MODEL FOR RADIATED EMISSION FROM CRT Among the sources of radiated emission from video display unit, radiated emanation from CRT is much larger than others. The electron beam controlled by video signal and synchronizing current in deflection coils produce radiated electromagnetic waves include both information signal and RF noise. The model of the electron beam is the conductive wire carrying the current signal in the same strength with the electron beam. Variable current from 200uA to 1000uA cause radiation in a vast range of frequency from 20MHz to 300MHz[13],[14].pixel information signal is in form of periodic trapezoidal pulse so contains a series of harmonics as below[13] :

2

( )nj t

Tnn

I t C eπ

∞

=−∞=∑ (1)

2

0

1 ( )T nj t

TnC I t e dt

T

π−= ∫ (2)

In which T is the period time and clock frequency is the 1.57MHz.

2009 Second International Conference on Computer and Electrical Engineering

978-0-7695-3925-6/09 $26.00 © 2009 IEEE

DOI 10.1109/ICCEE.2009.191

454

2009 Second International Conference on Computer and Electrical Engineering

978-0-7695-3925-6/09 $26.00 © 2009 IEEE

DOI 10.1109/ICCEE.2009.191

452

If nnfT

= express frequency of nth harmonic [13], then:

0 sin ( ) sin ( )n n r nIC c f c ftτ τ τ= (3)

0| 2 | 2 sin ( )sin ( )n n n r nII C c f c ftτ τ τ= = (4)

It is important for us to calculate radiation in far zone (r>>l), so we can model the electron beam radiation by electric dipole. According to this model in far zone:

sin4

j rj IL eE Er

β

θωμ θ

π

−

= = (5)

Substituting current equivalents into above equivalents radiated fields from CRT in far zone ,at 1meter distance,[13] become:

1

| |sin sin[ ( )]

2n n r

n nn

f L CE r t

rθ

μ τ τθ β ω

∞

=

+= − −∑ (6)

Figure 1. Maximum electric radiation field from CRT at 1 meter distance

III. EMISSION SECUTITY STANDARD

Proposed standard is a preventative method for protection of equipments and systems that perform the processing of very sensitive information. Thus, to design this standard, we should assume that eavesdropper is equipped by a very sensitive receiver with low noise and high gain devices, and it also has equipment that their bandwidths are variable and tunable perfectly. Furthermore, active antennas with high gains at various frequency bands are employed [15].Consequently, eavesdropper can perform an optimum detection of the received signal. Since this paper is based on the assumption that making the reconstruction of signal impossible, a SNR of not more than 0dB seems to be a reasonable security requirement. Therefore, we suggest calculating maximum

electric field strength radiated from sensitive system to achieve the SNR less than zero so that safety margin for eavesdropper be minimized. On the other hand, by a simple approximation, it can be said that in a communication system there is a direct relationship between SNR and system gains, and a reverse one between SNR and environment loss, because gains are useful for increasing signal strength and losses are useful for increasing noise strength [4]. Thus, SNR at the input of the receiver can be represented as:

1

, 1. .

nb ii

mr n B jj

E GSN f E a

=

=

= ∑∑

(7)

Where EB is the radiated field strength from information processing system, B is the impulse bandwidth, En,B is the field strength of radio noise at the location of the eavesdropping antenna within a bandwidth B, and fr is the noise factor of the eavesdropper’s receiver.

Also 1

nii

G=∑ and

1

mjj

a=∑ indicate summation of

system gains and summation of system losses, respectively. In other aspect, to achieve the desired limit, we need various parameters such as system losses and

gains, field strength of environment noise, receiver noise factor and SNR of receiving signal.

A. Propagation Model and System Losses Regarding that the eavesdropper uses a very sensitive receiver with optimum facilities for receiving information signal, and also tries to near the target system for desired detection, we therefore, used a model same as mobile communication systems that include a fixed sender station and a mobile receiver at VHF/UHF frequency band. As we know, emitted signal from communication system can deliver to eavesdropper through various routes. So we suggest a general site model to calculating total path loss between EUT and eavesdropper’s antenna. Supposing that the eavesdropper is located in an open environment having specifications similar to open area, free space loss is the dominating form of attenuation. But if the eavesdropper is located in an environment except open space (which practically is), it is necessary to calculate path losses regarding to environment where the eavesdropper is located in. One of the most important environments considered in this issue is residential area because it is very easy to hide overhearing equipments in such an environment. Various models for path loss have been represented up to now. But, regarding to the point that in design of standard, highest level of security is considered, we suppose eavesdropper is located in the closest hiding place to sensitive system. Therefore, in this work, path losses are calculated supposing that eavesdropper and processor system are located in the

455453

same building and neighbor rooms. To perform calculation, corresponding to equation (8),

00

( ) ( ) 10 log( )dL d L d n FAFd

= + + (8)

L (d0) is the free space loss in distance of 1m. So then, after substitution (d0=1m), it becomes:

0

( ) 20 log 10log( ) 28MHzdL d f FAFd

= + + − (9)

Where n represents the path loss for observers located in the same floor with sender, and FAF is floor attenuation factor in terms of dB. Also, value of n in commercial areas is 2 at 900MHz and 2.2 at frequencies between 1.2GHz to 4GHz. Now, we consider a propagation model for defining the electric field strength at various distances and environments. It has been pointed that designing basis of this model, is measurement methods of radiation electric field which are presented in EMC standards, so that we can perform a correct comparison between proposed standard in this work and other conventional standards. Usually, an open site or radio wave semi-anechoic chamber [16] is used for the radiated emission tests in the 30 to 1000 MHz band. Regarding to the system model [17] in Fig.2, we assume that emitted equipment is located at 0.9m height from earth; receiver antenna is located in 1~10m horizontal distance from EUT and 1~4m height from the earth. This model uses a semi-anechoic chamber that is designed for radiated emission testing at a distance 10m.

Figure 2. A Setup for measuring electric field strength.

B. System Gains System gain can include antenna gain and processing gain of receiver. Processing gain value of signal is a function of filter applied in signal processor unit in receiver. Supposing this filter is IIR kind, processing gain of this filter can be calculated by following equation:

11p

KGK

+=−

(10)

Where k is called filter parameter and has a value corresponding to inequality 0≤ k <1. Another part of the system gain, is the antenna gain. Regarding to the fact that eavesdropper, uses any tool to have access to the goal signal, it is evident that we should use active antennas with optimum and changeable gain at various frequency ranges. Considered frequency range for radiated emission, is the frequency band from 30MHz to about 1GHz and at lower frequencies, signal emission occurs in conductive form. So, to measure maximum radiation field, a biconical antenna with wiry structure, simulated Fig.3 is used for frequencies 30MHz– 300MHz , and a log-periodic antenna simulated in Fig.4 is used for higher ranges (300MHz –10GHz)[15].

Figure 3. Simulated biconical antenna discretized in wire segments [15].

Figure 4. Simulated log-periodical antenna discretized in wire segments and triangular surface [15].

C. Noise Level Corresponding to ITU-R (P.372), electric field noise levels received by a receiver with bandwidth of 1MHz in

456454

the frequency range of 10kHz to 1GHz, for various environments such as rural, residential, and business area is plotted in (5) [18].It should be mentioned that if receiver bandwidth differs from given bandwidth, and we

can perform this by application of equation 2

1

20log BB

.

Where B1 is the applied bandwidth (1MHz) and B2 is considered bandwidth.

Figure 5. Expected electric field noise levels.

Receiver noise figure is a known number which is usually determined by manufacture in practical applications. In this article, supposing eavesdropper uses an optimum receiver with high sensitivity, noise figure is selected as 10 dB. This value is selected corresponding to a R-1250 model receiver of Dynamic Science Company with bandwidth 1 MHz, because this receiver is one of the most sensitive receivers used in military applications.

IV. COMPARISON OF SIMULATION RESULTS WITH EXISTING STANDARDS

With regard to the performing of established EMC tests in each standard is done at certain distances, therefore, to synchronize the results, 1m distance is considered here as reference distance. The simulation result of the radiated electric filed strength is depicted in Fig.6, in this figure we can see allowable limit of the radiated emission in the 30-1000 MHz. This way, we can compare the emission security test limits proposed here with the EMC emission limits, as shown in Table I. These values have been obtained at 1m distance and 1MHz receiver bandwidth. A comparison of the emission security test limits proposed here with the established EMC limits showed that the new standard is much stricter. In the other words, radiated electric filed strength level have to be 20dB lower than those allowed in CISPR22 and FCC standards and approximately 8-21 dB lower than MIL-STD-461E/RE102.

Figure 6. Simulated radiated emission of emitted equipment measured

using a log-periodic antenna (30-300MHz) and a biconical antenna (300-1000MHZ).

TABLE I. A Comparison of proposed standard and

military and civilian EMC Standards radiated emission limits in some frequencies.

Freq. [MHz]

Electric Field Strength (dBµV/m)

Proposed STD. CISPR22 FCC MIL-STD-461(RE102)

50 35.5 68.4 67.9 44

100 35.5 68.4 71.4 44

250 35.5 75.4 73.9 51

500 36.7 75.4 73.9 58

1000 42.8 75.4 81.9 63.5

REFERENCES [1] M. Vuagnoux, S. Pasini “Compromising Electromagnetic

Emanations of Wired andWireless Keyboards,” 18th USENIX Security Symposium,Montreal,Canada, 2009.

[2] NATIONAL SECURITY AGENCY. TEMPEST,A Signal Problem, 2007.

http://www.nsa.gov/public info/ files/cryptologic spectrum/tempest.pdf [3] Wim van Eck “Electromagnetic Radiation from Video Display

Units: An Eavesdropping Risk?,” Computers & Security, Vol. 4, pp. 269–286, 1985.

[4] Markus G. Kuhn,”Optical Time-Domain Eavesdropping Risks ,of CRT Displays,” IEEE Symposium on Security and Privacy,Berkeley, California,2002.

[5] Han Fang, “Radiated Emission from CRT of Computer VDU,“ Proc.IEEE International Symp. Electromagnetic Compatibility, 1990.

[6] Markus G. Kuhn, R. J ANDERSON, ”Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations,”.Vol. 1525 of Lecture Notes in Computer Science, Springer, pp. 124–142,1998.

[7] Markus G. Kuhn,” Security limits for compromising emanations,” Vol. 3659 of Lecture Notes in Computer Science, Springer, pp. 265–279,2007.

[8] H. Tanaka, “Information leakage via electromagnetic emanations and evaluation of tempest countermeasures,”. In ICISS (2007), Vol. 4812 of Lecture Notes in Computer Science, Springer, pp. 167–179,2007.

[9] S. Pennesi, S. Sebastiani,” Information Security and Emissions Control,”Proc.IEEE International Symp. Electromagnetic Compatibility, 2005.

[10] CISPR 16-1-4,Specification for radio disturbance and immunity measuring apparatus and methods.Part 1-4 “Radio disturbance and

457455

immunity measuring apparatus-Ancillary equipment-Radiated disturbances”, IEC, 2004.

[11] MIL STD 461E,”Requirements for the control of electromagnetic interference characteristics of subsystems and equipment”, US DoD, 20 Aug. 1999.

[12] R.M.Showers,“A comparison of military and civilian EMC standards”, IEEE International Symposium on Electromagnetic Compatibility,1999.

[13] Han Fang, “ Radiated Emission from CRT of Computer VDU ,“ Proc.IEEE International Symp. Electromagnetic Compatibility, 1990.

[14] Han Fang , “ Measurment of Radiated Emission from PC Computer System, ” Proc.IEEE International Symp. Electromagnetic Compatibility, 1991.

[15] N.van Dijk, “Uncertainties in 3-m Radiated Emission Measurements Due to the Use of Different Types of Receive Antennas” IEEE Trans. Electromagn. Compat., Vol. 47, 2005.

[16] H.Shimanoe,K.Miyata,”Correlation of radiated emission measurements by 3 m and 10 m method” TechRep. IEICE,1988.

[17] R. Matsubara,M. Kawabata,Y Ishida,N. Kuwabara “Investigation of Relation between Measurement Distance and Electric Field Strength for Radiated Emission Tests Using Artificial Radiation Sources.”Wiley periodicals,Electronics and Communications in Japan, Part1, Vol. 88, No. 7, 2005.

[18] Radio noise. Recommendation ITU-R P.372-7, International lecommunication Union, Geneva, 2001.

458456