1. Field of the Invention
The present invention is directed to the field of information security, and more particularly, to preventing recovery of data from optical signals emitted by system indicators.
2. Description of Related Art
Information processing systems, such as computer systems used in data processing and networking, frequently utilize system indicators to provide an operator with a visible indication of the status of various components in the system. Light emitting diodes (LEDs) are frequently used as system indicators as they provide a quick visible response to changes in a component's status.
Conventionally, system indicators, such as LEDs, are not connected directly to the component as they would draw too much power from the component. Consequently, power to a system indicator is typically provided by a drive circuit that is part of a drive controller. Generally, the drive controller is coupled to the component and the system indicator, e.g., the LED, and controls the power to the system indicator based on a signal input from the component.
FIG. 1 illustrates a functional diagram of an example of a system 100 including a drive controller 112 having a drive circuit 114 for controlling power to a system indicator 116. In FIG. 1, a data processing component 110 is coupled to drive circuit 114 of drive controller 112 that is further coupled to system indicator 116, such as an LED. Data processing component 110 processes data and this processing generates a signal, such as a voltage signal, which is sent to drive controller 112. Drive circuit 114 receives the signal from data processing component 110 and controls the application of power to system indicator 116 based on the signal.
Intermittent application of power to system indicator 116, e.g., turning system indicator 116 on and off, effects a visible flicker to a viewing operator. The rate of the flickers, termed the flicker rate or frequency, is defined as the number of emission to non-emission transitions per second (Hz), e.g., on/off transitions per second.
Generally, the human eye can discern flicker rates of 50 Hz to 70 Hz or less. Flicker rates greater than 70 Hz, typically, appear as a constant, or steady, emission to a viewing operator, e.g., a constant light emission. In some systems, due to the fast response time of an LED, system indicator 116 can emit modulated optical signals that follow the individual bit transitions of a serial data stream processed by data processing component 110 at flicker rates in excess of 70 Hz.
FIG. 2 illustrates examples of a waveform of a serial data signal 210 and a waveform of a typical LED response signal 212. Referring to FIGS. 1 and 2 together, in FIG. 2, the upper waveform illustrates an example of an EIA/TIA-232-E serial data signal 210 output from data processing component 110, and the lower waveform illustrates the optical response signal 212 of system indicator 116, e.g., an LED response, to serial data signal 210.
In the present example, when no data are being transmitted by data component 110, data component 110 remains in the logical “1” state. The start of a new symbol is indicated by a return to the logical “0” state for one unit interval followed by the serial waveform consisting of a number of data bits, sent least significant bit first. After the last data bit, data component 110 returns to the logical “1” state for a least one unit interval. EIA/TIA-232-E, typically, utilizes a negative voltage to signify a logical “1” and a positive voltage to signify a logical “0”.
Conventionally, an LED, such as system indicator 116, is wired to light up for a logical “0” so that system indicator 116 flickers when bits are transmitted, and remains dark when the bits are not transmitted. As long as system indicator 116 is fast enough to closely reproduce the timing of bit transitions, the modulated optical signal emitted from system indicator 116 contains all of the information in serial data signal 210. Even though the resulting output modulated optical signal may exhibit noise or other signal degradation, drive circuit 114 of drive controller 112 and system indicator 116 are generally fast enough to reproduce a modulated optical signal that can be intercepted and analyzed to reproduce serial data signal 210.
In some instances, a system indicator may not have been originally designed to receive signals from a serial data processing component, however, the insertion of a covert channel can establish a direct connection between the system indicator and a serial data processing component. For example, a system could be covertly modified so that a serial data signal is cross-connected to a system indicator, such as an LED, so that the system indicator emits modulated optical signals that can be intercepted and analyzed to recover the serial data signal. In this instance, the covert channel could be designed so that the system indicator emitted modulated optical signals at flicker rates of 70 Hz or higher so as not be discernible to the human eye, e.g., the system indicator appears to emit a constant light, yet detectable by electronic equipment.
In other instances, a system indicator can be used as an indirect covert channel. For example, as earlier described, power to a system indicator can be provided by a drive controller. The drive controller typically receives power from some power source in a system, such as a power supply, and then controls the power to the system indicator, for example, as described with reference to FIG. 1.
In some systems, increasing the load on the system decreases the voltage on the power supply, and the system indicator becomes darker, whereas decreasing the load on the system increases the voltage on the power supply, and the system indicator gets brighter. By writing and installing a program that deterministically changes the load on the system, the brightness of the system indicator can be manipulated to output a data related pattern that can be intercepted and the data recovered from the received pattern, e.g., a covert communication. In this instance, the data may or may not be related to the data processed by the system.
Thus, in some instances, data processed by a data processing component of a system or covert communications can be output as a modulated optical signal from a system indicator. The modulated optical signal can then be intercepted and analyzed to reproduce the data or covert communication.
Interception and recovery of the data, such as by using one or more of a wide variety of interception and spectrum analysis techniques, e.g., snooping techniques, can lead to compromise of the processed data or acquisition of covert communications. Recovery of the processed data or information can lead to compromise of information regarded as confidential by the originator, such as, for example, monetary account information, personal identification information, personal medical information, system security information, and product design information.
Prior art non-hardware related countermeasures proposed to prevent interception of the modulated optical signals included black tape over the LEDs and use of opaque materials on windows to prevent visual access to the LEDs. However, black tape over an LED entirely precludes the use of a system indicator for its intended purpose. Further, opaque materials on windows are not convenient for use with portable equipment and may not be aesthetically acceptable in some environments.
Prior art hardware related countermeasures proposed to prevent interception of the modulated optical signals included pulse stretching hardware modifications utilizing a low pass filter to change the minimum on-time, and or off-time, of an LED indicator to greater than 1.5 times the unit interval of the data rate so that sufficient information could not be recovered to decode the signal. However, even with the pulse stretching hardware modifications, an attacker might be able to time-modulate the asynchronous data stream to effect a covert channel and recover the data from the LED emissions.