Active Countermeasures Against Tempest Attacks
Bill Stewart
bill.stewart at pobox.com
Tue Mar 11 02:43:28 EST 2003
At 09:14 AM 03/10/2003 -0500, Arnold G. Reinhold wrote:
>On the other hand, remember that the earliest Tempest systems
>were built using vacuum tubes. An attacker today can carry vast amounts
>of signal processing power in a briefcase.
And while some of the signal processing jobs need to scale with the target
systems,
as computer clock speeds get faster, the leakage gets higher and
therefore shielding becomes harder and leakage gets higher.
Most of the older shielding systems can do fine with the 70 MHz monitor speeds,
but the 3 GHz CPU clock speed is more leaky. Millimeter wavelengths are
_much_ more annoying.
>All in all I would not put much faith in ad hoc Tempest protection.
>Without access to the secret specifications and test procedures, I would
>prefer to see highly critical operations done using battery powered
>laptops operating in a Faraday cage, with no wires crossing the boundary
>(no power, no phone, no Ethernet, nada). In that situation, one can
>calculate shielding effectiveness from first principles.
>http://www.cs.nps.navy.mil/curricula/tracks/security/AISGuide/navch16.txt
>suggests US government requirements for a shielded enclosure are 60 db minimum.
Back when most of the energy lived at a few MHz, it was easy to make enclosures
that had air vents that didn't leak useful amounts of signal. It's harder
today.
So take your scuba gear into your Faraday cage with you :-)
Basically, if you've got a serious threat of TEMPEST attacks,
you've got serious problems anyway...
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list