1 / 17

Tempest Emanations

Tempest Emanations. Jacklyn Truong University of Tulsa April 16, 2013. Introduction. Tempest emanations Electromagnetic waves emitted by electric devices Generated when device changes voltage of an electric current Can travel extensive distances through free space

Download Presentation

Tempest Emanations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Tempest Emanations Jacklyn Truong University of Tulsa April 16, 2013

  2. Introduction • Tempest emanations • Electromagnetic waves emitted by electric devices • Generated when device changes voltage of an electric current • Can travel extensive distances through free space • Travel distance can be extended by conductors • Can be captured • Tempest attacks • Captured Tempest emanations can be deciphered to uncover processed data

  3. History • 1944 – Bell Labs stumble upon Tempest emanations • Bell Labs provided US Military with mixing devices called 131-B2 • Used with a rotor key generator to encrypt messages • Each step of the mixing device caused a frequency pattern to appear on an oscilloscope • Found that the frequency pattern revealed the plaintext of the encrypted messages • Findings reported to the US Military • US Military was skeptical • Bell Labs performed a test to prove threat • Recorded signals from 80 feet away from the Signal Corps’ Varick Street cryptocenter • Produced 75% of the plaintext being processed

  4. History • Bell Labs directed to develop suppression methods • Bell Labs’ suppression methods: • Shielding • Prevent Tempest emanations through free space and magnetic fields • Filtering • Prevent compromising emanations from traveling through conductors • Masking • Purposely create electrical noise to drown out compromising emanations

  5. History • US Military’s Response • Modified device was bulky and required too much maintenance • Established control zones • 100 feet in diameter • Ended research on Tempest emanations

  6. History • 1951 – CIA rediscovered the 131-B2 and Tempest emanations • NSA picked up project in an attempt to find new suppression methods • 1953 – Policy required all US cryptocenters to either: • Establish a control zone, 400 feet in diameter • Implement masking • Apply for a waiver based on operational necessity • 1954 – Soviets published a set of standards for the suppression of radio frequency interference

  7. History • 1960 – British intelligence agency accidently discovered Tempest emanations in a similar manner to Bell Lab’s discovery • 1985 – Wim van Eck published a paper demonstrating how contents from a CRT could be extracted using low-cost equipment • First major public description of Tempest emanations • Van Eck phreaking

  8. Executing a Tempest Attack • Use a wide-band receiver tuned to a specific frequency • Determine what frequency to be listening in on • Scan entire frequency range and extract plaintext of emanation according to its amplitude/frequency modulation • Improve signal-to-noise ratio • Use narrow-band antennas and filters • Intercept emanations and deduce plaintext

  9. Present-Day Tempest Attacks • CRT Monitors • Electron beam strikes screen at various intensities to generate different pixels • The electric signal that drives the electron beam emits Tempest emanations • Pixels updated one at a time • LCD Monitors • Pixels updated row by row • No deflection coils – low radiation • Operate on low voltages • Still vulnerable • DVI cable • Configurations

  10. Present-Day Tempest Attacks • Keyboards • Each keystroke causes the voltage of the electric current being sent to the computer to change • Tempest Viruses • Theoretical (Ross J. Anderson) • Infiltrate machine and automatically transmit retrieved information to a hidden radio receiver nearby

  11. Tempest Emanations and Businesses • Tempest Emanations • Difficult to suppress • Surpasses advanced encryption algorithms • The business environment consists of many electronic devices emitting Tempest emanations • Sensitive information at risk • Personal information • Financial information • Customer information • Login information • Encryption/decryption keys

  12. Mitigation • Modify devices • 1955 – NSA modified teletypewriters to transmit character data all at once • Resulted in one large (oscilloscope) “spike” per character instead of five • Reduce voltage • Weaker emanations • Soft Tempest Font • Markus Kuhn and Ross Anderson • Free • Minimize strength of compromising emanations • Readable on a computer monitor, but not across Tempest emanations

  13. Mitigation • Soft Tempest Font

  14. Mitigation • Shield • Individual machines • Faraday cage • Apply filters • Mask – drown out emanations by generating electrical noise • Physically separate machines (classified and unclassified) • Encrypt signal being sent • HDCP – High bandwidth Digital Content Protection • LCD Monitors • Lower refresh rate

  15. Conclusion • Initially very difficult to suppress • Some methods are expensive • Modifying devices • Faraday cages • Physically separating machines • Moving forward • Encrypt signal being sent

  16. References • [1] D. G. Boak, “A History of U.S. Communications Security,” NSA, Ft. George G. Meade, MD, Rep. MDR-54498, 1973, vol. 1 and 2. • [2] M. G. Kuhn and R. J. Anderson, D. Aucsmith, "Soft tempest: Hidden data transmission using electromagnetic emanations", Information Hiding: 2nd Int. Workshop, vol. 1525, pp.124 -142 1998 :Springer-Verlag • [3] M. Pellegrini. (2008, April 29). Declassified NSA Document Reveals the Secret History of TEMPEST [Online]. Available: http://www.wired.com/threatlevel/2008/04/nsa-releases-se/ • [4] B. Koops, The Crypto Controversy: A Key Conflict in the Information Society, Kluwer Law International, 1999, pp. 211. • [5] R. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley Computer Publishing, New York, 2001, pp. 538-539. • [6] Dynamic Sciences International, Inc. (2012). R-1550A TEMPEST Receiver [Online]. Available: http://www.dynamicsciences.com/client/show_product/33 • [7] M. Vuagnoux and S. Pasini. "Compromising electromagnetic emanations of wired and wireless keyboards," In proceedings of the 18th USENIX Security Symposium, pages 1-16, Montreal, Canada, 2009. USENIX Association. • [8] J. Loughry and D. A. Umphress. Information leakage from optical emanation. ACM Transactions on Information and Systems Security, 5(3):262-289, 2002. • [9] Introni (2012). La Crittografia [Online]. Available: http://www.introni.it/crittografia.html

  17. Questions?

More Related