Physical Protection:

Physical Protection:

Copyright(c), 1990, 1995 Fred Cohen - All Rights Reserved

Physical protection is based on keeping vital equipment and data physically separated from potential attackers, and as such is a form of fault avoidance. Without any physical protection, other types of protection are rarely effective against attackers. For example, any amount of coding is useless if the attacker can watch the original message as it is entered into the system. There are two important aspects to physical protection; prevention and detection. In many cases, detection of an attack may be sufficient to minimize its effect. For example, detection can be used to trigger the destruction or alteration of sensitive data to render it useless. Detection can also be used to locate attackers and the methods by which they attack, and thus may lead to improved defenses.

There are many techniques in use to prevent attackers from entering secure areas. Identification badges, photographs, finger prints, retinal scans, palm prints, voice prints, and many other techniques are commonly used. Authentication can be based on anything a person is, has, knows, and/or can do. Unusual entry points must be protected from intrusions since attackers don't always use the doors designed for entry and exit. Heat, light, sound, and pressure alarms are typically used to detect attacks, while electric fences, thick walls, underground bunkers, and special doors and windows are typically used to keep illicit entry to a minimum.

Physical protection is also used to keep data from inadvertently being released. This problem is profound because the state of the art permits almost any electromagnetic signal or vibration to be picked up at a great distance. Ultra sensitive acoustic equipment is widely used in both the industrial and military areas. Bugging a telephone picks up computer interactions as well as verbal ones. On a national security level, this problem is very bad. Once an attacker has secret information, keeping it from being exploited is next to impossible. Physical protection must concentrate on keeping the attacker from attaining access to the information in the first place.

In order to repair a computer, physical access to the hardware is usually necessary. Special programs requiring access to the full machine are often used to diagnose problems. With this access, a knowledgeable repairman can easily attain any information on the system. This is often avoided by removing sensitive information from the machine before maintenance is done, and destroying data before throwing away old equipment (paper shredding applied to electronics).

A typical example where physical protection may be important is the power lines to and from a computer installation. Since many terminals cause RF noise on the power lines reflecting the data being entered, it may be possible, with the right equipment, to observe communications. Telephone taps on dial-in lines can be used to accomplish the same goal. Many government installations go as far as placing sensitive equipment and data in metal enclosed vacuum sealed vaults so that no radio frequency noise or acoustic information can be extracted from the outside. Recent results [vanEck85] have shown that emanations from standard terminals can be picked up as far as 1000 meters away with equipment costing under $250. Without some sort of protection from this sort of attack, secrecy clearly can not be maintained.

Any physical protection system can be violated, and any violation technique can be prevented. We are therefore in the position of playing an ongoing game wherein the objective is to make the cost of attack larger than its benefits, and the cost of defense less than the losses without it.