Everything Totally Explained


Ask & we'll explain, totally!
SIGINT
Totally Explained

  NEW! All the latest news in the worlds of computer gaming, entertainment, the environment,  
finance, health, politics, science, stocks & shares, technology and much, much, more.  

View this entry using RSS

Everything about Sigint totally explained

:: This article is a subset article in a series under intelligence collection management. For a hierarchical list of articles, see the intelligence cycle management hierarchy. SIGINT is a contraction of SIGnals INTelligence, which is a intelligence-gathering by interception of signals, whether between people (for example, COMINT or communications intelligence) or between machines (for example, ELINT or electronic intelligence), or mixtures of the two. As sensitive information is often encrypted, SIGINT often involves the use of cryptanalysis. However, traffic analysis—the study of who is signalling whom and in what quantity—can often produce valuable information, even when the messages themselves can't be decrypted. See SIGINT by Alliances, Nations and Industries for the organization of SIGINT activities, and SIGINT Operational Platforms by Nation for current collection systems, and SIGINT in Modern History for World War I to the present.
   As a means of collecting intelligence, SIGINT is a subset of intelligence collection management, which, in turn, is a subset of intelligence cycle management.
   Intercepting written but encrypted communications, and extracting information, probably didn't wait long after the development of writing. A simple encryption system, for example, is the Caesar cipher. Electronic interception appeared as early as 1900, during the Boer War. The Boers had captured some British radios, and, since the British were the only people transmitting at the time, had signals rather obvious to intercept.

More technical definitions of SIGINT and its branches

In the United States and other nations involved with NATO, SIGINT is defined as
   
» *A category of intelligence comprising either individually or in combination all communications intelligence (COMINT), electronic intelligence (ELINT), and foreign instrumentation signals intelligence, however transmitted.

» *Intelligence derived from communications, electronic, and foreign instrumentation signals."

The JCS definition may overemphasize "foreign instrumentation signals". That part should be considered in combination with MASINT, which is closely linked to foreign instrumentation such as telemetry or radionavigation. An ELINT sensor may find a radar, and then cue (for example, guide) a COMINT sensor for listening in on the talk between the radar and its remote users. A nonspecific SIGINT sensor can cue a Frequency Domain MASINT sensor that can help identify the purpose of the signal. If MASINT can't identify the signal, then the intelligence organization may task an IMINT aircraft or satellite to take a picture of the source, so photointerpreters can try to understand its functions.
   Being a broad field, SIGINT has many sub-disciplines. The two main ones are COMmunications INTelligence (COMINT) and ELectronic INTelligence (ELINT). There are, however, some techniques that can apply to either branch, as well as to assist FISINT or MASINT.

Disciplines Shared across the Branches

An excellent Australian analysis of how the pieces came together, from targeting to physical destruction of radars, in Desert Storm was written by Carlo Kopp.

Targeting

A collection system has to know to look for a particular signal. "System", in this context, has several nuances. Targeting is an output of the process of developing collection requirements: » "1. An intelligence need considered in the allocation of intelligence resources. Within the Department of Defense, these collection requirements fulfill the essential elements of information and other intelligence needs of a commander, or an agency.

» "2. An established intelligence need, validated against the appropriate allocation of intelligence resources (as a requirement) to fulfill the essential elements of information and other intelligence needs of an intelligence consumer." A U.S. targeting system under development in the late 1990s, PSTS, constantly sends out information that helps the interceptors properly aim their antennas and tune their receivers. Larger intercept aircraft, such as the EP-3 or RC-135, have the onboard capability to do some target analysis and planning, but others, such as the RC-21 GUARDRAIL, are completely under ground direction. GUARDRAIL aircraft are fairly small, and usually work in units of three to cover a tactical SIGINT requirement, where the larger aircraft tend to be assigned strategic/national missions.
   In other words, before the detailed process of targeting begins, someone has to decide there's a value in collecting information about something. While it would be possible to direct signals intelligence collection at a major sports event, the systems would capture a great deal of noise, news signals, and perhaps announcements in the stadium. If, however, an antiterrorist organization believed that a small group would be trying to coordinate their efforts, using short-range unlicensed radios, at the event, SIGINT targeting of radios of that type would be reasonable. Targeting wouldn't know where in the stadium the radios might be, or the exact frequency they're using; those are the functions of subsequent steps such as signal detection and direction finding.
   Once the decision to target is made, the various interception points need to cooperate, since resources are limited. A Knowing what interception equipment to use becomes easier when a target country buys its radars and radios from known manufacturers, or is given them as part of foreign military aid. National intelligence services keep libraries of devices manufactured by their own country and others, and then use a variety of techniques to learn what equipment is acquired by a given country.
   See "The Target - The Iraqi IADS" for a discussion on how the Iraqi air defense system was targeted in 1991..

Electronic Order of Battle


   Generating an Electronic order of battle (EOB) requires identifying SIGINT emitters in an area of interest, determining their geographic location or range of mobility, characterizing their signals, and, where possible, determining their role in the broader organizational order of battle. EOB covers both COMINT and ELINT. The Defense Intelligence Agency maintains an EOB by location. The Joint Spectrum Center (JSC) of the Defense Information Systems Agency supplements this location database with five more technical databases: » #FRRS: Frequency Resource Record System


   #BEI: Background Environment Information » #SCS: Spectrum Certification System


   #EC/S: Equipment Characteristics/Space » #TACDB: platform lists, sorted by nomenclature, which contain links to the C-E equipment complement of each platform, with links to the parametric data for each piece of equipment, mlitary unit lists and their subordinate units with equipment used by each unit.

For example, several voice transmitters might be identified as the command net (for example, top commander and direct reports) in a tank battalion or tank-heavy task force. Another set of transmitters might identify the logistic net for that same unit. An inventory of ELINT sources might identify the medium- and long-range counter-artillery radars in a given area,
   SIGINT units will identify changes in the EOB, which might indicate enemy unit movement, changes in command relationships, and increases or decreases in capability.
   Using the COMINT gathering method enables the intelligence officer to produce an electronic order of battle by traffic analysis and content analysis among several enemy units. For example, if the following messages were intercepted: » #U1 from U2, requesting permission to proceed to checkpoint X.


   #U2 from U1, approved. please report at arrival. » # (20 minutes later) U1 from U2, all vehicles have arrived to checkpoint X.

This sequence shows that there are two units in the battlefield, unit 1 is mobile, while unit 2 is in a higher hierarchical level, perhaps a command post. One can also understand that unit 1 moved from one point to another which are distant from each 20 minutes with a vehicle. If these are regular reports over a period of time, they might reveal a patrol pattern. Direction-finding and Radiofrequency MASINT could help confirm that the traffic isn't deception.
   The EOB buildup process is divided as following: » * Signal separation


   * Measurements optimization » * Data Fusion


   * Networks build-up
   Separation of the intercepted spectrum and the signals intercepted from each sensors must take place in an extremely small period of time, in order to separate the deferent signals to different transmitters in the battlefield. The complexity of the separation process depends on the complexity of the transmission methods (for example, hopping or Time division multiple access (TDMA)).
   By gathering and clustering data from each sensor, the measurements of the direction of signals can be optimized and get much more accurate then the basic measurements of a standard direction finding sensor. By calculating larger samples of the sensor's output data in near real-time, together with historical information of signals, better results are achieved.
   Data fusion correlates data samples from different frequencies from the same sensor, "same" being confirmed by direction finding or radiofrequency MASINT. If an emitter is mobile, direction finding, other than discovering a repetitive pattern of movement, is of limited value in determining if a sensor is unique. MASINT then becomes more informative, as individual transmitters and antennas may have unique sidelobes, unintentional radiation, pulse timing, etc. Network build-up among between each emitter (communication transmitter) to another enables creation of the communications flows of a battlefield.

COMINT

COMINT (Communications Intelligence) is a sub-category of SIGINT that engages in dealing with messages or voice information derived from the interception of foreign communications. It should be noted that COMINT is commonly referred to as SIGINT, which can cause confusion when talking about the broader intelligence disciplines. The US Joint Chiefs of Staff defines it as "Technical information and intelligence derived from foreign communications by other than the intended recipients". used by Australia, Canada, New Zealand, the United Kingdom, the United States, and other nations working under their procedures. Standard BEADWINDOW codes (for example, "BEADWINDOW 2") include: » # Position: (for example, disclosing, in an insecure or inappropriate way, "Friendly or enemy position, movement or intended movement, position, course, speed, altitude or destination or any air, sea or ground element, unit or force.


   # Capabilities: "Friendly or enemy capabilities or limitations. Force compositions or significant casualties to special equipment, weapons systems, sensors, units or personnel. Percentages of fuel or ammunition remaining." » # Operations: "Friendly or enemy operation – intentions progress, or results. Operational or logistic intentions; mission participants flying programmes; mission situation reports; results of friendly or enemy operations; assault objectives."


   # Electronic warfare (EW): "Friendly or enemy electronic warfare (EW) or emanations control (EMCON) intentions, progress, or results. Intention to employ electronic countermeasures (ECM); results of friendly or enemy ECM; ECM objectives; results of friendly or enemy electronic counter-countermeasures (ECCM); results of electronic support measures/tactical SIGINT (ESM); present or intended EMCON policy; equipment affected by EMCON policy." » # Friendly or enemy key personnel: "Movement or identity of friendly or enemy officers, visitors, commanders; movement of key maintenance personnel indicating equipment limitations."


   # Communications security (COMSEC): "Friendly or enemy COMSEC breaches. Linkage of codes or codewords with plain language; compromise of changing frequencies or linkage with line number/circuit designators; linkage of changing call signs with previous call signs or units; compromise of encrypted/classified call signs; incorrect authentication procedure." » # Wrong circuit: "Inappropriate transmission. Information requested, transmitted or about to be transmitted which shouldn't be passed on the subject circuit because it either requires greater security protection or it isn't appropriate to the purpose for which the circuit is provided."


   # Other codes as appropriate for the situation may be defined by the commander.
   In WWII, for example, the Japanese Navy made possible the interception and death of the Combined Fleet commander, Admiral Isoroku Yamamoto, by BEADWINDOW 5 and 7 violations. They identified a key person's movement over a low-security cryptosystem.

ELINT

ELINT stands for ELectronic Signals INTelligence, and refers to intelligence-gathering by use of electronic sensors. Its primary focus lies on non-communications signals intelligence. The Joint Chiefs of Staff define it as "Technical and geolocation intelligence derived from foreign noncommunications electromagnetic radiations emanating from other than nuclear detonations or radioactive sources." is the combined intelligence and electronic warfare of learning the characteristics of enemy navigation aids, such as radio beacons, and retransmitting them with incorrect information. There are tales, perhaps apocryphal, that the meaconing was so confusing that an enemy aircraft landed, quite smoothly, at an airport of the other side.

FISINT

FISINT (Foreign instrumentation signals intelligence) is a sub-category of ELINT, monitoring primarily non-human communication. Foreign instrumentation signals include (but not limited to) telemetry (TELINT), tracking systems, and video data links. TELINT is an important part of national means of technical verification for arms control.

Counter-ELINT

Still at the research level are techniques that can only be described as, which would be part of a SEAD campaign. It may be informative to compare and contrast counter-ELINT with ECCM.

SIGINT versus MASINT

Measurement and Signature Intelligence (MASINT) are closely, and sometimes confusingly, related . The SIGINT disciplines of communications and electronic intelligence focus on the information in those signals themselves, as with COMINT detecting the speech in a voice communication or ELINT measuring the frequency, pulse repetition rate, and other characteristics of a radar.
   MASINT also works with collected signals, but is more of an analysis discipline. There are, however, unique MASINT sensors, typically working in different regions or domains of the electromagnetic spectrum, such as infrared or magnetic fields. While NSA and other agencies have MASINT groups, the Central MASINT Office is in the Defense Intelligence Agency (DIA). Where COMINT and ELINT focus on the intentionally transmitted part of the signal, MASINT focuses on unintentionally transmitted information. For example, a given radar antenna will have sidelobes emanating from other than the direction in which the main antenna is aimed. The RADINT (radar intelligence) discipline involves learning to recognize a radar both by its primary signal, captured by ELINT, and its sidelobes, perhaps captured by the main ELINT sensor, or, more likely, a sensor aimed at the sides of the radio antenna.
   MASINT associated with COMINT might involve the detection of common background sounds expected with human voice communications. For example, if a given radio signal comes from a radio used in a tank, if the interceptor doesn't hear engine noise or higher voice frequency than the voice modulation usually uses, even thought the voice conversation is meaningful, MASINT might suggest it's a deception, not coming from a real tank.
   See HF/DF for a discussion of SIGINT-captured information with a MASINT flavor, such as determining the frequency to which a receiver is tuned, from detecting the frequency of the beat frequency oscillator of the superheterodyne receiver.

Defensive SIGINT

There are a number of ways that a person or organization can defend against SIGINT. There is a delicate balance between the level of protection and the actual threat, as expressed in the clichés about "tinfoil hats".
   One must begin by defining the threat. It is considerably more difficult to defend against detection that one is signaling, as opposed to defending against an opponent discovering the content of the transmitted message. Appropriate encryption can protect against content interception, but protecting against signal detection, especially with a capable opponent, requires measures to make the signal hard to detect -- which can also make it difficult for the intended recipient to receive the signal. Any defensive program needs to consider the nature of the threat and the capabilities of the opponent.

Strong and well-managed encryption

While encryption is discussed at length in other articles, it shouldn't be forgotten that if one wants to protect messages and files, encryption is central to the defense. As important as the encryption process itself may be, it's vulnerable if the cryptographic keys are not strong and protected, and, on computers, that the cleartext is deleted when not needed. Seemingly obvious, but too often neglected, is making a practice of having as little cleartext hard copy as possible.

Appropriate transmission security

When using radio transmitters, use directional antennas that have as little "spillover" into sidelobes as possible. If it's most important to hide the location of a transmitter, the minimum is to cable the antennas as far as possible away from the transmitter proper. In many circumstances, aiming the antenna upward to a satellite will help hide its location.
   The amount of total transmission power needs to be minimized, and the power preferably should be split into multiple and changing frequencies using spread spectrum techniques. If possible, avoid transmitting when hostile SIGINT satellites or monitoring aircraft are overhead.
   If in an urban area, avoid using regular commercial power to transmit. There are ways in which the signal can "leak" into power and ground lines. The adversary may turn off power to an area, which will tell him there's a line-operated transmitter if the transmission stops, and that there's a battery-powered transmitter if it continues.
   Use highly variable transmission schedules and vary frequencies if technically possible. Also see low probability of intercept.

Appropriate receiving security

If Operation RAFTER-style intercept is a threat, protect against this form of unintentional radiation MASINT by using optoisolators or other shielded techniques (e.g, waveguides) to bring in the radio frequency received signal, and shield the local oscillator and intermediate frequency stages in the superheterodyne receiver. This technique should be far less effective against the new generation of software-defined radio.
   Unintentional radiation on power or ground circuits is a threat here as well; use appropriate TEMPEST or other techniques.

Protection against compromising emanations

There are risks that electronic, acoustic, or other information could "leak" from a computer system or other electronic communications devices.

The Risk

Understanding details of the risks requires a substantial knowledge of electronics, but a simple example might serve. Many people have put a radio receiver near a computer, to listen to music as they work, and discovered that the radio suffered clicks, squeals, and other interference. These interfering signals are radiating from various parts of the computer, especially its display but often also from the power and grounding system. TEMPEST is the name for one family of protective measures against an opponent intercepting these emanations and extracting sensitive information from them.
   While not strictly within the scope of protecting against "leakage", a place where sensitive information is processed or discussed needs protection against hidden microphones, wiretaps, and other "bugging". Sometimes, an electronic sweep to verify TEMPEST compliance reveals the presence of hidden transmitters. Again, there's probably more suspicion than reality in most cases. A member of a crime organization, in the middle of a nasty divorce, or a foreign intelligence agent might have reason to worry, but, even with the serious questions about warrantless surveillance in the US and other countries, there's little reason for someone to go to the risk and expense of illegal surveillance on an ordinary citizen. TEMPEST is usually associated with direct electromagnetic radiation from the device, either free-space or through power and ground lines. TEMPEST generically talks about acoustic isolation, but that's fairly easily solved through physical security and noise damping, as well as searches for microphones.
   There are several threats that have not been officially defined in the unclassified literature. Nevertheless, there are some informed guesses : » *NONSTOP is a threat that involves some type of coupling of compromising RF energy from a classified system, which "leaks" into an independent RF-transmitting or -recording device such as cell phones, PDAs, pager, alarm systems. Commercial AM/FM radios are not considered a risk.


   *HIJACK is a similar threat of coupling, but to some type of digital computer or related equipment. » *TEAPOT is a very different vulnerability, which appears to apply to incidental audio modulation of the backscatter from an RF, typically microwave, directed into the secure area. A passive resonant cavity bug of this type was discovered in a Great Seal of the United States presented by the USSR, but containing a resonant cavity with a wall that moved with sound in the room, thus imposing frequency modulation onto the backscattered signal.

Mitigation and Countermeasures

The word TEMPEST itself, and its meaning, are unclassified. Some of the techniques for measuring the compliance of a piece of equipment, or whether it's actually emitting compromising emanations, are classified. A good deal of the information has come into public view either through Freedom of Information Act queries, books talking about interception techniques, inferences drawn from partially released documents, and straightforward thinking by electronic engineers. Some documents released fully or partially under FOIA: » #Red/Black Installation Guidance » #Specification for Shielded Enclosures » #Specification for Shielded Enclosures (partially redacted) A number of individuals have made a hobby of ferreting out TEMPEST and related information, and firms in the broader-than-TEMPEST business of Technical Surveillance Countermeasures TSCM also reveal concepts.

Protection against side channel attacks and covert channels

A side channel attack is an unintentional vulnerability of an encryption device, not related to the encryption algorithm. Potential vulnerabilities include different processing and thus transmission speeds for blocks of plaintext with certain statistical characteristics, changes in power consumption, or compromising emanations. Covert channels are deliberate means to elude communications security. They send out an unauthorized signal by stealing bandwidth from a legitimate, often encrypted channel. One low-bandwidth method would be to send information by varying the inter-block transmission times. A steganographic covert channel might use the low-order bit of pixels in a graphic image, perhaps not even consecutive pixels, in a manner that wouldn't be obvious to a person looking at the graphic.

Further Information

Get more info on 'Sigint'.


External Link Exchanges

Do you know how hard it is to get a link from a large encyclopaedia? Well we're different and will prove it. To get a link from us just add the following HTML to your site on a relevant page:

    <a href="http://sigint.totallyexplained.com">SIGINT Totally Explained</a>

Then simply click through this link from your web page. Our crawlers will verify your link, extract the title of your web page and instantly add a link back to it. If you like you can remove the words Totally Explained and embed the link in article text.
   As long as your link remains in place, we'll keep our link to you right here. Please play fair - our crawlers are watching. Your site must be closely related to this one's topic. Any kind of spamming, dubious practises or removing the link will result in your link from us being dropped and, potentially, your whole site being banned.



Copyright © 2007-8 totallyexplained.com | Licensed under the GNU Free Documentation License | Site Map
This article contains text from the Wikipedia article SIGINT (History) and is released under the GFDL | RSS Version