A brief look into the history and evolution of compromising emanations.| |
Nicole King CIS 284s Winter 2013|
TEMPEST stands for “Telecommunications Electronics Material Protected From Spurious Emanating Transmissions”. It also is used to refer to security preventing any exploitation of vulnerabilities created by compromising emanations of electrical devices. Basically when electrical devices operate, they generate electromagnetic signals that can be intercepted and used to reconstruct sensitive information. “Listening” for these signals is known as “eavesdropping”. With the right equipment an eavesdropper can be hundreds of feet from the signal. This presents a real problem when a computer is processing classified information. The NSA (National Security Agency) has developed the TEMPEST standard which consists of several industry measurements to avoid such leakage. These computers have heavy metal cases, different power supplies and some additional modifications.
TEMPEST came about in 1918 by a man named Herbert Yardley. He and his Black Chamber staff were instructed by the U.S. Army to find ways to detect and exploit combat radio transmitters and telephones. Yardley determined that normal equipment was allowing secret information to be passed to the enemy via technical vulnerabilities. A program was then created to find ways to prevent the compromising emanations. Even though the initial project was not called TEMPEST (that term came about in the late 60’s or early 70’s) it became known by that term. Today, the term is obsolete. It has been changed to Emissions Security or EMSEC.
EMSEC involves designing circuits to limit compromising emanations. This includes shielding, bonding, grounding, radiation screening, alarms, and isolation devices. All of these methods work to reduce stray signals that could be reconstructed and analyzed.
TEMPEST Signal Types
RED Baseband Signals.-This, simplified, means reading a computer remotely. The proper definition is: “The most easily recognized CE is the RED baseband signal in attenuated but otherwise unaltered form, since it is essentially identical to the RED baseband signal itself. This emanation can be introduced into electrical conductors connected to circuits (within an Equipment Under Test) which have impedance or a power source in common with circuits processing RED baseband signals. It can be introduced into an escape medium by capacitive or inductive coupling, and especially by radiation with RED baseband signals of higher frequencies or data rates.”
Modulated Spurious Carriers. This, simplified, means that a signal changes either the amplitude or frequency of another signal. The proper definition is: “This type of CE is generated as the modulation of a carrier by RED data. The carrier may be a parasitic oscillation generated in the equipment, i.e., the chopper frequency of a power supply, etc. The carrier is usually amplitude or angle-modulated by the basic RED data signal. Or a signal related to the basic RED data signal, which is then radiated into space or coupled into Equipment Under Test external conductors.”
Impulsive Emanations. This means that something you are doing on the computer can be seen on a line or through the air. The proper definition is: “Impulsive emanations are quite common in Equipment Under Test's processing digital signal, and are caused by very fast mark-to-space and space-to-mark transitions of digital signals. Impulsive emanations can be radiated into space or coupled into Equipment Under Test external conductors.”
TEMPEST Signal Emission
There are four ways TEMPEST signals can escape. They are: Electromagnetic Radiation, Line Conduction, modulation of an intended signal (Fortuitous Conduction), and Acoustics. The following are definitions I found during my research:
Electromagnetic Radiation: Whenever a RED signal is generated or...