Security Basics mailing list archives
RE: Fiber optic vampire taps
From: <David () cawdgw net>
Date: Sat, 28 Dec 2002 14:09:04 +0100
If I remember correctly, it was about five years ago that the mandate came out of the NSA that Protected Distribution Systems (PDS's) with fiber were required to be metal vice plastic, because a monitoring technique had come out that could "read" the pulses on the strands from something like a meter away. This might be absolute male bovine excretement, but when I questioned the reasoning based on the requirement for intrusion detection of the PDS, as emissions on fiber did not occur, I was told signalling could be detected through plastic at close range, whereas through metal the emissions would be too weak to read. I'd think the only emission from fiber whould have to be heat in the infrared range. I'm unable to find any mention of this anywhere. Just a document from the NSA making the requirement. -----Original Message----- From: Bennett Todd [mailto:bet () rahul net] Sent: Monday, December 23, 2002 8:27 PM To: Nick Iglehart Cc: security-basics () securityfocus com Subject: Re: Fiber optic vampire taps I believe, if my memory isn't failing me, that I read mention of this a few years back; perhaps research in AT&T? The cladding does indeed have to be stripped clear, baring the naked fiber. Then the fiber is carefully, delicately bent past its minimum rated radius of curvature, in a little jig that holds a receiving fiber positioned to pick up the light as it leaks out. I suspect impedence matching would be tough, so I suspect the end result would have a very low signal level. I don't know whether some sort of optical amplifier, or perhaps custom NIC hardware with a higher-than-usual sensitivity listening device, would be required to actually decode the tapped the light. I've never heard of these gizmos being available commercially. This situation is why many regard fiber as intrinsically fairly secure. In principle, a detector could report on received light levels with enough sensitivity to detect a successful attack on the fiber. Another grade of kit I've not heard of for sale. Perhaps it would be easier to do your own manual attenuation; perhaps deliberately coil a little of the fiber at one end, gently tightening the coil (past minimum recommended radius of curvature) until the attenuation causes actual packet loss, then backing off slightly; if you had a fiber that just _barely_ didn't work, any attempt to tap it would push it badly into packet loss, so normal network monitoring should be able to detect a tapping attempt. The traditional solution, when you are concerned about such, is to armor the whole fiber run in pressurized conduit, set alarms to go off if the conduit pressure changes, then post guards keeping a close enough watch to prevent someone from setting up a pressure box to set up their tap. -Bennett
Current thread:
- Fiber optic vampire taps Nick Iglehart (Dec 23)
- Re: Fiber optic vampire taps Bennett Todd (Dec 23)
- RE: Fiber optic vampire taps David (Dec 30)
- Re: Fiber optic vampire taps Lee Brink (Dec 23)
- Re: Fiber optic vampire taps Brad Arlt (Dec 24)
- RE: Fiber optic vampire taps Bruce De Witte (Dec 24)
- Re: Fiber optic vampire taps Alessandro Bottonelli (Dec 30)
- <Possible follow-ups>
- Re: Fiber optic vampire taps Chris Berry (Dec 23)
- RE: Fiber optic vampire taps Alvey Robert W KPWA (Dec 23)
- Re: Fiber optic vampire taps Talisker (Dec 24)
- RE: Fiber optic vampire taps Hornat, Charles (Dec 24)
- RE: Fiber optic vampire taps ktyler (Dec 24)
- RE: Fiber optic vampire taps Chris Berry (Dec 24)
(Thread continues...)
- Re: Fiber optic vampire taps Bennett Todd (Dec 23)