Abstract
Nearly half a century ago, military organizations introduced “Tempest” emission-security test standards to control information leakage from unintentional electromagnetic emanations of digital electronics. The nature of these emissions has changed with evolving technology; electromechanic devices have vanished and signal frequencies increased several orders of magnitude. Recently published eavesdropping attacks on modern flat-panel displays and cryptographic coprocessors demonstrate that the risk remains acute for applications with high protection requirements. The ultra-wideband signal processing technology needed for practical attacks finds already its way into consumer electronics. Current civilian RFI limits are entirely unsuited for emission security purposes. Only an openly available set of test standards based on published criteria will help civilian vendors and users to estimate and manage emission-security risks appropriately. This paper outlines a proposal and rationale for civilian electromagnetic emission-security limits. While the presented discussion aims specifically at far-field video eavesdropping in the VHF and UHF bands, the most easy to demonstrate risk, much of the presented approach for setting test limits could be adapted equally to address other RF emanation risks.
Chapter PDF
References
van Eck, W.: Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? Computers & Security 4, 269–286 (1985)
Kuhn, M.G.: Compromising emanations: eavesdropping risks of computer displays. Technical Report UCAM-CL-TR-577. University of Cambridge, Computer Laboratory (December 2003), http://www.cl.cam.ac.uk/TechReports/
Kuhn, M.G.: Electromagnetic Eavesdropping Risks of Flat-Panel Displays. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 88–107. Springer, Heidelberg (2005)
Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)
National Security Telecommunications and Information Systems Security Advisory Memorandum NSTISSAM TEMPEST/1-92: Compromising Emanations Laboratory Test Requirements, Electromagnetics. National Security Agency, Fort George G. Meade, Maryland, December 15 (1992), Partially declassified transcript: http://cryptome.org/nsa-tempest.htm
NACSIM 5000: Tempest Fundamentals. National Security Agency, Fort George G. Meade, Maryland (February 1982), Partially declassified transcript: http://cryptome.org/nacsim-5000.htm
National Security Telecommunications and Information Systems Security Advisory Memorandum NSTISSAM TEMPEST/2-95: RED/BLACK Installation Guidance. National Security Agency, Fort George G. Meade, Maryland, 12 December (1995), Transcript: http://cryptome.org/tempest-2-95.htm
National COMSEC/EMSEC Information Memorandum NACSEM-5112: NONSTOP Evaluation Techniques. National Security Agency, Fort George G. Meade, Maryland (April 1975), Partially declassified transcript: http://cryptome.org/nacsem-5112.htm
National Security Telecommunications and Information Systems Security Instruction NSTISSI No. 7000: TEMPEST Countermeasures for Facilities. National Security Agency, Fort George G. Meade, Maryland, November 29 (1993), Partially declassified transcript: http://cryptome.org/nstissi-7000.htm
Specification NSA No. 94-106: Specification for Shielded Enclosures. National Security Agency, Fort George G. Meade, Maryland, October 24 (1994), Transcript: http://cryptome.org/nsa-94-106.htm
TCO’99 – Mandatory and recommended requirements for CRT-type Visual Display Units (VDUs). Swedish Confederation of Professional Employees (TCO) (1999), http://www.tcodevelopment.com/
Procedure for Measurement of Emissions of Electric and Magnetic Fields from VDUs from 5 Hz to 400 kHz. European Computer Manufacturers Association, Standard ECMA-172 (June 1992) (also IEEE Std 1140-1994)
Information technology equipment – Radio disturbance characteristics – Limits and methods of measurement. CISPR 22, International Electrotechnical Commission (IEC), Geneva (1997) (also EN 55022)
Specification for radio disturbance and immunity measuring apparatus and methods. CISPR 16, International Electrotechnical Commission (IEC), Geneva (2000)
Requirements for the Control of Electromagnetic Interference Characteristics of Subsystems and Equipment. MIL-STD-461E, US Department of Defense, Interface Standard, August 20 (1999)
Perez, R. (ed.): Handbook of Electromagnetic Compatibility. Academic Press, London (1995)
IEEE Standard for the Measurement of Impulse Strength and Impulse Bandwidth, ANSI/IEEE Std 376-1975
Radio noise. Recommendation ITU-R P.372-7, International Telecommunication Union, Geneva (2001)
Propagation data and prediction methods for the planning of indoor radiocommunication systems and radio local area networks in the frequency range 900 MHz to 100 GHz. Recommendation ITU-R P.1238-2, International Telecommunication Union, Geneva (2001)
Hashemi, H.: The Indoor Radio Propagation Channel. Proceedings of the IEEE 81(7), 943–968 (1993)
Rice, L.P.: Radio Transmission into Buildings at 35 and 150 mc [MHz]. Bell System Technical Journal 38(1), 197–210 (1959)
Zimmermann, M., Dostert, K.: A Multipath Model for the Powerline Channel. IEEE Transactions on Communications 50(4), 553–559 (2002)
Rothammel, K., Krischke, A.: Rothammels Antennenbuch. Franckh-Kosmos, Stuttgart (1995)
Test & Measurement Catalog 2001. Agilent Technologies, USA (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kuhn, M.G. (2005). Security Limits for Compromising Emanations. In: Rao, J.R., Sunar, B. (eds) Cryptographic Hardware and Embedded Systems – CHES 2005. CHES 2005. Lecture Notes in Computer Science, vol 3659. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11545262_20
Download citation
DOI: https://doi.org/10.1007/11545262_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28474-1
Online ISBN: 978-3-540-31940-5
eBook Packages: Computer ScienceComputer Science (R0)