Wednesday, February 17, 2016

Sum of All Fears: Your own HomeBrew SCIF (Secure Facility to resist Electronic Eavesdropping) By Team Skiff!

There are some of you out there who have expressed interest in making a home brew SCIF.


There are a number of reasons what this is largely impractical, cost being the primary one and the continual certifications and inspections are just beyond the means of the vast majority. The decades of engineering design that has gone into making RF (radio frequency) proofed, secure enclosures are not something that you can just do “off the cuff”. However, you CAN make a usable space that seriously degrades the ability of anyone on the outside from figuring out what you are doing on the inside. That is the purpose of this article, and is presented for educational purposes only. The risks that you assume in following my writing, or any of the linked documents or sources is entirely your own. That said, let us proceed with the proceedings! But first, a cool video clip to establish the mood for the piece... you'll see a few glimpses of a SCIF in this.






What IS a “SCIF”? and why should you care?

A SCIF is a “Sensitive Compartmented Information Facility”. It is pronounced as “Skiff”. SCIFs are used in all places where classified material and information is handled. It is a purpose built design standard that provides physical security from intrusion and theft, while minimizing compromising emanations from electronic devices. I will reiterate here that the expense and design of these facilities is unbearable for the regular citizen.
However, that is not to say that you cannot incorporate elements of SCIF design practices and construction to provide for better physical security as well as reduce the possibility of someone or some ones penetrating your structure electronically. The side benefit to this is that you are not getting lit up with every cellphone tower nearby. Some people claim to be “electrosensitive”, so this may also be useful for people who for whatever reason, either actual physical issue or psychosomatic (real enough either way) feel compelled to reduce the amount of RF in their lives.

While the idea of a home brew SCIF is interesting, you will need to sit down while sober and figure a few things out. Things based upon reality. I'm talking to the “black helicopter” lurker as well as the rational actor.
  1. What is your threat model? This means sorting out who exactly you are defending against, and why.
  2. What are you protecting? How vital is it that it stay where it is?
  3. What sort of budget did you have in mind?
There are actions that you can take RIGHT NOW to reduce what you have on hand that needs protecting. Old credit card bills from 5 years ago? Tax forms past the recommended 7 year retention? Figure out what you can toss into the nice, micro crosscut shredder (you keep it oiled and cleaned out, right?). You will find that many forms are polluted with YOUR PII (personally identifiable information) and you no longer need them. Shred away. The next shredder that I have my eye on is the HSM Securio http://www.hsm-shredder.com/attachments/Auto%20Feed%20brochure%20EN%202015%20final.pdf , which besides being capable, has a 9 gallon bin and some interesting security features to it. Pricey, but you get what you pay for.






It may be useful for you to de-massify your holdings by scanning your paperwork to an external hard drive or to optical storage. After scanning, shred it unless you absolutely need a hard copy of it. For this task, I recommend from my own personal experience the Fujitsu ScanSnap ix500.





The interface is top notch and it rapidly works with even flimsy, skewed receipts. It auto feeds from the tray and is a top notch device that turns all your documents into easily searchable pdf files.

Okay, so you are well into reducing what you have to protect. This makes your job easier, because you can make a smaller SCIF-like facility. 

Consider now, how many square feet do you think you'll need? If it is just you and an assistant, you may be able to make 64 square feet work (8x8). This could be built inside many suburban rooms if you are not incorporating various materials and techniques into the very substance of your home. 12 sheets of plywood and suitable framing is a starting point.

Better concepts would be to design a structure that fits in your basement, where natural shielding is much better. You still need to do all 6 sides, but your problem is simplified a bit.

The external SCIF may be as simple as you putting in a 20 foot ISO container and building an access door inside after you open the swing doors. As you may sense, this project is limited only by your imagination, determination, and wallet.

For internal construction, SCIF use foil backed 5/8” drywall in layers, sometimes with plywood in a sandwich. This is applied over a 2x4 framing or steel studs on 16" centers. Expanded metal mesh can be welded or attached to the studs with self tapping screws to make it that much more difficult to get through the walls in the sense of intrusion. I have considered that regular gypsum dry wall board can have foil glued by the end user onto the backing, but the seams will have to be rolled over to ensure continuity of metallic cladding. Probably some HVAC aluminum tape over them would not be a bad idea. It would be a hassle, but it may save expense. Your wife will probably wonder what happened to all the rolls of aluminum wrap, though!  For glue, you'd probably need to do this outside with a solvent based adhesive.

On the inside of the structure, you have a range of options. There are paints that can be purchased and applied (see sources). You can also make your own RF reducing paint by going to a local Marine supply store, these are usually near boatyards and such. They have a range of powdered metals such as powdered copper, aluminum and the like. You can also buy it from China via AliExpress

You would mix the powder with a paint base and roll it out on the walls. You could also use Black Iron Oxide powder purchased online from Amazon . You does your study, you takes your choice.... and chances.


A note on wall coverings... if you are rolling out a coat of whatever mix you decide upon, understand that each layer helps you achieve your goal.  Many thin layers is better than one thick, goopy one.

If you are not interested in painting, you can purchase finely woven metal mesh (again, see sources at the end) and apply that to your walls, floors and ceiling. These can be artfully incorporated into a machine design aesthetic so it looks like a German techno club, but ultimately it is up to you.

No matter what method you choose, you will need to ground it. Grounding even paint requires some inventiveness. The basics are that you need to pull stray 'trons (electrons) from MANY points across the protective surface, and channel them through a serious, verified grounding rod. A serious, no kidding grounding rod usually consists of at least 1 if not more 8' long copper rods driven into the earth at specified distances. Read the source material for the details, as this can be very involved.

As you may surmise, any gaps in shielding caused by doors or wire entry for mains power will compromise what level of protection that you do have. Doors can have flaps of conductive material velcroed in place when closed with conductive velcro.

Let's face it... you just are not going to get the fully engineered protection of a copper finger leaved joint or some of the other esoteric and expensive military features unless you find a cheap source. But, you CAN make a notable difference. Read the spec sheets of the material you are contemplating closely. The devil is in those details.  Force RF energy to dissipate, get absorbed and make lots of 90 degree turns.

One way to overcome the need to have power lines entering your homebrew SCIF is of course to use battery power or UPS to drive your operation. Some back of the envelope calculation should provide you with an idea of how much UPS you will need, something like this will do well for basic use. It won't power your shredder for long, but should power your laptop for quite some time.




Now, consider what you are working with in your home brew SCIF. You might want to air-gap the device by having it NEVER get exposed to the internet or have wireless access. Depending upon your level of concern, you can just toggle those “off”, or physically remove the wireless card, etc. Understand that this will limit what you can do with it, but as you may see at this point, there is a tradeoff between security and utility.

As you will still “leak” some degree of electronic emanations, you may consider a strategy to obfuscate your actions from Van Eck exploitation. You could install some extremely electrically noisy devices around your perimiter to drown out whatever it is you are doing.  Hypothetical solutions might include be making a “Jacob's Ladder” http://www.instructables.com/id/How-To-Make-A-Jacobs-Ladder/ or

http://www.instructables.com/id/Jacobs-Ladder-1/

to add to the electrical noise. They have a host of hazards, both seen and unseen, though. Here is something else entirely, the wave bubble http://www.ladyada.net/make/wavebubble/ . Understand that jamming is not legal and the FCC will find you. You have been advised.  You may also be interested in http://projects.gbppr.org/

Despite the somewhat lighthearted tone I have presented this in, security both physical and from RF intrusion is not a joking matter. However you proceed and whatever you do with the information I have collected and provided to you here, understand that there are no guarantees in life. If you don't have the budget to do this well, you may be better off not doing it at all.


"Use at Your Own Risk"

Here is a list of relevant documents and sites:

Construction document

Want to see what it takes to build a real SCIF? Read this pdf.

a spec sheet for foil backed gypsum wall board (GWB)

EMP & TEMPEST from DHS

Materials source list:

y shield copper paint and grounding system


RF & IR window shielding film

Grounding rods

Grounding practices


https://www.wbdg.org/ccb/FEDMIL/hdbk419a_vol2.pdf

UPDATE:  It has been brought to our attention that TOWR is hosting a Groundrod Primer Class in March 2016.  Vetting before registration is required. $220 with hands-on lab work.

Thanks for visiting, reading and hopefully sharing with others.  Purchasing books or completing other shopping needs through our Amazon portal is greatly appreciated and helps us get our message out to educate more people!  You can follow us on Twitter @stopshoutblog or email us or donate through PayPal.  Questions, comments and concerns always welcome! All comments are moderated, but will post when we have time to review and release them.

 Shop Amazon - Amazon Echo

4 comments:

Arkindole said...

The internal APC power system would seem reasonable at first thought, however, they are not meant to provide continuous operation for any length of time. The loss of grid "beeper" that goes off on the back-up actually means "turn the loads off safely ASAP". The reason being that the power stage of the backup is not adequately cooled to prevent overheating--It's just not meant to do that. You can do something similar with a rated deep cycle SLA battery bank, a good charger with float (for after you're done), and a good pure sine wave DC/AC inverter, such as an AIMS brand (which will allow the neutral on the load center to be bonded to ground without burning up the flyback MOS section).

And, you are right. Grounding is a huge problem for all shielding unless you can drill through the flooring, use massive copper ground rods, wire with something like 4-0 copper to your load center, and shield it properly external to the wire. Even then, it all depends on your soil type below the structure. Don't even think about using your your branch circuit "ground". The EMP pubs should have a good discussion on grounding (and what they *think* should work for EMPs--they don't have much data that survived the near proximity tests in the 60s...poof goes the instrument recorder!).

Partyzantski said...

Arkindole,

You make excellent points on the use of an UPS! The whole gist of using a self contained power system in such an enclosure is to reduce the number of perforations into as well as cables through any shielding that exists...using a laptop does not pull that much current, but larger electromechanical systems would quickly become impractical. Printers, shredders, scanners can all pull some energy.

The grounding... I remember grounding HF systems and the troops would break out the pickaxes to break up the dirt in several spots, pound in spikes all connected by a massive cable, then they'd put rock salt over the grounding rod sections and soak in water. Urine was used in a pinch.

What are your thoughts on perhaps using inductive power through shielding? It looks like from my math that it would be very inefficient.

Arkindole said...

Party:

Yes on the picks...some building codes now specify 2-3 ground rods, depending on readings, very close to the drop or UG feed. The Redbook has the specific calculations and math. And, that's just for run of the mill electrical service.

I don't have a lot of experience in inductive stuff. For the most part, on critical stuff I try to get an environment with no holes (like a shed). For a Faraday type setup the idea is not to punch holes in the "box", if that's what you're getting at with a feed thru.

I was listening to a guy this morning on 40, and it's just unbelievable what people are doing, and the cost--without any theory or testing. This guy had bought almost 100 ft of 1/4" x 1 1/2" copper bar stock and was running it around the inside of his shack at about 48". He then bought 1" pure copper braided grounding strap and was literally installing lugs and ground straps to each piece of equipment in there, not just RF stuff. Maybe overkill, maybe works, who knows? At least we know some folks still have spare pocket change....

Arkindole said...

Party:
I forgot to mention this. If you go to Nooelec and buy one of those 10 buck RTL dongles, install HDSDR on a laptop, and then go into your "area" you can literally see what's coming in there in terms of RF. If you want to get hard core get an old microwave, remove the magnatron and stuff, and blast the outside of the "area" while you run the software outside.

It works pretty well and it is quite surprising to view what actually gets in.

One of the funniest initial things I saw was massive "splatter" from the laptop itself and touchpad. So, you'll have to "subtract" that while inside....