Advertisement

Abstract

Nearly half a century ago, military organizations introduced “Tempest” emission-security test standards to control information leakage from unintentional electromagnetic emanations of digital electronics. The nature of these emissions has changed with evolving technology; electromechanic devices have vanished and signal frequencies increased several orders of magnitude. Recently published eavesdropping attacks on modern flat-panel displays and cryptographic coprocessors demonstrate that the risk remains acute for applications with high protection requirements. The ultra-wideband signal processing technology needed for practical attacks finds already its way into consumer electronics. Current civilian RFI limits are entirely unsuited for emission security purposes. Only an openly available set of test standards based on published criteria will help civilian vendors and users to estimate and manage emission-security risks appropriately. This paper outlines a proposal and rationale for civilian electromagnetic emission-security limits. While the presented discussion aims specifically at far-field video eavesdropping in the VHF and UHF bands, the most easy to demonstrate risk, much of the presented approach for setting test limits could be adapted equally to address other RF emanation risks.

Keywords

Eavesdropping emission security Tempest protection standards video displays side channels 

References

  1. 1.
    van Eck, W.: Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? Computers & Security 4, 269–286 (1985)CrossRefGoogle Scholar
  2. 2.
    Kuhn, M.G.: Compromising emanations: eavesdropping risks of computer displays. Technical Report UCAM-CL-TR-577. University of Cambridge, Computer Laboratory (December 2003), http://www.cl.cam.ac.uk/TechReports/
  3. 3.
    Kuhn, M.G.: Electromagnetic Eavesdropping Risks of Flat-Panel Displays. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 88–107. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    National Security Telecommunications and Information Systems Security Advisory Memorandum NSTISSAM TEMPEST/1-92: Compromising Emanations Laboratory Test Requirements, Electromagnetics. National Security Agency, Fort George G. Meade, Maryland, December 15 (1992), Partially declassified transcript: http://cryptome.org/nsa-tempest.htm
  6. 6.
    NACSIM 5000: Tempest Fundamentals. National Security Agency, Fort George G. Meade, Maryland (February 1982), Partially declassified transcript: http://cryptome.org/nacsim-5000.htm
  7. 7.
    National Security Telecommunications and Information Systems Security Advisory Memorandum NSTISSAM TEMPEST/2-95: RED/BLACK Installation Guidance. National Security Agency, Fort George G. Meade, Maryland, 12 December (1995), Transcript: http://cryptome.org/tempest-2-95.htm
  8. 8.
    National COMSEC/EMSEC Information Memorandum NACSEM-5112: NONSTOP Evaluation Techniques. National Security Agency, Fort George G. Meade, Maryland (April 1975), Partially declassified transcript: http://cryptome.org/nacsem-5112.htm
  9. 9.
    National Security Telecommunications and Information Systems Security Instruction NSTISSI No. 7000: TEMPEST Countermeasures for Facilities. National Security Agency, Fort George G. Meade, Maryland, November 29 (1993), Partially declassified transcript: http://cryptome.org/nstissi-7000.htm
  10. 10.
    Specification NSA No. 94-106: Specification for Shielded Enclosures. National Security Agency, Fort George G. Meade, Maryland, October 24 (1994), Transcript: http://cryptome.org/nsa-94-106.htm
  11. 11.
    TCO’99 – Mandatory and recommended requirements for CRT-type Visual Display Units (VDUs). Swedish Confederation of Professional Employees (TCO) (1999), http://www.tcodevelopment.com/
  12. 12.
    Procedure for Measurement of Emissions of Electric and Magnetic Fields from VDUs from 5 Hz to 400 kHz. European Computer Manufacturers Association, Standard ECMA-172 (June 1992) (also IEEE Std 1140-1994)Google Scholar
  13. 13.
    Information technology equipment – Radio disturbance characteristics – Limits and methods of measurement. CISPR 22, International Electrotechnical Commission (IEC), Geneva (1997) (also EN 55022)Google Scholar
  14. 14.
    Specification for radio disturbance and immunity measuring apparatus and methods. CISPR 16, International Electrotechnical Commission (IEC), Geneva (2000)Google Scholar
  15. 15.
    Requirements for the Control of Electromagnetic Interference Characteristics of Subsystems and Equipment. MIL-STD-461E, US Department of Defense, Interface Standard, August 20 (1999)Google Scholar
  16. 16.
    Perez, R. (ed.): Handbook of Electromagnetic Compatibility. Academic Press, London (1995)Google Scholar
  17. 17.
    IEEE Standard for the Measurement of Impulse Strength and Impulse Bandwidth, ANSI/IEEE Std 376-1975Google Scholar
  18. 18.
    Radio noise. Recommendation ITU-R P.372-7, International Telecommunication Union, Geneva (2001)Google Scholar
  19. 19.
    Propagation data and prediction methods for the planning of indoor radiocommunication systems and radio local area networks in the frequency range 900 MHz to 100 GHz. Recommendation ITU-R P.1238-2, International Telecommunication Union, Geneva (2001)Google Scholar
  20. 20.
    Hashemi, H.: The Indoor Radio Propagation Channel. Proceedings of the IEEE 81(7), 943–968 (1993)CrossRefGoogle Scholar
  21. 21.
    Rice, L.P.: Radio Transmission into Buildings at 35 and 150 mc [MHz]. Bell System Technical Journal 38(1), 197–210 (1959)MathSciNetGoogle Scholar
  22. 22.
    Zimmermann, M., Dostert, K.: A Multipath Model for the Powerline Channel. IEEE Transactions on Communications 50(4), 553–559 (2002)CrossRefGoogle Scholar
  23. 23.
    Rothammel, K., Krischke, A.: Rothammels Antennenbuch. Franckh-Kosmos, Stuttgart (1995)Google Scholar
  24. 24.
    Test & Measurement Catalog 2001. Agilent Technologies, USA (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Markus G. Kuhn
    • 1
  1. 1.Computer LaboratoryUniversity of CambridgeCambridgeUnited Kingdom

Personalised recommendations