Schneier on Security
A blog covering security and security technology.
« Dognapping |
| Breach Notification Laws »
January 20, 2009
The Discovery of TEMPEST
Another recently unclassified NSA document: Jeffrey Friedman, "TEMPEST: A Signal Problem," NSA Cryptologic Spectrum, Summer 1972.
EDITED TO ADD (2/12): Article on the topic.
Posted on January 20, 2009 at 12:34 PM
• 21 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Wow, this sounds so sadly familiar
"Instead of buying this monster [the shielding designed by Bell to prevent eavesdropping], the Signal Corps resorted to the only other solution they could think of. They went out and warned commanders of the problem, advised them to control a zone about 100 feet in diameter around their communications center to prevent covert interception. and let it go at that."
Lo and behold, as technology improved, the 100 ft estimate was incorrect.
Interesting. This paper makes clear that the USSR was way ahead of the US in exploiting "TEMPEST effects" for eavesdropping.
Aw, come on Bruce. They were just buying the alternative medicine treatment when what they really should have been buying the cure. ;)
A lot of redacting.
But, I hadn't realized the machines were so (electrically) noisy, and the reading of the electronic traffic would be so easy!
Some machines were so noisy that if you could tap into the encrypted line, there would be a faint "echo" of the decrypted signal being sent back down the line, which could be read using fairly simple equipment.
Actually, this paper was declassified and released back in April of last year, though the URL of the document changed recently. I blogged about it (at http://www.crypto.com/blog/hardware_security/ ) when it was first declassified.
I got this one on an FIA request a while back (kept meaning to scan it in and post it, but never got around to it).
What I find most interesting is that people's initial reactions, in nearly every case I've heard about including this one, is that this form of eavesdropping is something that can only be done in a lab; the real world is too noisy for it to actually work. However, it turned out that not only is the idea practical, but also that the intelligence community found new ways to eavesdrop faster than they could figure out how to protect against them.
MKotS: Machines and signals are extremely noisy. I had an old desktop whose activity could be heard on a ham radio by tuning to its bus frequency.
Early personal computers were not only RF noisy, but also predictable.
I seem to recall programs that would play simple tunes or sound effects on AM radios placed next to a Commodore PET, Apple ][, or TRS-80.
(Different programs for each, of course.)
@ Timm Murray,
"... is that this form of eavesdropping is something that can only be done in a lab; the real world is too noisy for it to actually work."
I don't know why...
Contry to what most "official documents" say electronic evesdropping on militry communications started in the first not the second world war.
As a lot of people on this blog know a telephone uses a pair of twisted wires, and in their simplest form a telephone "instrument" consists of a variable resistance (carbon granual) microphone in series with a speaker that converts a changing current into sound. Two instruments are placed in series with a battery to make the circuit.
Well during the first world war they used only one conductor and an earth return with a high voltage battery.
It was discovered by accident that putting two circuits in close to each other you got an effect that became known as "cross talk" where the two seperate circuits leaked information to each other.
This was experimentaly exployted for gathering information and methods where investigated to prevent signal leakage.
During the second world war the UK used a secure telex link for Diplomatic traffic. Messages where first encoded on Typex (like the German Enigma) then the tapes where sent superencoded by a one time pad tape system.
It was shown that the due to timing differences in the hold and release times of the relays used to perform the XOR function that the superencryption could be stripped off.
A machine that was immune to this was developed called the Rockex (supposedly named after either the Rockerfeler center or a ladies performance team).
Picture and other details of the Rockex can be found on line, and for what was just a bunch of relays and thermionic devices it was surprisingly robust and reliable and provided a lasting service.
The KG-13 had a serious weakness where the transition points of the un-encrypted data would be conducted onto the ground lead, and often into the master station ground. A very clever spy could then place and inductive pickup on the power lines or master station ground at some distance away from the KG-13 and the SCIF and obtain Secret and Top Secret information.
This was important as the KG-13 was a long cycle cipher box, so that if you had even the slightest fragment of clear text leak out it was massively easy to extract clear text from the cipher text.
In some areas spies even tampered with or tapped the master station ground, and in a couple of cases installed clusters of ground monitoring systems to type to capture these fragments.
The TEMPEST probelms are most notable with low speed data, TTY, E-Mail, and similar low volume system.
With high bandwidth devices such as computer displays, televisions, the value is minimal and the cost is too high and too man power intensive.
Historically, intelligence officers want the crypto more then any thing else, because, if you can exploit thier crypto systems you obtain the ultiate control and power.
Don't be so sure that TEMPEST on displays etc are too expensive to be worth it...
I have seen a demo from DVI cable leakage, and another example with noise leakage from the monitor control.
It is harder, but high speed digital electronics are also soo much cheaper now. When hobbiest can use SMT and get a multilayered PCB for a few hundred dollars, hard things become quite easy for someone in the know.
Now add side channels and things can get really interesting. But only if you have something that is interesting enough to break.
The DVI examples was someone who wanted to dub his bluray disks. He finds it fun to do, its quite impressive really.
When I first joined the service TEMPEST was a big thing, but as they switched over to "COTS" from dedicated military communications hardware (to 'save money'), they just started ignoring TEMPEST. I can only assume this is because while computer and comm technologies were moving forward, spy technology regressed and the world became more friendly and less interested in spying on us...
The content was interesting, but I was surprised how informal the language was. It read less like an academic paper, and more like a cheap novel.
Its hardly the case that the world became "more friendly and less interested in spying on us".
I suspect (but have no proof) that TEMPEST equipment for reading the signals of LCD monitors and laptop displays is in widespread use.
Tiny ElectroMagnetic Particles Emitting Secret Things. How true...
A friend in graduate school finished his MS in Physics and went to work for Zenith. At that time (late 70's) they were still a major manufacturer of TVs, computer displays, and data terminals. One of his early projects was to build a prototype Tempest-certified terminal. His vulnerability analysis of existing terminals (including ones that were Tempest certified at that time) was that the biggest source of detectable RF signals (and most difficult source to eliminate) was the cable between the keyboard and the monitor ("floating" keyboards were part of the RFC). His solution? To eliminate electrical signals between the keyboard and CPU/CRT case altogether, making the keyboard unit electronically passive. Ie; he used led's, key-driven shutters, and simple light-pipes (fiber or something similar). The optical detectors in the CPU/CRT box, which WAS heavily shielded, would detect the break in the light source which was directly connected to a key. So, the only electrical connection to the keyboard was to power the leds, which generated no RF or static relative to the actions of the keys. Approaching it this way, he had a fully functional prototype within a couple of months that only took 90 days to pass full Tempest certification (a record for shortest certification period at that time, as I understand it).
To my mind, this is an excellent example of how "thinking outside the box" can result in novel, useful, and successful new products and can overcome technical challenges that others thought insurmountable. I understand there was quite a bit of betting in his department against his success in this project. :-)
I submit that bob was in no way implying that people are spying less; his statement was just a cynical view that there is a growing trend to throw COMSEC to the wind in order to slash costs by using COTS equipment. You'll likely find this view from anyone that does technical work for the government and is concerned about anything other than minimizing expenditures.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.