Compromising emanations: Tactics for electronic surveillance detection

Royal Holloway 2011

Compromising emanations: Tactics for electronic surveillance detection

A motivated attacker will use any method to get at sensitive data, and not always in ways organisations might expect.

While you may encrypt all your information to the highest level while it sits in systems or flows over networks, it still has to be decrypted when in use, and that is when it is at the greatest risk.

The person standing behind you at the ATM might peer over your shoulder to get your PIN. The intruder in your office might photograph your screen contents with a mobile phone. More advanced hackers may even be able to detect transactions by picking up the electronic signals coming off your systems, or decipher useful information from the sounds of your keystrokes.

This often overlooked area of security -- compromising electronic emanations -- is the subject of a new thesis by Richard Frankland, an MSc student at Royal Holloway University of London (RHUL) and Prof. Keith Martin, a university lecturer.

In an article based on the thesis, and published exclusively on, they explain the various dangers that may apply to plaintext, and the various methods that attackers could potentially use to steal it.

While admitting that some of the threats are still quite rare, the authors assert that, as cryptography becomes stronger, plaintext could become a more attractive target for attackers over the years to come.

The feature is one of five is publishing this year in collaboration with RHUL.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This was first published in May 2011


COMMENTS powered by Disqus  //  Commenting policy