Active Countermeasures Against Tempest Attacks

Arnold G. Reinhold reinhold at world.std.com
Tue Mar 11 11:04:17 EST 2003


At 11:43 PM -0800 3/10/03, Bill Stewart wrote:
>At 09:14 AM 03/10/2003 -0500, Arnold G. Reinhold wrote:
>>On the other hand, remember that the earliest Tempest systems
>>were built using vacuum tubes. An attacker today can carry vast amounts
>>of signal processing power in a briefcase.
>
>And while some of the signal processing jobs need to scale with the 
>target systems,
>as computer clock speeds get faster, the leakage gets higher and
>therefore shielding becomes harder and leakage gets higher.
>Most of the older shielding systems can do fine with the 70 MHz 
>monitor speeds,
>but the 3 GHz CPU clock speed is more leaky.  Millimeter wavelengths are
>_much_ more annoying.
>>
>>All in all I would not put much faith in ad hoc Tempest protection. 
>>Without access to the secret specifications and test procedures, I 
>>would prefer to see highly critical operations done using battery 
>>powered laptops operating in a Faraday cage, with no wires crossing 
>>the boundary (no power, no phone, no Ethernet, nada).  In that 
>>situation, one can calculate shielding effectiveness from first 
>>principles. 
>>http://www.cs.nps.navy.mil/curricula/tracks/security/AISGuide/navch16.txt 
>>suggests US government requirements for a shielded enclosure are 60 
>>db minimum.
>
>Back when most of the energy lived at a few MHz, it was easy to make 
>enclosures
>that had air vents that didn't leak useful amounts of signal.  It's 
>harder today.
>So take your scuba gear into your Faraday cage with you :-)

One of my pet ideas is to used older, 1990's vintage, laptops for 
secure processing, e.g. reading PGP mail, generating key pairs, 
signing submaster keys, etc.  They are cheap enough to dedicate to 
the task, they'd be off most of the time thereby reducing 
vulnerability, older operating systems and firmware have fewer 
opportunities for mischief and most viruses won't run on the old 
software.  Easier shielding due to lower clock rate is an advantage I 
hadn't thought of before.

>
>Basically, if you've got a serious threat of TEMPEST attacks,
>you've got serious problems anyway...

You could say that about strong crypto in general. Anyone with 
valuable information stored on a computer has lots to worry about.

Arnold Reinhold

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list