Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tempest Emanations Jacklyn Truong University of Tulsa April 16, 2013.

Similar presentations


Presentation on theme: "Tempest Emanations Jacklyn Truong University of Tulsa April 16, 2013."— Presentation transcript:

1 Tempest Emanations Jacklyn Truong University of Tulsa April 16, 2013

2 Introduction Tempest emanations Electromagnetic waves emitted by electric devices Generated when device changes voltage of an electric current Can travel extensive distances through free space Travel distance can be extended by conductors Can be captured Tempest attacks Captured Tempest emanations can be deciphered to uncover processed data

3 History 1944 – Bell Labs stumble upon Tempest emanations Bell Labs provided US Military with mixing devices called 131-B2 Used with a rotor key generator to encrypt messages Each step of the mixing device caused a frequency pattern to appear on an oscilloscope Found that the frequency pattern revealed the plaintext of the encrypted messages Findings reported to the US Military US Military was skeptical Bell Labs performed a test to prove threat Recorded signals from 80 feet away from the Signal Corps’ Varick Street cryptocenter Produced 75% of the plaintext being processed

4 History Bell Labs directed to develop suppression methods Bell Labs’ suppression methods: Shielding Prevent Tempest emanations through free space and magnetic fields Filtering Prevent compromising emanations from traveling through conductors Masking Purposely create electrical noise to drown out compromising emanations

5 History US Military’s Response Modified device was bulky and required too much maintenance Established control zones 100 feet in diameter Ended research on Tempest emanations

6 History 1951 – CIA rediscovered the 131-B2 and Tempest emanations NSA picked up project in an attempt to find new suppression methods 1953 – Policy required all US cryptocenters to either: Establish a control zone, 400 feet in diameter Implement masking Apply for a waiver based on operational necessity 1954 – Soviets published a set of standards for the suppression of radio frequency interference

7 History 1960 – British intelligence agency accidently discovered Tempest emanations in a similar manner to Bell Lab’s discovery 1985 – Wim van Eck published a paper demonstrating how contents from a CRT could be extracted using low-cost equipment First major public description of Tempest emanations Van Eck phreaking

8 Executing a Tempest Attack Use a wide-band receiver tuned to a specific frequency 1.Determine what frequency to be listening in on Scan entire frequency range and extract plaintext of emanation according to its amplitude/frequency modulation 2.Improve signal-to-noise ratio Use narrow-band antennas and filters 3.Intercept emanations and deduce plaintext

9 Present-Day Tempest Attacks CRT Monitors Electron beam strikes screen at various intensities to generate different pixels The electric signal that drives the electron beam emits Tempest emanations Pixels updated one at a time LCD Monitors Pixels updated row by row No deflection coils – low radiation Operate on low voltages Still vulnerable DVI cable Configurations

10 Present-Day Tempest Attacks Keyboards Each keystroke causes the voltage of the electric current being sent to the computer to change Tempest Viruses Theoretical (Ross J. Anderson) Infiltrate machine and automatically transmit retrieved information to a hidden radio receiver nearby

11 Tempest Emanations and Businesses Tempest Emanations Difficult to suppress Surpasses advanced encryption algorithms The business environment consists of many electronic devices emitting Tempest emanations Sensitive information at risk Personal information Financial information Customer information Login information Encryption/decryption keys

12 Mitigation Modify devices 1955 – NSA modified teletypewriters to transmit character data all at once Resulted in one large (oscilloscope) “spike” per character instead of five Reduce voltage Weaker emanations Soft Tempest Font Markus Kuhn and Ross Anderson Free Minimize strength of compromising emanations Readable on a computer monitor, but not across Tempest emanations

13 Mitigation Soft Tempest Font

14 Mitigation Shield Individual machines Faraday cage Apply filters Mask – drown out emanations by generating electrical noise Physically separate machines (classified and unclassified) Encrypt signal being sent HDCP – High bandwidth Digital Content Protection LCD Monitors Lower refresh rate

15 Conclusion Initially very difficult to suppress Some methods are expensive Modifying devices Faraday cages Physically separating machines Moving forward Encrypt signal being sent

16 References [1] D. G. Boak, “A History of U.S. Communications Security,” NSA, Ft. George G. Meade, MD, Rep. MDR-54498, 1973, vol. 1 and 2. [2] M. G. Kuhn and R. J. Anderson, D. Aucsmith, "Soft tempest: Hidden data transmission using electromagnetic emanations", Information Hiding: 2nd Int. Workshop, vol. 1525, pp :Springer-Verlag [3] M. Pellegrini. (2008, April 29). Declassified NSA Document Reveals the Secret History of TEMPEST [Online]. Available: [4] B. Koops, The Crypto Controversy: A Key Conflict in the Information Society, Kluwer Law International, 1999, pp [5] R. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley Computer Publishing, New York, 2001, pp [6] Dynamic Sciences International, Inc. (2012). R-1550A TEMPEST Receiver [Online]. Available: [7] M. Vuagnoux and S. Pasini. "Compromising electromagnetic emanations of wired and wireless keyboards," In proceedings of the 18th USENIX Security Symposium, pages 1-16, Montreal, Canada, USENIX Association. [8] J. Loughry and D. A. Umphress. Information leakage from optical emanation. ACM Transactions on Information and Systems Security, 5(3): , [9] Introni (2012). La Crittografia [Online]. Available:

17 Questions?


Download ppt "Tempest Emanations Jacklyn Truong University of Tulsa April 16, 2013."

Similar presentations


Ads by Google