3.6 Tapping into transmission media
Venturing beyond the organisation's premises in Figure 3 (see Section 3.5), there are many opportunities for interception as data passes through external links. These could be cable or line-of-sight links such as microwave or satellite. The relative ease or difficulty of achieving a connection to external transmission links is worth considering at this point.
Satellite, microwave and wireless transmissions can provide opportunities for passive attack, without much danger of an intruder being detected, because the environment at the point of intrusion is virtually unaffected by the eavesdropping activity. Satellite transmissions to earth generally have a wide geographic spread with considerable over-spill of the intended reception area. Although microwave links use a fairly focused beam of radiated energy, with appropriate technical know-how and some specialist equipment it is relatively straightforward physically to access the radiated signals.
I have already mentioned vulnerabilities arising from wireless LANs. In general, detecting and monitoring unencrypted wireless transmissions is easy. You may have noticed that when you switch a mobile telephone handset on, an initialisation process starts, during which your handset is authenticated and your location registered. The initial sequence of messages may be picked up by other circuits such as a nearby fixed telephone handset or a public address system, and is often heard as an audible signal. This indicates how easy it is to couple a wireless signal into another circuit. Sensing a communication signal may be relatively straightforward, but separating out a particular message exchange from a multiplex of many signals will be more difficult, especially when, as in mobile technology, frequency hopping techniques are employed to spread the spectrum of messages and so avoid some common transmission problems. However, to a determined attacker with the requisite knowledge, access to equipment and software tools, this is all possible.
Tapping into messages transmitted along cables without detection depends on the cable type and connection method. It is relatively straightforward to eavesdrop on transmitted data by positioning coupling sensors close to or in direct contact with metallic wires such as twisted pairs. More care would be needed with coaxial cables owing to their construction. Physical intrusion into physical media such as metallic wires may cause impedance changes, which in principle can be detected by time domain reflectometry. This technique is used to locate faults in communication media and is commonly applied to metallic cables or optical fibres for maintenance purposes. In practice, however, the levels of disturbance may be too slight to be measurable. The principle can also be applied to optical fibres.
Can you think of any difficulties in the interception of signals at a point along an optical fibre?
Optical fibres rely on a process of total internal reflection of the ‘light’ that represents the data stream. This means that no residual electrical signal is available under normal circumstances, but coupling into a fibre can be achieved for legitimate purpose by bending the fibre so that the angle of ‘rays’ inside it no longer conforms to the conditions for total internal reflection. A portion of the fibre protective cladding would need to be removed to allow access to the data stream. This would be a delicate operation for an attacker to perform and without suitable equipment the likely outcome would be a fractured fibre.
So far I have discussed the possibilities of gaining physical access to communication networks and hence the data that is carried on them. However, many users are interconnected through the internet or other internetworks, and these wider networks (particularly the internet) offer a broad range of opportunities without the need for intruders to move away from their desks. Many software tools have been developed for sound, legitimate purposes. For example, protocol analysers (or sniffers) analyse network traffic and have valid use in network management activities. Network discovery utilities based on the PING (packet internet groper) and TRACEROUTE commands are widely included in many PC operating systems and allow IP (internet protocol) addresses to be probed and routes through networks to be confirmed. The very same tools, however, can be used equally effectively for attacks on networks. If much of the traffic on the large public networks can be intercepted by determined attackers, how is network security to be achieved? It is the role of encryption to hide or obfuscate the content of messages, and this is the subject of the next section.