1992-10-20 - Tempest.

Header Data

From: nobody@soda.berkeley.edu
To: cypherpunks@toad.com
Message Hash: a7121e6b58f5793e8ce72a9ffb013118c78d58b101b27a1b146700db360f8607
Message ID: <9210201452.AA01970@soda.berkeley.edu>
Reply To: N/A
UTC Datetime: 1992-10-20 14:52:54 UTC
Raw Date: Tue, 20 Oct 92 07:52:54 PDT

Raw message

From: nobody@soda.berkeley.edu
Date: Tue, 20 Oct 92 07:52:54 PDT
To: cypherpunks@toad.com
Subject: Tempest.
Message-ID: <9210201452.AA01970@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Re TEMPEST technology:

(Note that TEMPEST is the technology for _protection_ against electronic
eavesdropping on your computer emissions.  There is presumably a code
word for performing such snooping, but it must be secret.)

I've read that the worst emitter is your CRT screen.  In fact, they
say that you can sometimes put a TV-type monitor next to your computer
monitor and get a faint, ghosty image of your CRT screen on the second
monitor.  If you get this much without any amplification, it's under-
standable that high-quality equipment can pick up an image from a
greater distance.

The best way to avoid this, IMO, is to use a laptop.  The LCD display
of a laptop does not use the large electromagnetic fields that a CRT
display does.  Laptops also use lower power levels in general so they
should emit less.

I don't really know whether the "raw" CPU activity of your computer could
be picked up and interpreted at a distance.  With as many different
signals as there are on the address and data busses, along with all
the other wires you have, I can't really see how anything meaningful
could be picked up with remote monitoring.  It would seem that they'd
be totally jumbled.

So, for BBS use, where the system is operating automatically, I'd say
that it would be OK as long as you don't display any cleartext or
key/password information on the screen.  You could just turn the monitor
off when it's operating.  For home use, a laptop has the advantage that
it can have greater physical security (because it's smaller and more
portable), you can carry your decryption keys with you, you can download
to it at work or school and decrypt without trusting the multi-user
systems they have there, and it should be relatively immune to electro-
magnetic snooping.

Hal
74076.1041@compuserve.com






Thread