Compromising emanations consist of electrical or acoustical energy intentionally or by mishap unintentionally emitted by any number of sources within equipment/systems which process national security information. This energy may relate to the original encrypted message, or information being processed, in such a way that it can lead to recovery of the plaintext. Laboratory and field tests have established that such CE can be propagated through space and along nearby conductors. The interception/propagation ranges and analysis of such emanations are affected by a variety of factors, e.g., the functional design of the information processing equipment; system/equipment installation; and, environmental conditions related to physical security and ambient noise. The term "compromising emanations" rather than "radiation" is used because the compromising signals can, and do, exist in several forms such as magnetic- and/or electric-field radiation, line conduction, or acoustic emissions.
The term TEMPEST is often used broadly for the entire field of Emission Security or Emanations Security (EMSEC). The term TEMPEST was coined in the late 60's and early 70's as a codename for the NSA operation to secure electronic communications equipment from potential eavesdroppers and vice versa the ability to intercept and interpret those signals from other sources.
The U.S. government has stated that the term TEMPEST is not an acronym and does not have any particular meaning, however various backronyms have been suggested, laconically, including "Transmitted Electro-Magnetic Pulse / Energy Standards & Testing" "Telecommunications ElectroMagnetic Protection, Equipments, Standards & Techniques", "Transient ElectroMagnetic Pulse Emanation STandard and "Telecommunications Electronics Material Protected from Emanating Spurious Transmissions or, jokingly, Tiny ElectroMagnetic Particles Emitting Secret Things.
Additional standards include:
All these documents remain classified and no published information is available about the actual emission limits and detailed measurement procedures that they define. However, some very basic TEMPEST information has not been classified information in the United States since 1995. Short excerpts from the main U.S. TEMPEST test standard, NSTISSAM TEMPEST/1-92, are now publicly available, but all the actual emanation limits and test procedures have been redacted from the published version. A redacted version of the introductory TEMPEST handbook NACSIM 5000 was publicly released in December 2000. Equally, the NATO standard SDIP-27 (before 2006 known as AMSG 720B, AMSG 788A, and AMSG 784) is still classified.
The United States Army also has a TEMPEST testing facility, as part of the U.S. Army Information Systems Engineering Command, at Fort Huachuca, Arizona. Similar lists and facilities exist in other NATO countries.
TEMPEST certification must apply to entire systems, not just to individual components, since connecting a single unshielded component (such as a cable) to an otherwise secure system could easily make it radiate dramatically more RF signal. This means that users who must specify TEMPEST certification could pay much higher prices, for obsolete hardware, and be severely limited in the flexibility of configuration choices available to them. A less-costly approach is to place the equipment in a fully shielded room.
Markus Kuhn discovered several low-cost software techniques for reducing the chances that emanations from computer displays can be monitored remotely. With CRT displays and analogue video cables, filtering out high-frequency components from fonts before rendering them on a computer screen will attenuate the energy at which text characters are broadcast. With modern flat-panel displays, the high-speed digital serial interface (DVI) cables from the graphics controller are a main source of compromising emanations. Adding random noise to the less significant bits of pixel values may render the emanations from flat-panel displays unintelligible to eavesdroppers but is not a secure method. Since DVI uses a certain bit code scheme for trying to transport an evenly balanced signal of 0 and 1 bits there may not be much difference between two pixel colours that differ very much in their colour or intensity. It may also be that the generated emanations may differ totally even if only the last bit of a pixel's colour is changed. The signal received by the eavesdropper does also depend on the frequency where he detects the emanations. The signal can be received on many frequencies at once and each frequency's signal differs in contrast and brightness related to a certain colour on the screen. Usually, the technique of smothering the RED signal with noise is not effective unless the power of the noise is sufficient to drive the eavesdropper's receiver into saturation and thus overwhelming the receiver input. Otherwise, the covering noise must be on the order of 200 decibels higher than the RED signal.
Tempest Telecom Solutions Appoints Industry Veteran, Darlene Braunschweig, as President of Its DAS and Small Cell Division
Oct 17, 2012; By a News Reporter-Staff News Editor at Telecommunications Weekly -- tempest Telecom Solutions, LLC, a leading supplier of...