Specifying Power Filter Insertion Loss Values in Terms of Electromagnetic Safety of IT Equipment

At present, one of the main methods of minimizing risk resulting from electromagnetic information leakage is to attenuate the undesired levels of radiated and conducted disturbances generated by IT equipment, as these disturbances can carry information processed by said equipment. Attenuation of conducted compromising emissions is most commonly handled with filters with a sufficiently high insertion loss. This article defines an original analytical relation specifying insertion loss value requirements for mains filters and estimates values of parameters included in the defined relation. Furthermore, this defined relation was used to define requirements for insertion loss provided by the mains filters, above which the ratio value of potentially compromising conducted emission levels to the environmental noise level at the infiltrating system input S/N < 0 dB. As a consequence, electromagnetic infiltration is significantly impeded.


Introduction
One of the main methods of minimizing risk resulting from electromagnetic information leakage is to attenuate undesired levels of radiated and conducted disturbances generated by IT equipment, using mains filters with appropriately high insertion loss. IT (Information Technology) equipment means all computers, servers, printers, computer hardware, mobile telephones, local process control and automation systems, telecommunications assets and other information technology-related equipment that are used to create, process, store and exchange all kinds of electronic data and information. In this article, we define an original analytical relationship (6) that specifies insertion loss value requirements for a mains filter, which can be used to protect IT equipment used for secure information processing. This article identifies and estimates the values of parameters influencing the required insertion loss value for a mains filter. The analysis of the aforementioned parameters was performed using data available in technical literature [1][2][3][4][5][6][7][8][9][10][11][12][13], as well as data obtained through our own research [5], which was carried out for the purposes of this study (e.g., the results of environmental noise levels measurements conducted in low-voltage power supply lines).
The insertion loss requirements for mains filters were determined for the most probable locations of IT equipment relative to the infiltrating system, with the least attenuation of the compromising emission signal's propagation path, at the same time taking into account the location of the infiltrating system, in order to ensure that the IT equipment is masked well. Furthermore, this defined relation was used to work out requirements for insertion loss brought by mains filters, above which the ratio value of potential compromising conducted emission level to the environmental noise level at the infiltrating system input S/N < 0 dB and, as a consequence, electromagnetic infiltration is significantly impeded.
The analysis found in this article takes into account practically all aspects related to emission, propagation, reception, and processing of electromagnetic interference emissions, which are unintentionally generated by IT equipment.
We were motivated to write this article partly due to the fact that available examples of analysis of IT equipment mains filter parameter value requirements, which would minimize the risk of electromagnetic leakage of information, are rare in the international literature [5,6,[9][10][11][12][13][14][15] and the works available contain few important details regarding the technical solutions used.
To date, we have not yet encountered a description of a step-by-step methodology of calculating the required insertion loss of power supply filters in any available literature on methods of securing IT equipment.
Furthermore, electromagnetic compatibility engineering is a great resource of techniques for minimizing the conducted disturbance emissions at power ports. However, available literature sources from the field of EMC [2,3] do not specify requirements for additional power line filter attenuation. These literature sources only define permissible levels of disturbance emissions generated by IT equipment from the point of view of legal requirements related to the EMC directive [1]. Moreover, implementation of EMC recommendations imposed by standards harmonized with the EMC Directive to IT devices does not eliminate the threat of electromagnetic infiltration as the level of conducted disturbances allowed by harmonized standards remains too high in this application. Implementation of the recommendations of the harmonized standards does not eliminate the threat of electromagnetic infiltration in relation to modern IT equipment but may indirectly affect the reduction of the level of conducted compromising emissions.
In addition, compared to standard electromagnetic compatibility undertakings, emission security testing of IT devices intended to process classified information determines not only the permissible voltage levels of conducted disturbance emissions-and thus potential conducted compromising emissions-but also whether these devices fulfill other security parameters specified in the certification processes for such devices by the national security authority. The only equipment allowed for use by government institutions and agencies, and other entities involved in processing classified information, has passed the certification process supervised by the security authority. Unfortunately, the official knowledge [16,17] in the above-mentioned area regarding the requirements for securing IT devices is not widely available in the professional literature due to the threat that unauthorized parties may use it for hostile electromagnetic infiltration.
The processing of classified information is only permitted using IT devices certified by the national security authority (NSA). However, NSA-certified information technology devices are very expensive and require special supervision-this is a barrier to small and medium-sized companies, which are prevented from using such equipment for economic reasons. The use of IT devices certified by a national security authority is not mandatory for processing internal company information. Instead, the type of technical security measures used in a given company depends, for example, solely on the decision made by the owner of the information.
The aforementioned threats and limited access to official documents [16,17] describing the security parameters of IT devices intended for processing classified information gave us further inspiration for this work.
An illustrated diagram of the conducted disturbance propagation path in the lowvoltage power lines, shown in relation to the location of a potential infiltrating system, is provided in Figure 1. One of the most effective methods of protecting IT equipment against information leakage is to use anti-interference filters in power supply circuits that are connected to IT equipment. Within this scope, the most important parameter of an anti-interference filter is insertion loss. This parameter characterizes the effectiveness of the filter in terms of how well it can suppress electrical interference, which can be correlated with the information processed by the protected IT device. The attenuation of unwanted signals is determined by comparing the signal value in a circuit with a mains filter U 2 to the signal value in the same circuit but without a filter U 1 . Therefore, insertion loss can be described by the following relationship: where: − U 1 signal level in the power circuit without a mains filter [V], − U 2 signal level in the power circuit with a mains filter [V].
The article is limited in its scope to methods of protection against conducted compromising emissions generated by IT equipment connected to mains lines, as IT equipment typically must rely on a public utility grid for power. The use of battery power for supplying IT equipment is considered safe in terms of protecting against conducted emissions, but unfortunately, as batteries have a finite capacity, such power supply should be regarded as temporary.
The article does not include an analysis of threats resulting from the possibility of leaking compromising emissions generated by IT equipment via public telecommunications lines. This is because, in such cases, the most effective method of protection against compromising emissions is to convert the signal using fibre-optic links, which would prevent this phenomenon from occurring. The technique of using fibre-optic converters is sufficiently described in available technical literature [6].

Parameters Affecting the Insertion Loss of Power Filters from the Point of View of Electromagnetic Safety
The signal level value of potential compromising emissions to the level of conducted environmental noise ratio S/N, which can be obtained using the infiltrating system, is influenced by a number of parameters.
The linear S/N noise ratio relationship between the conducted compromising emissions level and conducted environmental noise level has been defined in the literature [6] in the following form. where: − u B,max is the allowed signal level for conducted emissions on a mains line of IT equipment in the B band, as defined by standards harmonised with the EMC Directive [1] [V], − g c is the signal processing gain of the compromising emission signal, − a dc is the attenuation provided by the propagation of the signal between the not secured compromising emission source and the infiltrating system's sensor (signal attenuation due to impedance mismatch, attenuation of power cables, etc.), − u n,B is the voltage level of environmental noise in the band B [V], − f r is the noise factor of the measuring (infiltrating) receiver.
The authors of [6] determined the values of permissible conducted emission levels at the IT equipment power supply ports, which would minimize the risk of electromagnetic infiltration, based on relation (2). In the further part of this article, we present-on the basis of modified relation (2)-the estimated insertion loss values introduced by an additional power supply filter of an IT device, which would minimize the risk of electromagnetic infiltration.
One of the most significant components of relationship (2), which has a direct impact on the infiltration of information from the computing device, is the attenuation contributed by the signal propagation path between the source of the conducted compromising emissions and the infiltrating system's sensor a dc . The signal level attenuation value of the potential conducted compromising emissions propagating between the source of the conducted compromising emissions and the infiltrating system's sensor can be increased by adding the insertion attenuation t, which is contributed by the additional power filter installed of the protected device. When the parameter t is included, the relationship (2) will take the following form: where t is additional required insertion loss, to be provided by the mains filter in order to protect IT equipment against electromagnetic eavesdropping. When converted to a logarithmic scale, Equation (3) takes the form of Equation (4). The lowercase variable symbol, which specifies values in a linear scale, is replaced by uppercase variable symbols, which specify values in a decibel scale.
where:   (2), which affect the energy budgets of the link between the source of the conducted compromising emission and the output of the infiltrating system. One of the components of relation (4) is the additional required insertion loss T, which needs to be provided by the filter in order to effectively protect IT equipment against electromagnetic eavesdropping. After the necessary transformations of the relationships (4), we obtain a dependency defining the value of the required additional insertion loss T, which takes the form of: In order to determine the relationship to the insertion loss value T of the filter protecting the IT equipment, above which the signal to noise ratio is S/N ≤ 0 dB, a value of S/N = 0 dB must be inserted into the Formula (5).
Parameters included in relation (6) are estimated later in the article. These parameters were used to calculate the value of required additional insertion loss T of the mains filter, above which the value of S/N < 0 dB, and thus, electromagnetic infiltration becomes significantly more difficult.
The value T as defined by relation (6) should be interpreted as additional attenuation, intended to boost the insertion loss provided by standard mains filters, which are already installed in protected IT equipment sold within the European Union, as manufacturers are obliged to ensure that the level of conducted disturbances at the power input of the equipment does not exceed the limits set by standards harmonised with the EMC Directive [1]. Therefore, values of the required attenuation T provided by the mains filters calculated by means of relation (6) should be considered, alternatively, as requirements: − For additional mains filters, which need to be fitted to the IT equipment to protect said equipment against electromagnetic infiltration (i.e., adding additional mains filters), − For the additional value of insertion loss T, which is required to increase attenuation provided by standard mains filters, which are already installed in the protected IT device (replacement of standard mains filters).

A. Emission levels of conducted disturbances in modern IT equipment
Permissible levels of conducted disturbances' emissions of U B,max generated by IT equipment are defined by standards harmonised with the Directive 2014/30/EU of the European Parliament and of the Council [1]. The basic standards harmonized with the above directive defining the levels of conducted disturbance emissions generated by IT equipment, are [2,3]. As specified in the documents referenced above, all IT devices sold within the European Union should meet at least the requirements of the standard specified therein them for Class B devices. Therefore, it can be assumed that the level of conducted disturbance emissions of currently sold IT equipment is not exceeding the permissible levels U B,max as defined in said documents, and additionally presented in the form of a diagram in Figure 3. The levels of electromagnetic disturbance emissions U B,max generated by IT equipment, are graphically represented in the further part of this article and were used to estimate the additional insertion loss T of mains filters required to protect against electromagnetic eavesdropping.
B. Processing gain for the conducted compromising emission signal The technique of averaging the detected noisy conducted emission signal may be used to improve the ratio between the level of potential conducted compromising emission and the level of environmental noise S/N at the output of the receiver's envelope detector included in the infiltrating system. Therefore, it is necessary to consider the processing gain G c , obtained by using the previously described technique, in the procedure for estimating the additional required insertion loss provided by the mains filter to protect against electromagnetic eavesdropping from IT equipment, defined by relation (6). In order to estimate this value, above which the difficulty of electromagnetic infiltration will be significantly higher, the processing gain was assumed to be G c = 18 dB, which corresponds to a signal that is particularly susceptible to electromagnetic infiltration, such as a video signal generated by IT equipment transmitting a steady image to a monitor screen, for which the maximum repeatability of the compromising emission signal corresponds to 60 image frames per second. The methodology of estimating this value is presented in ref. [6].

C. Signal attenuation introduced by the propagation path
One of the parameters affecting the required additional insertion loss T, introduced by the mains filters protecting against the electromagnetic transmission of information from the IT equipment-as defined by the relationship (6)-is the attenuation A dc provided by the propagation of the signal between the compromising emission source and the infiltrating receiver's input (signal attenuation due to impedance mismatch, attenuation of power cables, etc.), Therefore, in order to determine the minimum value of the required additional insertion loss T, above which electromagnetic infiltration would be significantly more difficult to carry out, it is necessary to estimate the attenuation value of the signal propagation pathway A dc , which will correspond to the most likely location of the IT equipment relative to the infiltrating system, with the least amount of attenuation provided about by the propagation pathway of the conducted compromising emission. For the purposes of the article, the author has examined a scenario in which attenuation A dc provided by the propagation path of the compromising emission signal, and the masking of the location of the infiltrating system, is minimized. This configuration occurs when both systems are separated by one internal partition, such as a wall, ceiling, or floor of a building, and are powered from the same low voltage power supply line: L 1 , L 2 or L 3 .
On the basis of data found in available literature [4], it can be concluded that the value of attenuation A dc between two power consumption points in the frequency range from 150 kHz to 30 MHz, connected to the same low voltage power supply line: L 1 , L 2 or L 3, and measured for two rooms separated by one wall, shall have a value that is not less than 10 dB. The above value refers to electricity supply points located in a residential building with an area of about 100 m 2 , and equipped with a three-phase electrical circuit.

D. Environmental noise voltage level on low voltage supply lines
The level of conducted environmental noise on power lines has a significant impact on the process of detecting, identifying, and decoding compromising emissions conducted by a potential infiltrating system. The level of conducted environmental noise is influenced by natural noise and human-generated disturbances caused by both intentional and unintentional actions. Only a very modest quantitative description of conducted environmental noise can be found in the available literature. Data on environmental noise levels could be found only in ref. [4]. Unfortunately, this data is relevant only to the territory of the United States. More recent data on the level of conducted disturbances in low-voltage power supply lines for urbanised and rural areas located on the territory of Poland are provided in ref. [5], which was published by one of the authors of this article. This data is presented in Figure 4 for the urban (Figure 4a) and rural areas (Figure 4b), respectively. In these figures, black straight lines were used to represent the approximate minimum, maximum and average values for the voltage levels of background noise conducted in frequency subrange from 150 kHz to 30 MHz. The analytical form for the approximating functions is described using the relationship below [5]. U n,9kHz = β 1 · log f + β 2 (7) where: − U n,9kHz is the environment noise voltage levels conducted in 9 kHz band, expressed in [dBµV], − f is the signal frequency [Hz], − β 1 , β 2 are the factors the take the values provided in Table 1 depending on the frequency subrange and the type of area where the noise is measured.

E. Infiltrating Receiver's Noise Level
The noise factor F r of the infiltrating receiver is one of the factors having a significant impact on the required additional insertion loss value T defined by relation (6) provided by the filter protecting against electromagnetic eavesdropping from the IT equipment. On the basis of comparative analysis of receiver specifications declared by the manufacturers, presented in ref. [5], which could be used for electromagnetic infiltration thanks to their parameters; it should be stated that the lowest noise factor values are offered by the IZ27B receiver manufactured by INTRIPLE company (Horní Počernice, Czech Republic) [7]. Therefore, to estimate additional insertion loss T introduced by the protective mains filter, above which electromagnetic infiltration is significantly hampered, the noise factor of the IZ27B, which is 4 dB for the frequency range 150 kHz to 30 MHz, should be taken into account.

Results-Required Insertion Loss of Main Filters
Using dependency (6) and basing on the analysis of parameters of this dependency presented in previous paragraphs of this article, sample diagrams for the required additional insertion loss values T have been developed. These values should be typical of mains filters protecting against electromagnetic information leakage in the 150 kHz-30 MHz frequency range for all low voltage power lines. The following parameter values were taken into account when developing the requirements for additional insertion loss T: − For conducted disturbance levels of modern IT equipment U B,max , the permissible levels of conducted disturbance emissions generated by IT equipment in the B = 9 kHz band are imposed by the standardization documents [2,3] harmonized with Directive 2014/30/EU of the European Parliament and of the Council [1], − For the value of the conducted compromising emission signal processing gain G c , a value equal to the signal processing gain of the radiated emission was assumed G c = 18 dB [6], − For attenuation value A dc provided by the propagation path of the conducted emission signal between the source of the compromising emission and the input of the infiltrating receiver, a value of 10 dB was taken, as determined on the basis of the data contained in literature, ref. [4], − For voltage levels of conducted environmental noise in low-voltage power lines U n,B , the minimum values of voltage levels of conducted environmental noise U n,9kHz in low-voltage power lines in the frequency range from 150 kHz to 30 MHz for band B = 9 kHz were used, as measured for the needs of the article for different frequency ranges and types of occurrence areas specified in [5], − For the value of the infiltrating receiver's noise factor, the value of 4 dB provided by the IZ27B receiver in the frequency range from 150 kHz to 30 MHz was used.
The requirements for additional insertion loss T to be introduced by the mains filters in order to protect against electromagnetic eavesdropping have been estimated for IT equipment that is already equipped with standard filters. Therefore, the values of insertion loss shown in Figure 5 should be considered as requirements: − For additional mains filters, which need to be fitted to IT equipment to protect it against electromagnetic infiltration (adding complementary network filters), − For the additional insertion loss T is required to increase attenuation provided by standard mains filters, which are already installed in the protected IT device (replacement of standard network filters).

Overview of Available Mains Filters
The mains filters connected to the power line are a key component used to eliminate disturbances in the mains and signal lines. These filters not only have to meet EMC requirements, but also the safety requirements. The article presents the description and parameters of the manufacturer of selected filters available on the market: − Power circuit filter FN 700Z-20-03 is a three-stage single-phase filter with a current range up to 20 A. It has protection against voltage surges and can be used in TEMPEST-class devices. It is a filter for indoor installation, very often used in the telecommunications industry to protect base stations (GSM, UMTS, GPRS), telephone networks, servers as well as access gateways, − Power circuit filter FN 686-25-23 is a single-phase filter with a current range of up to 25 A, intended for indoor installation, very often used in securing lifts and lifts for people and goods, lifts and unloading devices, − Power circuit filter FN 2070-3-06 is a general purpose single-phase multi-stage filter.
These are used in construction as a protection of machines against disturbances, as well as enabling the correct operation of drives and automation of production. It is characterized by high attenuation of symmetrical and asymmetrical components and good suppression of high-frequency interference.
The characteristics in Figure 6 show the insertion loss of the filters in relation to CISPR 17. Only the insertion loss of the FN 700Z-20-03 filter in Figure 6, achieves a constant insertion loss of 60 dB in the frequency range from 100 kHz to 200 MHz and allows the IT equipment to be secured against information leakage. The attenuation of the FN 686-25-23 and FN 2070-3-06 filters, due to the high level of insertion loss only in a narrow frequency range, make it impossible to use them to protect IT devices against information leakage.

Example Implementation of a Hardware Solution to Protect IT Equipment against Electromagnetic Infiltration
Standard low-voltage network installations in typical buildings and premises where IT equipment is used most often do not provide adequate attenuation A d of conducted disturbances for the propagation path between the IT equipment and the potential location of the infiltrating receiver. It should also be noted that IT equipment manufacturers do not equip their products with mains filters, the insertion loss values of which would result in a signal-to-noise ratio S/N ≤ 0 dB on the side of the potential infiltrating receiver. Therefore, in order to reduce the level of conducted compromising emissions, one should enclose the equipment in shielding enclosures integrated with additional mains filters, which would provide shielding effectiveness and insertion loss values appropriate for minimizing the risk of electromagnetic eavesdropping. For this purpose, the required mains filter insertion loss values can be estimated using the methodology described in the previous sections of this article.
A shielding enclosure with an integrated mains filter having a specified insertion loss value can either be constructed in-house or purchased from specialist companies offering such shielding structures.
Commercially available shielding solutions include shielding enclosures, shielding cabinets, and shielded cases with a mains filter intended for integration with the protected device. These designs are manufactured in various sizes, capable of accommodating either single or multiple pieces of IT equipment.
The following section presents a description of one possible design solution for a shielding enclosure with an integrated mains filter, which meets the requirements for additional shielding effectiveness and additional insertion loss T ( Figure 5) contributed by mains filters. The schematics, dimensions, and external appearance of the proposed solution are shown in Figures 7-9, respectively. The shielding enclosure presented herein can protect a piece of IT equipment, e.g., a laptop computer, that is placed within it against electromagnetic infiltration. For this purpose, the shielding enclosure is fitted with mains filters, which meet the requirements for additional T insertion loss ( Figure 5), together with appropriate interfaces for connecting external accessories such as a mouse, a keyboard, and a monitor, to the IT equipment being enclosed.   In the shielding enclosure described, Schaffner FN 700Z-20-03 mains filters were installed. These filters have a high insertion loss value T > 70 dB. The insertion loss values of the mains filter FN 700Z-20-03 are shown in Figure 6.
The IT device protected against electromagnetic infiltration emits considerable heat during operation and must thus be adequately cooled. In the case described, cooling is provided by removing hot air from the enclosure via vents-electromagnetically sealed Tecknit ventilation panels, each measuring 15 cm × 15 cm. The first panel is meant to push cold ambient air into the shielding enclosure, while the second ventilation panel is intended to vent hot air to the outside of the shielding enclosure.
A door with EMI seals was installed at the front of the shielding enclosure to enable the installation of the protected IT device. This shielding enclosure can accommodate a piece of IT equipment with maximum dimensions of (15 × 35 × 55) cm.
The main body of the shielding enclosure is made of 1.5 mm thick galvanized steel sheet. The front wall of the enclosure is 5-mm thick and made of duralumin, while the transition panel on which the interfaces are mounted is made of 2-mm-thick brass. The shielding enclosure schematics are presented in Figure 7. The dimensions of the described enclosure are shown in Figure 8, while its external view is shown in Figure 9.
The mains filters used provide an insertion loss value ( Figure 5) necessary to attenuate any conducted disturbances generated by the IT equipment to a level for which, on the side of the potential infiltrating receiver, the ratio of the revealing emission signal to the noise S/N ≤ 0 dB.

Conclusions
One of the main methods of minimizing risk resulting from electromagnetic information leakage is to attenuate undesired levels of radiated and conducted disturbances generated by IT equipment, which can reveal information processed by said equipment by using mains filters with appropriately high insertion loss. Conducted compromising emissions are typically attenuated using filters with a sufficiently high insertion loss value. The article defines an original analytical relation, specifying requirements for insertion loss value of mains filters, and estimates values of parameters included in the defined relation. Furthermore, this defined relation was used to work out requirements for insertion loss brought by mains filters, above which the ratio value of potential compromising conducted emission level to the environmental noise level at the infiltrating system input S/N < 0 dB and, as a consequence, electromagnetic infiltration is significantly impeded. The requirements presented in the article were defined for the chosen scenario of the location of the infiltration system in relation to the location of the source of the conducted compromising emission. The use of estimated additional values of insertion loss provided by mains filters during the design and construction of security devices minimizes the risk resulting from electromagnetic eavesdropping.