Active Countermeasures Against Tempest Attacks

Dave Emery die at die.com
Sat Mar 8 21:35:37 EST 2003 

On Fri, Mar 07, 2003 at 10:46:06PM -0800, Bill Frantz wrote:
> 
> The next more complex version sends the same random screen over and over in
> sync with the monitor.  Even more complex versions change the random screen
> every-so-often to try to frustrate recovering the differences between
> screens of data on the monitor.
> 

	Five or six years ago I floated the suggestion that one could do
worse than phase lock all the video dot clock oscillators in a computer
room or office to the same master timing source. This would make it
significantly harder to recover one specific monitor's image by
averaging techniques as the interference from nearby monitors would have
exactly the same timing and would not average out as it does in the more
typical case where each monitor is driven from a video board with a
slightly different frequency dot clock (due to aging and manufacturing
tolerances).

	Modifying existing video boards to support such master timing
references is possible, but not completely trivial - but would cost
manufacturers very little if it was designed in in the first place.

	And of course one could "improve" the shielding on the monitor
with the dummy unimportant data so it radiated 10 or 20 db more energy
than the sensitive information monitor next to it.   In many cases this
might involve little more than scraping off some conductive paint or
removing the ground on a cable shield.

	I am sure that it would take little effort with a spectrum
analyzer and some hand tools to defeat most of the EMI suppression 
in many monitors and whilst this would not be entirely legal under
FCC rules (at least for a manufacturer or dealer) it probably would
be closer to legal than deliberately creating rf interference
with an intentionally radiating jammer.

	I imagine, however, that the usefulness of the RF radiated by a
modern TFT flat panel display fed with DVI digital video is already much
less as there is no serial stream of analog pixel by pixel video energy
at any point in such an environment.  Most TFTs do one entire row or
column of the display at a time in parallel which does not yield an
easily separated stream of individual pixel energy.   Thus extracting
anything resembling an image would seem very difficult.

	So perhaps the era of the simplest to exploit TEMPEST threats
is ending as both optical and rf TEMPEST is much easier with raster
scan pixel at a time CRT displays than it is with modern more parallel
flat panel display designs.

-- 
	Dave Emery N1PRE,  die at die.com  DIE Consulting, Weston, Mass. 
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2  5D 27 BD B0 24 88 C3 18


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list