Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations

  • Markus G. Kuhn
  • Ross J. Anderson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1525)

Abstract

It is well known that eavesdroppers can reconstruct video screen content from radio frequency emanations. We discuss techniques that enable the software on a computer to control the electromagnetic radiation it transmits. This can be used for both attack and defence. To attack a system, malicious code can encode stolen information in the machine’s RF emissions and optimise them for some combination of reception range, receiver cost and covertness. To defend a system, a trusted screen driver can display sensitive information using fonts which minimise the energy of these emissions. There is also an interesting potential application to software copyright protection.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Peter Wright: Spycatcher-The Candid Autobiography of a Senior Intelligence Officer. Wlliam Heinemann Australia, 1987, ISBN 0-85561-098-0Google Scholar
  2. 2.
    Electromagnetic Pulse (EMP) and Tempest Protection for Facilities. Engineer Pamphlet EP 1110-3-2, 469 pages, U.S. Army Corps of Engineers, Publications Depot, Hyattsville, December 31, 1990Google Scholar
  3. 3.
    Deborah Russell, G. T. Gangemi Sr.: Computer Security Basics. Chapter 10: TEMPEST, O’Reilly & Associates, 1991, ISBN 0-937175-71-4Google Scholar
  4. 4.
    A. J. Mauriello: Join a government program to unveil Tempest-spec mysteries. EDN vol 28 no 13, pp 191–195, June 23, 1983Google Scholar
  5. 5.
    Anton Kohling: TEMPEST-eine Einführung und übersicht zu kompromittierenden Aussendungen, einem Teilaspekt der Informationssicherheit. In H.R. Schmeer (ed.): Elektromagnetische VertrÄglichkeit/EMV’92, Stuttgart, February 1992, pp 97–104, VDE-Verlag, Berlin, ISBN 3-8007-1808-1.Google Scholar
  6. 6.
    Joachim Opfer, Reinhart Engelbart: Verfahren zum Nachweis von verzerrten und stark gestörten Digitalsignalen und Schaltungsanordnung zur Durchführung des Verfahrens [Method for the detection of distorted and strongly interfered digital signals and circuit arrangement for implementing this method]. German Patent DE 4301701 C1, Deutsches Patentamt, May 5, 1994Google Scholar
  7. 7.
    Wolfgang Bitzer, Joachim Opfer: Schaltungsanordnung zum Messen der Korrelationsfunktion zwischen zwei vorgegebenen Signalen [Circuit arrangement for measuring the correlation function between two provided signals]. German Patent DE 3911155 C2, Deutsches Patentamt, November 11, 1993Google Scholar
  8. 8.
    Ernst Bovenlander, invited talk on smartcard security, Eurocrypt’ 97, May 11–15, 1997, Konstanz, GermanyGoogle Scholar
  9. 9.
    Harold Joseph Highland: Electromagnetic Radiation Revisited. Computers & Security vol 5, pp 85–93 and 181–184, 1986CrossRefGoogle Scholar
  10. 10.
    Kristian Beckman: LÄckande Datorer [Leaking Computers]. Cited in [9,18]Google Scholar
  11. 11.
    Wim van Eck: Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? Computers & Security vol 4, pp 269–286, 1985CrossRefGoogle Scholar
  12. 12.
    Erhard Möller, Lutz Bernstein, Ferdinand Kolberg: Schutzma\nahmen gegen kompromittierende elektromagnetische Emissionen von BildschirmsichtgerÄten [Protective Measures Against Compromising Electro Magnetic Radiation Emitted by Video Display Terminals]. Labor für Nachrichtentechnik, Fachhochschule Aachen, Aachen, GermanyGoogle Scholar
  13. 13.
    Peter Smulders: The Threat of Information Theft by Reception of Electromagnetic Radiation from RS-232 Cables. Computers & Security vol 9, pp 53–58, 1990CrossRefGoogle Scholar
  14. 14.
    überkoppeln auf Leitungen [Cross-talk on cables], FaltblÄtter des BSI 4, German Information Security Agency, Bonn, 1997.Google Scholar
  15. 15.
    Schutzma\nahmen gegen Lauschangriffe [Protection against eavesdropping attacks], FaltblÄtter des BSI 5, German Information Security Agency, Bonn, 1997.Google Scholar
  16. 16.
    Blo\stellende Abstrahlung [Compromising Emanation], FaltblÄtter des BSI 12, German Information Security Agency, Bonn, 1996.Google Scholar
  17. 17.
    Joel McNamara: The Complete, Unofficial TEMPEST Information Page. Internet Web page, URL http://www.eskimo.com/~joelm/tempest.html.
  18. 18.
    Harold Joseph Highland: The Tempest over Leaking Computers. Abacus vol 5 no 2, pp 10–18 and 53, 1998Google Scholar
  19. 19.
    Raymod J. Lackey, Donald W. Upmal: Speakeasy: The Military Software Radio. IEEE Communications Magazine vol 33 no 5, pp 56–61, May 1995CrossRefGoogle Scholar
  20. 20.
    John G. Proakis: Digital Communications. 3rd ed., McGraw-Hill, New York, 1995, ISBN 0-07-051726-6Google Scholar
  21. 21.
    Operating Manual for DataSafe/ESL Model 400B/400B1 Emission Monitors. DataSafe Limited, 33 King Street, Cheltenham, Goucestershire GL50 4AU, United Kingdom, June 1991Google Scholar
  22. 22.
    James D. Foley, Andries van Dam: Fundamentals of Interactive Computer Graphics, Addison-Wesley, 1982Google Scholar
  23. 23.
    Michael Bach, Thomas Meigen, Hans Strasburger: Raster-scan cathode-ray tubes for vision research-limits of resolution in space, time and intensity and some solutions. Spatial Vision vol 10 no 4, pp 403–414, 1997CrossRefGoogle Scholar
  24. 24.
    Stanley A. Klein, Q. James Hu, Thom Carney: The Adjacent Pixel Nonlinearity: Problems and Solutions. Vision Research vol 36 no 19, pp 3167–3181, 1996CrossRefGoogle Scholar
  25. 25.
    Lars HØivik: System for Protecting Digital Equipment Against Remote Access. United States Patent 5165098, November 17, 1992Google Scholar
  26. 26.
    John H. Dunlavy: System for Preventing Remote Detection of Computer Data from TEMPEST Signal Emissions. United States Patent 5297201, March 22, 1994Google Scholar
  27. 27.
    Markus G. Kuhn, Ross J. Anderson: Software Piracy Detector Sensing Electromagnetic Computer Emanations. UK patent application no 9722799.5, October, 1997Google Scholar
  28. 28.
    Markus G. Kuhn, Ross J. Anderson: Low Cost Countermeasures Against Compromising Electromagnetic Computer Emanations. UK patent application no 9801745.2, January 28, 1998Google Scholar

Copyright information

© Springer-Verlag 1998

Authors and Affiliations

  • Markus G. Kuhn
    • 1
  • Ross J. Anderson
    • 1
  1. 1.University of CambridgeCambridgeUK

Personalised recommendations