Action disabled: media

Intro:

Across the darkened street, a windowless van is parked. Inside, an antenna is pointed out through a fiberglass panel. It's aimed at an office window on the third floor. As the CEO works on a word processing document, outlining his strategy for a hostile take-over of a competitor, he never knows what appears on his monitor is being captured, displayed, and recorded in the van below.

If you're even vaguely familiar with intelligence, computer security, or privacy issues, you've no doubt heard about TEMPEST. Probably something similar to the above storyline. The general principle is that computer monitors and other devices give off electromagnetic radiation. With the right antenna and receiver, these emanations can be intercepted from a remote location, and then be redisplayed (in the case of a monitor screen or recorded and replayed (such as with a printer or keyboard).

TEMPEST is a code word that relates to specific standards used to reduce electromagnetic emanations. In the civilian world, you'll often hear about TEMPEST devices (a receiver and antenna used to monitor emanations) or TEMPEST attacks (using an emanation monitor to eavesdrop on someone). While not quite to government naming specs, the concept is still the same.

TEMPEST has been shrouded in secrecy. A lot of the mystery really isn't warranted though. While significant technical details remain classified, there is a large body of open source information, that when put together forms a pretty good idea of what this dark secret is all about. That's the purpose of this page.

The following is a collection of resources for better understanding what TEMPEST is. And no, I seriously don't think national security is being jeopardized because of this information. I feel to a certain extent, the security through obscurity that surrounds TEMPEST may actually be increasing the vulnerability of U.S. business interests to economic espionage. Remember, all of this is publicly available. A fair amount has come from unclassified, government sites. Up to this point, no one has spent the time to do the research and put it all together in a single location.

I've just begin to scratch the surface. If you have any additions, corrections, or amplifications, let me know. This is a work in progress, so check back often (updates are listed at the bottom of the page).

What is TEMPEST?

TEMPEST is a U.S. government code word that identifies a classified set of standards for limiting electric or electromagnetic radiation emanations from electronic equipment. Microchips, monitors, printers, and all electronic devices emit radiation through the air or through conductors (such as wiring or water pipes). An example is using a kitchen appliance while watching television. The static on your TV screen is emanation caused interference. (If you want to learn more about this phenomena, a company called NoRad? has an excellent of electromagnetic radiation and computer monitors, that you don't need to be an electrical engineer to understand. Also, while not TEMPEST-specific, a journal called typically has good technical articles relating to electromagnetic interference. There's also the Electromagnetic Compliance FAQ.)

During the 1950's, the government became concerned that emanations could be captured and then reconstructed. Obviously, the emanations from a blender aren't important, but emanations from an electric encryption device would be. If the emanations were recorded, interpreted, and then played back on a similar device, it would be extremely easy to reveal the content of an encrypted message. Research showed it was possible to capture emanations from a distance, and as a response, the TEMPEST program was started.

The purpose of the program was to introduce standards that would reduce the chances of leakage from devices used to process, transmit, or store sensitive information. TEMPEST computers and peripherals (printers, scanners, tape drives, mice, etc.) are used by government agencies and contractors to protect data from emanations monitoring. This is typically done by shielding the device (or sometimes a room or entire building) with copper or other conductive materials. (There are also active measures for jamming electromagnetic signals. Refer to some of the patents listed below.)

In the United States, TEMPEST consulting, testing, and manufacturing is a big business, estimated at over one billion dollars a year. (Economics has caught up TEMPEST though. Purchasing TEMPEST standard hardware is not cheap, and because of this, a lesser standard called ZONE has been implemented. This does not offer the level of protection of TEMPEST hardware, but it quite a bit cheaper, and is used in less sensitive applications.)

Emanation standards aren't just confined to the United States. NATO has a similar standard called the AMSG 720B Compromising Emanations Laboratory Test Standard. In Germany, the TEMPEST program is administered by the National Telecom Board. In the UK, Government Communications Headquarters (GCHQ), the equivalent of the NSA, has their own program.

TEMPEST History

The original 1950s emanations standard was called NAG1A. During the 1960s it was revised and reissued as FS222 and later FS222A.

In 1970 the standard was significantly revised and published as National Communications Security Information Memorandum 5100 (Directive on TEMPEST Security), also known as NACSIM 5100. This was again revised in 1974.

Current national TEMPEST policy is set in National Communications Security Committee Directive 4, dated January 16, 1981. It instructs federal agencies to protect classified information against compromising emanations. This document is known as NACSIM 5100A and is classified.

The National Communications Security Instruction (NACSI) 5004 (classified Secret), published in January 1984, provides procedures for departments and agencies to use in determining the safeguards needed for equipment and facilities which process national security information in the United States. National Security Decision Directive 145, dated September 17, 1984, designates the National Security Agency (NSA) as the focal point and national manager for the security of government telecommunications and Automated Information Systems (AISs). NSA is authorized to review and approve all standards, techniques, systems and equipment for AIS security, including TEMPEST. In this role, NSA makes recommendations to the National Telecommunications and Information Systems Security Committee for changes in TEMPEST polices and guidance.

Just how prevalent is emanation monitoring?

There are no public records that give an idea of how much emanation monitoring is actually taking place. There are isolated anecdotal accounts of monitoring being used for industrial espionage (see Information Warfare, by Winn Schwartau), but that's about it. Unfortunately, there's not an emanation monitoring category in the FBI Uniform Crime Reports.

Threat?

There are a few data points that lead one to believe there is a real threat though, at least from foreign intelligence services. First of all, the TEMPEST industry is over a billion dollar a year business. This indicates there's a viable threat to justify all of this protective hardware (or it's one big scam that's making a number of people quite wealthy).

This scope of the threat is backed up with a quote from a Navy manual that discusses compromising emanations or CE. Foreign governments continually engage in attacks against U.S. secure communications and information processing facilities for the sole purpose of exploiting CE. I'm sure those with appropriate security clearances have access to all sorts of interesting cases of covert monitoring.

Or not?

In 1994, the Joint Security Comission issued a report to the Secretary of Defense and the Director of Central Intelligence called Redefining Security. It's worthwhile to quote the entire section that deals with TEMPEST.

TEMPEST (an acronym for Transient Electromagnetic Pulse Emanation Standard is both a specification for equipment and a term used to describe the process for preventing compromising emanations. The fact that electronic equipment such as computers, printers, and electronic typewriters give off electromagnetic emanations has long been a concern of the US Government. An attacker using off-the-shelf equipment can monitor and retrieve classified or sensitive information as it is being processed without the user being aware that a loss is occurring. To counter this vulnerability, the US Government has long required that electronic equipment used for classified processing be shielded or designed to reduce or eliminate transient emanations. An alternative is to shield the area in which the information is processed so as to contain electromagnetic emanations or to specify control of certain distances or zones beyond which the emanations cannot be detected. The first solution is extremely expensive, with TEMPEST computers normally costing double the usual price. Protecting and shielding the area can also be expensive. While some agencies have applied TEMPEST standards rigorously, others have sought waivers or have used various levels of interpretation in applying the standard. In some cases, a redundant combination of two or three types of multilayered protection was installed with no thought given either to cost or actual threat.

A general manager of a major aerospace company reports that, during building renovations, two SAPs required not only complete separation between their program areas but also TEMPEST protection. This pushed renovation costs from $1.5 million to $3 million just to ensure two US programs could not detect each other's TEMPEST emanations.

In 1991, a CIA Inspector General report called for an Intelligence Community review of domestic TEMPEST requirements based on threat. The outcome suggested that hundreds of millions of dollars have been spent on protecting a vulnerability that had a very low probability of exploitation. This report galvanized the Intelligence Community to review and reduce domestic TEMPEST requirements.

Currently, many agencies are waiving TEMPEST countermeasures within the United States. The rationale is that a foreign government would not be likely to risk a TEMPEST collection operation in an environment not under their control. Moreover, such attacks require a high level of expertise, proximity to the target, and considerable collection time. Some agencies are using alternative technical countermeasures that are considerably less costly. Others continue to use TEMPEST domestically, believing that TEMPEST procedures discourage collection attempts. They also contend that technical advances will raise future vulnerabilities. The Commission recognizes the need for an active overseas TEMPEST program but believes the domestic threat is minimal.

Contractors and government security officials interviewed by the Commission commend the easing of TEMPEST standards within the last two years. However, even with the release of a new national TEMPEST policy, implementation procedures may continue to vary. The new policy requires each Certified TEMPEST Technical Authority (CTTA), keep a record of TEMPEST applications but sets no standard against which a facility can be measured. The Commission is concerned that this will lead to inconsistent applications and continued expense.

Given the absence of a domestic threat, any use of TEMPEST countermeasures within the US should require strong justification. Whenever TEMPEST is applied, it should be reported to the security executive committee who would be charged with producing an annual national report to highlight inconsistencies in implementation and identify actual TEMPEST costs.

Domestic implementation of strict TEMPEST countermeasures is a prime example of a security excess because costly countermeasures were implemented independent of documented threat or of a site's total security system. While it is prudent to continue spot checks and consider TEMPEST in the risk management review of any facility storing specially protected information, its implementation within the United States should not normally be required.

The Commission recommends that domestic TEMPEST countermeasures not be employed except in response to specific threat data and then only in cases authorized by the most senior department or agency head.

Maybe

The main difficulty in tracking instances of emanation monitoring is because it's passive and conducted at a distance from the target, it's hard to discover unless you catch the perpetrator red-handed (a bad Cold War pun). Even if a spy was caught, more than likely the event would not be publicized, especially if it was corporate espionage. Both government and private industry have a long history of concealing security breaches from the public.

As with any risk, you really need to weigh the costs and benefits. Is it cheaper and more efficient to have a spy pass himself off as a janitor to obtain information, or to launch a fairly technical and sophisticated monitoring attack to get the same data? While some hard targets may justify a technical approach, traditional human intelligence (HUMINT gathering techniques are without a doubt, used much more often than emanation monitoring.

TEMPEST Urban Folklore

Because of the general lack of knowledge regarding TEMPEST topics, there is a fair amount of urban folklore associated with it. Here's some common myths. And if you can provide a primary source to prove me wrong, let me know (no friends of friends please).

It's illegal to shield your PC from emanation monitoring. Seline's paper suggests this, but there are no laws that I've found that even come close to substantiating. Export of TEMPEST-type shielded devices is restricted under ITAR, and most manufacturers will only sell to government authorized users, but there are no laws banning domestic use of shielded PCs.

Emanation monitoring was used to snare CIA spy Aldrich Ames and also during the Waco incident. Winn Schwartau appears to have started the speculation on these two events. While conventional electronic surveillance techniques were used, there's no published evidence to support a TEMPEST attack..

You can put together a emanation monitoring device for under $100 worth of Radio Shack and surplus parts. Perhaps for a dumb video display terminal (VDT), but certainly not for a VGA or SVGA monitor. And definitely not for doing serious remote monitoring. There have been anecdotal accounts of television sets with rabbit ears displaying fragments of a nearby computer screen. Beyond that, effective, cheap, easy-to-build devices don't seem to exist. If they did, the plans would be available on the Net at just about every hacker site.

LCD displays on laptops eliminate the risks of TEMPEST attacks. Maybe, maybe not. The technology behind LCD monitors versus typical CRT monitors may somewhat reduce the risk, but I wouldn't bet my life on it. There have been anecdotal accounts of noisy laptop screens being partially displayed on TVs. If laptops were emanation proof, I seriously doubt there would be TEMPEST standard portables on the market.

TEMPEST is an acronym. Maybe. There have been a variety of attempts to turn TEMPEST into a meaningful acronym (such as Transient Pulse Emanation STandard) by government and non-government sources. The official government line denies this, and states TEMPEST was a code word originally given to the standards, and didn't have any particular meaning.

There's virtually no information about TEMPEST on the Net because it's so secret. Nonsense. The world does not revolve around AltaVista. You just need to dig a little deeper.

Online Sources

One of the most distributed sources of TEMPEST information on the Net is a paper by Christopher Seline called Eavesdropping On the Electromagnetic Emanations of Digital Equipment: The Laws of Canada, England and the United States. It deals with laws relating to eavesdropping on the electromagnetic emanations of digital equipment. Seline postulates that it is illegal for a U.S. citizen to shield their hardware against emanation eavesdropping. There are no laws to support this contention. Other information in the Seline paper has been questioned by informed sources, however, there is good source material contained in it.

The other widely distributed source is Grady Ward's TEMPEST in a teapot post to the Cypherpunks list that discusses practical countermeasures based on techniques radio operators use to reduce electromagnetic interference. Good technical source material.

Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? by Wim van Eck, Computers & Security, 1985 Vol. 4. This is the paper that brought emanation monitoring to the public's attention. Van Eck was a research engineer at the Dr. Neher Laboratories of The Netherlands' Post, Telegraph, and Telephone (PTT) Service. His paper was purposely incomplete on several points, and modifications were required to actually build a working device based on his plans. (.PDF format) PC Week, March 10, 1987 v4 p35(2) has an article by Vin McLellan

about

emanation monitoring and TEMPEST.

Patents

A quick search of IBM's patent server service revealed several interesting patents:

Patent number 4965606 - Antenna shroud tempest armor (1989

Patent number 5165098 - System for protecting digital equipment against remote access (1992

Patent number 4932057 - Parallel transmission to mask data radiation (1990

Patent number 5297201 - System for preventing remote detection of computer data from tempest signal emissions (1994

A note about patent 5297201. It references patent 2476337 that was issued July 1, 1949. Unfortunately, the details aren't available online, but the reference may be telling as to just how long emanation monitoring has been taking place.

Paper Sources

Cabinets for Electromagnetic Interference/Radio-Frequency Interference and TEMPEST Shielding by Kenneth F. Gazarek, Data Processing & Communications Security, Volume 9, No. 6 [1985].

Information Warfare, Winn Schwartau, Thunder's Moth Press, New York, 1996 (second edition Chapter 7, The World of Mr. van Eck, is devoted to TEMPEST-related topics. There's some good information, but it's painted pretty broadly, and really doesn't get into technical details (the second edition does present much more material on HERF guns and other topics, but nothing has been added to the van Eck chapter). Still, a good read, also some additional sources not mentioned on this page in the Footnotes section.

Computer Security Basics, Deborah Russell and G. T. Gangemi Sr., O'Reilly & Associates, Sebastpol, CA, 1991 Chapter 10, TEMPEST, provides an excellent overview of the risks of emanations as well as the government TEMPEST program. This is a must read.

Monitoring Devices

A company called The Codex probably has the most information about TEMPEST-type products on a single Net site. The CEO, Frank Jones, gave a monitoring demonstration on the Discovery Channel in October, 1996 a transcript and video stills are available). The site also houses a general discussion of emanation monitoring and a reprint of an Internet Underground article. Jones sells a monitoring device called a DataScan , but unfortunately doesn't supply much technical detail and I've yet to talk to a third party that's actually used one. He also sells something called Safety Shield, which is used to reduce emanations.

John Williams sells the Williams Van Eck System, an off the shelf emanation monitoring device. He also has a demonstration video and and a book called Beyond Van Eck Phreaking. The updated Consumertronics Web site has a variety of interesting products (the $3 paper catalog is a good read too). In past written correspondence with Mr. Williams, he has provided a considerable amount of technical details about his products.

I'm currently looking for first hand, real-world accounts of a monitoring device actually being used to gather intelligence (not in a demonstration). PGP-encrypted e-mail through anonymous remailers or nym servers perferred.

Do It Yourself Shielding Sources

After you've read Grady's paper…

If you're handy with a soldering iron, Nelson Publishing produces something called the EMI/RFI Buyers' Guide. This is a comprehensive list of sources for shielding material, ferrites, and other radio frequency interference and electromagnetic interference type products. There's even listings for TEMPEST products and consultants. Unfortunately, most of the sources don't have links. But company names, addresses, and phone/FAX numbers are supplied.

A more general electronics manufacturer data base is electroBase. They have over 7,800 manufacturers of all types listed.

There's an interesting product called Datastop Security Glass, that's advertised as the only clear EMF/RFI protection glass on the market. It's free of metal mesh, so has excellent optical clarity. This is the same stuff the FAA uses in air traffic control towers. Contact TEMPEST SECURITY SYSTEMS INC. for more details.

Just remember, effective emanation security begins with the physical environment. Unless you can shield the wiring (telephone lines, electrical wiring, network cables, etc.), all of the copper around your PC and in the walls isn't going to stop emanations from leaking to the outside world. In shielding, also remember that emanations can pass from one set of wires to another.

TEMPEST Hardware & Consulting

Here's some of the players in the billion dollar a year TEMPEST industry (this is by no means a complete list):

A truth in advertising note: Just because a piece of hardware is advertised as designed to meet NACSIM 5100A or designed to meet TEMPEST standards doesn't mean the device has gone through the rigorous TEMPEST certification process. Real TEMPEST hardware will clearly state it has been certified or endorsed.

US Government Information Sources

Department of Energy (DOE)

The Department of Energy is an extremely security conscious agency. A variety of their documents provide revealing glimpses of TEMPEST procedures.

While not TEMPEST-specific, the DOE's Computer Incident Advisory Capability (CIAC) has an interesting document called CIAC-2304 Vulnerabilities of Facsimilie Machines and Digital Copiers (PDF format). In it, TEMPEST threats to FAX machines and copiers are briefly discussed. There are several papers referenced, including:

DOE 5639.6A, Classified Automated Information System Security Program, July 15, 1994

DOE M 5639.6A-1, Manual of Security Requirements for the Classified Automated Information System Security Program, July 15, 1994

DOE 5300.2D, Telecommunications: Emission Security (TEMPEST), August 30, 1993

The DOE's Safeguards and Security Central Training Academy also has some relevant classified training courses.

The DOE apparently uses a company called DynCorp? to perform internal TEMPEST assessments.

National Institute of Standards and Technology (NIST)

In the 1989 Annual Report of the National Computer System Security and Privacy Advisory Board, NIST stated that TEMPEST is of lower priority in the private sector than other INFOSEC issues. It's fairly well known that NIST is influenced by the NSA, so this quote needs to be taken with a grain of salt.

NIST has a list of accredited laboratories that perform MIL-STD-462 (electromagnetic interference) testing. Some of these also do TEMPEST testing.

While a bit dated (1986), A GUIDELINE ON OFFICE AUTOMATION SECURITY has a few references to TEMPEST, as well as other computer security nuggets.

Brief mention of the Industrial TEMPEST program as well as contacts (may be dated).

National Security Agency (NSA)

The NSA publishes something called the Information Systems Security Products and Services Catalogue. It contains a list of TEMPEST compliant hardware (as well as other approved security products). The cost of the catalog is $15 for a single copy or $34 for a yearly subscription (four issues). Requests for this document should be addressed directly to:

The Superintendent of Documents U.S. Government Printing Office Washington, D.C. 20402

Unfortunately, several of the following classified documents can't be ordered:

Tempest Fundamentals, NSA-82-89, NACSIM 5000, National Security Agency, February 1, 1982 (Classified).

Guidelines for Facility Design and RED/BLACK Installation, NSA-82-90, NACSIM 5203, National Security Agency, June 30, 1982 (Classified).

R.F. Shielded Enclosures for Communications Equipment: General Specification, Specification NSA No. 65-6, National Security Agency Specification, October 30, 1964.

Tempest Countermeasures for Facilities Within the United States, National COMSEC Instruction, NACSI 5004, January 1984 (Secret).

Tempest Countermeasures for Facilities Outside the United States, National COMSEC Instruction, NACSI 5005, January 1985 (Secret).

National Security Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM) TEMPEST/2-95, RED/BLACK Installation Guidance 12 December 1995

State Department

While it's not hard to guess, the State Department uses TEMPEST equipment in foreign embassies. There's a position called a Foreign Service Information Management Technical Specialist - Digital, that pays between $30,000 to $38,000 a year. The ideal candidate should have a knowledge of TEMPEST standards as well as the ability to repair crypto hardware.

Along with cryptography, the export of TEMPEST standard hardware or devices for suppressing emanations is restricted by the International Traffic in Arms Regulations (ITAR). However, there is an exception in that: This definition is not intended to include equipment designed to meet Federal Communications Commission (FCC) commercial electro-magnetic interference standards or equipment designed for health and safety.

US Military Information Sources

Part of the government's mandate to reduce costs is to make information available online. While the average user doesn't have access to Milnet or Intelink, there are a variety of unclassified, military sources on the Internet that directly or indirectly relate to TEMPEST standards.

U.S. Navy

The Navy seems to be a further ahead then the other services in putting content online, including:

Chapter 16 of the Navy's AUTOMATED INFORMATION SYSTEMS SECURITY GUIDELINES manual is devoted to emanations security. Probably the most interesting section in this chapter deals with conducting a TEMPEST Vulnerability Assessment Request (TVAR). Completing the TVAR questionnaire provides some common sense clues as to how electronic security could be compromised.

Chapter 21 of the same manual deals with microcomputer security. Section 21.8 Emanations Security, reads: TEMPEST accreditation must be granted for all microcomputers which will process classified data, prior to actually processing the data. Your security staff should be aware of this and submit the TEMPEST Vulnerability Assessment Request (TVAR) to COMNISCOM. Microcomputers may be able to comply with TEMPEST requirements as a result of a TEMPEST telephone consultation, as permitted by COMNISCOM. Contact the Naval Electronic Security Engineering Center (NESSEC) for further information to arrange a TEMPEST telephone consultation. Use of a secure phone may be required and your request will be followed with written guidance. This leads one to believe that certain PC systems may not be as susceptible as others to emanations monitoring.

C5293-05 TEMPEST Control Officer Guidebook - Provides guidance to the individual assigned responsibility for TEMPEST implementation at a major activity. Unfortunately, not online, and likely classified.

NISE East Information Warfare-Protect Systems Engineering Division (Information Warfare-Protect Systems Engineering Division - Code 72) puts on a couple of TEMPEST related training courses, including Tempest Criteria for System/Facility Installation and Tempest Fundamentals. These are targeted toward Department of Defense personnel and civilian contractors who must comply with TEMPEST standards as part of their business.

The Reduction of Radio Noise Eminating from Personal Computers is a thesis topic at the Department of Electrical Engineering, Naval Postgraduate School.

U.S. Air Force

The Air Force's Rome Laboratory has produced a variety of interesting defense related systems. Some developments likely related to TEMPEST include:

In 1961 the Electromagnetic Vulnerability Laboratory was established.

In terms of emanation monitoring, circa 1965 - 70, a Wullenweber antenna (called the elephant's cage) is reputed to have done an excellent job of retrieving stray signals. While hardly a portable device, it does suggest the military was actively pursuing emanation monitoring during this period.

In 1964, Rome developed the AN/MSM-63 Electromagnetic Measurement Van (no information as to whether it just served a testing function, or could be used for surveillance).

In June of 1965, RADC a lightweight (350-pound) electromagnetic surveillance antenna was developed that was operationally equivalent or better than systems that were up to ten times larger and heavier. During that same year considerable progress was made in the area of reducing vulnerability to electromagnetic interference. Mr Woodrow W. Everett, Jr. was among personnel recognized for technological improvements in wave guides, electronic tube components, and greater electronic compatibility.

Other Air Force documents:

Ground-based Systems EMP Design Handbook, AFWL-NTYCC-TN-82-2, Air Force Weapons Laboratory, February 1982.

Systems Engineering Specification 77-4, 1842 EEG SES 77-4, Air Force Communications Command, January 1980.

U.S. Army

The U.S. Army Information Systems Engineering Command is headquartered at Fort Huachuca, Arizona. The Fort engages in a variety of spook-related activities. One of the classified documents that is referenced is:

AR 380-19-1, Control of Compromising Emanations 4 September 1990

The Army Corps of Engineers, Construction Engineering Research Laboratories, has been experimenting with low cost TEMPEST shielding technologies. Some revealing tidbits are described in their fact sheet.

The Army's White Sands Missle Range has a Test Support Division that does TEMPEST testing as well as other things. An interesting photo of the inside and outside of a test truck is shown.

Department of Defense

The Department of Defense's Defense Technical Information Center has information regarding the Collaborative Computing Tools Working Group (representatives from private sector and the intelligence and defense communities). The CWG put together some TEMPEST recommendations for video-conferencing products.

From a post to the Cypherpunks list in April of 1994, by Steve Blasingame:

An overview of TEMPEST can be found in DCA (Defense Communications Agency Circular 300-95-1, available from your nearest Federal Documents Depository / Government Library. The section of interest in is Volume 2, DCS Site and Building Information, sections SB4 & SB5, (Grounding,Shielding,HEMP). SB5 though not directly covering RFI/RF Emanation is devoted to shielding for high altitude electromagnetic pulse radiation (HEMP). The documents discuss Earth Electrode Systems, Fault Protection Systems, Lightning Protection Systems, Signal Reference Systems, and RFI containment, they also briefly discusses radio signal containment (TEMPEST) as well. This is a must-read for anyone wishing to keep their bits to themselves. Discussions of testing and validation methods are not discussed in the unclassified documents. I have included the references to the Secret/Classified documents for the sake of completeness. It is possible that some of them are by now de-classified, or may be requested through FOIA.

DA Pamphlet 73-1, Part One, 16 Oct 1992 (DRAFT) is an obscure document that discusses survivability and mission performance of military systems. The interesting thing in this pamphlet is a fairly detailed description of the military's Blacktail Canyon EMI/TEMPEST facility at Ft. Huachuca (Army facility located in Arizona). Physical specifications as well as electronic test equipment (portable and fixed) descriptions are provided. This document is worth quoting at length:

(g) Electromagnetic Interference/Tempest Test Facility. The Blacktail Canyon EMI/TEMPEST facility is located in a remote RF isolated area of Ft. Huachuca. The remote location provides a relatively low electromagnetic ambient environment which optimizes open-field testing. The facility location in conjunction with a 400 ft by 360 ft perimeter fence provides the degree of physical security required for mission tests. Testing can be accomplished in accordance with the following standards: EMI (MIL-STD-461C and MIL-STD-462 TEMPEST (NACSIM 5100A, NACSIM 5112 and KAG 30) and IEMC (MIL-STD-6051).

(1) Three EMI/TEMPEST test chambers include: a 44 ft long by 22 ft wide by 18 ft high anechoic chamber which provides 120 db of RF isolation and will accommodate military equipment up to the sizes of the HMMWV, CUCV, LAV, and M113 families a 26 ft long by 16 ft wide by 11.5 ft high TEMPEST/EMI chamber providing 100 db RF isolation and a 12 ft long by 10 ft wide by 11 ft high shielded room for testing of small items.

(2) Facility instrumentation suites consists of the following: two Dynamic Sciences, Inc. TEMPEST test systems providing automatic NACSIM and KAG testing requirements two automated AILTECH RFI/EMI data collection systems providing support to MIL-STD-461C/462 radiated and conducted emission testing from 20 Hz to 40 GHz an integrated EMI susceptibility system allowing RF illumination of equipment from 10KHz to 40 GHz and an extensive assortment of parallel element, rod, biconical, log periodic, and double ridge guide antennae, along with associated RF amplifiers and electric field probes which can provide RF illumination and detection capabilities across the 40 GHz spectrum relevant to the EMI/TEMPEST arena.

(3) The EMI/Rab data collection and TEMPEST systems provide sufficient portability to allow performance of EMI/TEMPEST tests at remote locations. Remote TEMPEST testing is also accommodated with two mobile vans. One van is equipped with a Watkins-Johnson manual TEMPEST measurement system. The remaining van houses a DSI 9000 series automated TEMPEST measurement system.

Other Defense Department documents:

MIL-STD-188-124, Grounding, Bonding, and Shielding for Common Long Haul/Tactical Communication Systems, U.S. Dept. of Defense, June 14, 1978.

MIL-HDBK-419, Grounding, Bonding, and Shielding for Electronic Equipments and Facilities, U.S. Dept. of Defense, July 1, 1981.

Physical Security Standards for Sensitive Compartmented Information Facilities (SCIF), Manual No. 50-3 Defense Intelligence Agency (For Official Use Only), May 2, 1980.

Design Practices for High Altitude Electromagnetic Pulse (HEMP Protection, Defense Communications Agency, June 1981.

EMP Engineering Practices Handbook, NATO File No. 1460-2, October 1977

Other Countries

The US isn't the only one playing the TEMPEST game. Here's some additional sources from various countries.

Canada

COMMUNICATIONS SECURITY ESTABLISHMENT PUBLICATIONS

COMSEC Installation Planning (TEMPEST Guidance and Criteria) (CID/09/7A), 1983, (English only)(Confidential)

Criteria for the Design, Fabrication, Supply, Installation and Acceptance Testing of Walk- In Radio Frequency Shielded Enclosures (CID/09/12A)(Unclassified

UK

The British Central Computer and Telecommunications Agency publishes a variety of computer security titles including:

TEMPEST: The Risk (Restricted) CCTA Library 0 946683 22 0 1989

Used TEMPEST

TEMPEST shielded computer equipment sometimes leaks out into the public in the form of surplus and scrap sales. This section is devoted to descriptions.

JC describes two shielded IBM PC cases he picked up from a scrap dealer for $35 each (unfortunately they had already sold the printers and monitors). The cases were labeled EMR XT SYSTEM UNIT (on the front), with a model number of 4455 1 (on the back). The cases are similar to a standard IBM XT case, except depper toward the back, so a filter bank and power supply baffle could be installed. The top is bolted down, requiring an allen wrench to remove. The top part of the case has a gasket groove for the brass colored RF gasket, and the mating surface is a finished in anodized aluminum. The top appears to be a cast aluminum plate. Each of the ports in the rear has a filter, unused ports have a metal blocking cover that mates to the case and make a good eletrical contact.

W.J. Ford Surplus Enterprises had the following printer for sale in December 1996:

LASER PRINTER Make:MITEK Model:100T 300 X 300 DPI LASER PRINTER WITH LETTER SIZE PAPER TRAY, 8 PPM, MEETS NACSIM TEMPEST SPECS, C.W. OWNER'S MANUAL (TONER CARTRIDGE NOT INCL.) Dimensions: 19.00w x 16.00h x 16.50d 1.00 on hand, No Graphic on file, Item No.:1208 RAMP Price: $ 250.00

Non-TEMPEST computer surveillance

In researching TEMPEST topics, sometimes I run into little-known tidbits that relate to possible computer surveillance techniques.

Infrared Ports

The Department of Energy Information Systems Security Plan has an interesting section titled, 8.5 Wireless Communications (Infrared Ports). It states:

The use of wireless communications (infrared) ports found on most PPCs to interface with printers and other peripheral devices is strictly forbidden when processing classified information. These ports must be disabled on all accredited PPCs and peripherals by covering the window with a numbered security seal or physically removing the infrared transmitter.

Disclaimer: I've never been involved with the TEMPEST community, had a security clearance for TEMPEST, or have access to classified material relating to TEMPEST. The information on this page is completely derived from publicly available, unclassified sources.

revision history

  • 12/17/96 - original document
  • 12/18/96 - added link to van Eck follow-up article, shielding comments
  • 12/21/96 - reorganization and additional comments about Rome Lab, ZONE, DOE, non-TEMPEST
  • 12/22/96 - added Smulders paper
  • 01/02/97 - added Compliance Engineering, additional NIST, Navy, Canada, Used, and paper sources
  • 01/08/97 - added UK, patents
  • 01/11/97 - added DA Pamphlet 73-1/Blacktail test facility, Army, COMPUTERWOCHE, EMC, HAL, Austest, Racal, Compucat, Nisshinbo
  • 02/02/97 - added Naval Postgraduate School, EMC FAQ, Conductive Coatings, GEC Marcon, AFC, Corps of Engineers, Ford Surplus, GTE, ECM job list, White Sands, Cortron, Veda, Emcon
  • 02/14/97 - added DEFCON goodies to Used
  • 02/18/97 - added Redefining Security report, Lynwood
  • 03/10/97 - added Datastop glass to shielding section
  • 03/21/97 - added Moller paper (from Phrack 44)

-eof-

©nXo/loteknologies


Libarynth > Libarynth Web > VanEck > AllYouEverWantedToKnowAboutTempest r1 - 21 Jul 2002 - 12:51


  • all_you_ever_wanted_to_know_about_tempest.txt
  • Last modified: 2007-06-08 00:05
  • by 127.0.0.1