A TEMPEST vulnerability prediction method for cyber security practitioners
Sensitive information can have its security compromised by unintentional electromagnetic emissions from the information technology equipment (ITE) being used to process it. It is important to assess the likelihood of a potential compromise, and this requires radio frequency (RF) engineering expertis...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Elsevier
2023-09-01
|
Series: | Alexandria Engineering Journal |
Subjects: | |
Online Access: | http://www.sciencedirect.com/science/article/pii/S111001682300652X |
_version_ | 1797736894477369344 |
---|---|
author | Maxwell Martin Funlade Sunmola David Lauder |
author_facet | Maxwell Martin Funlade Sunmola David Lauder |
author_sort | Maxwell Martin |
collection | DOAJ |
description | Sensitive information can have its security compromised by unintentional electromagnetic emissions from the information technology equipment (ITE) being used to process it. It is important to assess the likelihood of a potential compromise, and this requires radio frequency (RF) engineering expertise to predict the likelihood of the vulnerability occurring. This paper describes the development of a fuzzy inference system that can be used to assess the radiated and conducted vulnerability likelihood of unintentional electromagnetic emanations. The system has the potential to be a valuable tool for cybersecurity practitioners without RF expertise. The system has been tested on office-based ITE devices, and it is effective in predicting the likelihood of radiated and conducted vulnerabilities occurring. Areas of future work include extending the fuzzy inference system to use RF propagation models and enabling it to make vulnerability likelihood predictions after countermeasures have been applied. |
first_indexed | 2024-03-12T13:19:59Z |
format | Article |
id | doaj.art-fe87d2df23fe4dafa8d652efb06f5d5a |
institution | Directory Open Access Journal |
issn | 1110-0168 |
language | English |
last_indexed | 2024-03-12T13:19:59Z |
publishDate | 2023-09-01 |
publisher | Elsevier |
record_format | Article |
series | Alexandria Engineering Journal |
spelling | doaj.art-fe87d2df23fe4dafa8d652efb06f5d5a2023-08-26T04:42:59ZengElsevierAlexandria Engineering Journal1110-01682023-09-0178561575A TEMPEST vulnerability prediction method for cyber security practitionersMaxwell Martin0Funlade Sunmola1David Lauder2Corresponding author.; School of Physics, Engineering and Computer Science, University of Hertfordshire, Hatfield AL10 9AB, UKSchool of Physics, Engineering and Computer Science, University of Hertfordshire, Hatfield AL10 9AB, UKSchool of Physics, Engineering and Computer Science, University of Hertfordshire, Hatfield AL10 9AB, UKSensitive information can have its security compromised by unintentional electromagnetic emissions from the information technology equipment (ITE) being used to process it. It is important to assess the likelihood of a potential compromise, and this requires radio frequency (RF) engineering expertise to predict the likelihood of the vulnerability occurring. This paper describes the development of a fuzzy inference system that can be used to assess the radiated and conducted vulnerability likelihood of unintentional electromagnetic emanations. The system has the potential to be a valuable tool for cybersecurity practitioners without RF expertise. The system has been tested on office-based ITE devices, and it is effective in predicting the likelihood of radiated and conducted vulnerabilities occurring. Areas of future work include extending the fuzzy inference system to use RF propagation models and enabling it to make vulnerability likelihood predictions after countermeasures have been applied.http://www.sciencedirect.com/science/article/pii/S111001682300652XUnintentional EmanationsTEMPESTFuzzy logicVulnerability assessment |
spellingShingle | Maxwell Martin Funlade Sunmola David Lauder A TEMPEST vulnerability prediction method for cyber security practitioners Alexandria Engineering Journal Unintentional Emanations TEMPEST Fuzzy logic Vulnerability assessment |
title | A TEMPEST vulnerability prediction method for cyber security practitioners |
title_full | A TEMPEST vulnerability prediction method for cyber security practitioners |
title_fullStr | A TEMPEST vulnerability prediction method for cyber security practitioners |
title_full_unstemmed | A TEMPEST vulnerability prediction method for cyber security practitioners |
title_short | A TEMPEST vulnerability prediction method for cyber security practitioners |
title_sort | tempest vulnerability prediction method for cyber security practitioners |
topic | Unintentional Emanations TEMPEST Fuzzy logic Vulnerability assessment |
url | http://www.sciencedirect.com/science/article/pii/S111001682300652X |
work_keys_str_mv | AT maxwellmartin atempestvulnerabilitypredictionmethodforcybersecuritypractitioners AT funladesunmola atempestvulnerabilitypredictionmethodforcybersecuritypractitioners AT davidlauder atempestvulnerabilitypredictionmethodforcybersecuritypractitioners AT maxwellmartin tempestvulnerabilitypredictionmethodforcybersecuritypractitioners AT funladesunmola tempestvulnerabilitypredictionmethodforcybersecuritypractitioners AT davidlauder tempestvulnerabilitypredictionmethodforcybersecuritypractitioners |