Jump to content

Tempest (codename)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Nuggetboy (talk | contribs) at 18:08, 16 January 2007 (Revert to revision 100737234 dated 2007-01-14 21:57:08 by 130.253.191.140 using popups). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

TEMPEST is a codename referring to investigations and studies of compromising emanations (CE). Compromising emanations are defined as unintentionial intelligence-bearing signals which, if intercepted and analyzed, disclose the information transmitted, received, handled, or otherwise processed by any information-processing equipment.

Compromising emanations consist of electrical or acoustical energy unintentionally emitted by any of a great number of sources within equipment/systems which process national security information. This energy may relate to the original message, or information being processed, in such a way that it can lead to recovery of the plaintext. Laboratory and field tests have established that such CE can be propagated through space and along nearby conductors. The interception/propagation ranges and analysis of such emanations are affected by a variety of factors, e.g., the functional design of the information processing equipment; system/equipment installation; and, environmental conditions related to physical security and ambient noise. The term "compromising emanations" rather than "radiation" is used because the compromising signals can, and do, exist in several forms such as magnetic and/or electric field radiation, line conduction, or acoustic emissions.[1]

The term TEMPEST is often used broadly for the entire field of Emission Security or Emanations Security (EMSEC). The term has been variously reported as standing for "Transient ElectroMagnetic Pulse Emanation STandard"[2] and "Telecommunications Electronics Material Protected from Emanating Spurious Transmissions."[3]

TEMPEST Documentation

Basic TEMPEST information has not been classified since 1995. Although short excerpts from the main U.S. TEMPEST test standard, NSTISSAM TEMPEST/1-92, are now publicly available, all of the actual emanation limits and test procedures defined in it remain classified and have been redacted from the published version. The NATO equivalent, which is comprised of the test standards AMSG 720, AMSG 788, and AMSG 784, are still classified. A redacted version of the introductory TEMPEST handbook NACSIM 5000 was publicly released in December 2000.

TEMPEST Certification

The NSA publishes lists of labs approved for TEMPEST testing and equipment that has been certified. The United States Army has a TEMPEST testing facility, as part of the U.S. Army Information Systems Engineering Command, at Fort Huachuca, Arizona. Similar lists and facilities exist in other NATO countries.

TEMPEST certification must apply to entire systems, not just to individual components, since connecting a single unshielded component (such as a cable) to an otherwise secure system could easily make it radiate dramatically more RF signal. This means that users who must specify TEMPEST certification could pay much higher prices, for obsolete hardware, and be severely limited in the flexibility of configuration choices available to them. A less-costly approach is to place the equipment in a fully shielded room.

NONSTOP and HIJACK

Two related areas of emissions security, code named NONSTOP and HIJACK, remain classified. NONSTOP is thought to involve potential compromising emissions from electronic systems when they are inadvertently irradiated by other radio signals, including ordinary cell phones. HIJACK may refer to active attacks of this nature.

RED/BLACK Isolation

TEMPEST standards require "RED/BLACK separation", i.e. maintaining distance or installing shielding between circuits and equipment used to handle classified or sensitive information (red) and normal unsecured circuits and equipment (black), the latter including those carrying encrypted signals. Manufacture of TEMPEST-approved equipment must be done under careful quality control to ensure that additional units are built exactly the same as the units that were tested. Changing even a single wire can invalidate the tests.

Correlated Emanations

One aspect of TEMPEST testing that distinguishes it from limits on spurious emissions (e.g. FCC Part 15) is a requirement of absolute minimal correlation between radiated energy or detectable emissions and any plain text data that are being processed. It would stand to reason that this requirement holds in some form for other types of data as well.

Public research

In 1985, Wim van Eck published the first unclassified technical analysis of the security risks of emanations from computer monitors. This paper caused some consternation in the security community, which had previously believed that such monitoring was a highly sophisticated attack available only to governments; van Eck successfully eavesdropped on a real system, at a range of hundreds of metres, using just $15 worth of equipment plus a television set. In consequence of this research such emanations are sometimes called "van Eck radiation", and the eavesdropping technique Van Eck phreaking, although it is realized that an unknown government researcher had discovered it long before. This technique is used as a plot point in Neal Stephenson's novel Cryptonomicon and in the Numb3rs Season 1 episode, 'Sacrifice'.

Markus Kuhn discovered several low-cost software techniques for reducing the chances that emanations from computer displays can be monitored remotely. With CRT displays and analogue video cables, filtering out high-frequency components from fonts before rendering them on a computer screen will attenuate the energy at which text characters are broadcast. With modern flat-panel displays, the high-speed digital serial interface (DVI) cables from the graphics controller are a main source of compromising emanations. Adding random noise to the less significant bits of pixel values may render the emanations from flat-panel displays unintelligible to eavesdroppers but is no secure method. Since DVI uses a certain bit code scheme for trying to transport an evenly balanced signal of 0 and 1 bits there may not be much difference between two pixel colours that differ very much in their colour or intensity. It may also be that the generated emanations may differ totally even if only the last bit of a pixel's colour is changed. The signal received by the eavesdropper does also depend on the frequency where he detects the emanations. The signal can be received on many frequencies at once and each frequency's signal differs in contrast and brightness related to a certain colour on the screen. One should not rely on adding noise but make use of so called tempestation of the equipment. There are few companies where such equipment may be bought or standard equipment be modified to conform to standards like NATO's AMSG 720B, 788, or 784.

See also

Notes

  1. ^ Public version of NACSIM 5000 http://cryptome.org/nacsim-5000.htm
  2. ^ Computers and Security, vol. 7, number 4
  3. ^ See "TEMPEST 101" and "TEMPEST and QinetiQ" under External Links.