1993-03-26 - TEMPEST in a teapot

Header Data

From: grady@public.btr.com (Grady Ward grady@btr.com)
To: Cypherpunks@toad.com
Message Hash: a8ad05a7577241d3b278fae292386341b5e83d4a521825066aed30a6b5368fd3
Message ID: <9303261417.AA04493@public.btr.com.BTR.COM>
Reply To: N/A
UTC Datetime: 1993-03-26 14:18:43 UTC
Raw Date: Fri, 26 Mar 93 06:18:43 PST

Raw message

From: grady@public.btr.com (Grady Ward  grady@btr.com)
Date: Fri, 26 Mar 93 06:18:43 PST
To: Cypherpunks@toad.com
Subject: TEMPEST in a teapot
Message-ID: <9303261417.AA04493@public.btr.com.BTR.COM>
MIME-Version: 1.0
Content-Type: text/plain



TEMPEST in a teapot

A note discussing the prevention of electromagnetic eavesdropping
of personal computers.

Grady Ward   <grady@netcom.com>
public key verification by PK server, finger, or by request

Version 1.0   22 March 93

 TEMPEST is the code name for technology related to limiting unwanted
electromagnetic emissions from data processing and related equipment.
Its goal is to limit an opponent's capability to collect information about
the internal data flow of computer equipment. Most information concerning
TEMPEST specifications is classified by the United States Government and
is not available for use by its citizens.

 The reason why TEMPEST technology is particularly important for
computers and other data processing equipment is the kinds of signals
components in a computer use to talk to each other ("square waves") and
their clock speeds (measured in megahertz) produce a particularly rich set
of unintentional signals in a wide portion of the electromagnetic spectrum.
Because the spurious emissions occupy so wide a portion of that spectrum,
technologies used to block one portion of the spectrum (as pulling the shades 
closed on a window to stop the visible light portion) are not necessarily
effective in another portion.

 Unintentional emissions from a computer system can be captured and
processed to reveal information about the target systems from simple
levels of activity to even remotely copying keystrokes or capturing
monitor information. It is speculated that poorly protected systems can
be effectively monitored up to the order of one kilometer from the target
equipment.

 This note will examine some practical aspects of reducing the
susceptibility of your personal computer equipment to remote monitoring
using easily-installed, widely available after-market components.


I

 One way of looking at TEMPEST from the lay person's point-of-view is
that it is virtually identical to the problem of preventing electromagnetic
interference ("EMI") by your computer system to others' radios, televisions,
or other consumer electronics. That is, preventing the emission of wide-band
radio "hash" from your computers, cabling, and peripherals both prevents
interference to you and your neighbors television set and limits the useful
signal available to a person surreptitiously monitoring.

 Viewing the problem in this light, there are quite a few useful documents
available form the government and elsewhere attacking this problem and
providing a wealth of practical solutions and resources. Very useful for the
lay person are:

Radio Frequency Interference: How to Find It and Fix It. Ed Hare, KA1CV
and Robert Schetgen, KU7G, editors
The American Radio Relay League, Newington , CT
ISBN 0-87259-375-4  (c) 1991, second printing 1992

Federal Communications Commission Interference Handbook 
(1991)
FCC Consumers Assistance Branch
Gettysburg, PA  17326
717-337-1212
and
MIL-STD-188-124B in preparation
(includes information on military shielding of tactical 
communications systems)
Superintendent of Documents
US Government Printing Office
Washington, DC  20402
202-783-3238

Information on shielding a particular piece of consumer 
electronic equipment may be available from the:

Electronic Industries Association (EIA)
2001 Pennsylvania Ave NW
Washington, DC  20006


 Preventing unintended electromagnetic emissions is a relative term.
It is not feasible to reduce to zero all unintended emissions. My personal
goal, for example, might be to reduce the amount and quality of spurious
emission until the monitoring van a kilometer away would have to be in my
front yard before it could effectively eavesdrop on my computer. Apartment
dwellers with unknown neighbors only inches away (through a wall) might
want to even more carefully adopt as many of the following suggestions as
possible since signal available for detection decreases as approximately the
inverse square of the distance from the monitoring equipment to your computer.


II

Start with computer equipment that meets modern standards for emission.

 In the United States, the "quietest" standard for computers and peripherals
is known as the "class B" level. (Class A level is a less stringent standard for
computers to be use in a business environment.).

 You want to verify that all computers and peripherals you use meet the class B
standard which permits only one-tenth the power of spurious emissions than the
class A standard. If you already own computer equipment with an FCC ID, you
can find out which standard applies. Contact the FCC Consumers Assistance
Branch at 1-717-337-1212 for details in accessing their database.

 Once you own good equipment, follow the manufacturer's recommendations
for preserving the shielding integrity of the system. Don't operated the system
with the cover off and keep "slot covers" in the back of the computer in place.


III

Use only shielded cable for all system interconnections.

 A shielded cable surrounds the core of control wires with a metal braid or
foil to keep signals confined to that core. In the late seventies it was common
to use unshielded cable such as "ribbon" cable to connect the computer with, 
say, a diskette drive. Unshielded cable acts just like an antenna for signals
generated by your computer and peripherals. Most computer manufacturer
supply shielded cable for use with their computers in order to meet FCC
standards. Cables bought from third-parties are an unknown and should be
avoided (unless you are willing to take one apart to see for yourself!)
	
 Try to avoid a "rat's nest" of wire and cabling behind your equipment and
by keeping all cables as short as possible. You want to reduced the length of
unintended antennas and to more easily predict the likely paths of electric
and magnetic coupling from cable to cable so that it can be more effectively
filtered.


IV

Block radiation from the power cord(s) into the house wiring.

 Most computers have an EMI filter built into their body where the AC
line cord enters the power supply. This filter is generally insufficient to
prevent substantial re-radiation of EMI voltages back into the power wiring
of your house and neighborhood. To reduce the power retransmitted down
the AC power cords of your equipment, plug them in to special EMI filters
that are in turn plugged into the wall socket. I use a model 475-3
overvoltage and EMI filter manufactured by

Industrial Communication Engineers, Ltd.
P.O. Box 18495
Indianapolis, IN  46218-0495
1-800-ICE-COMM
ask for their package of free information sheets

 (AC and other filters mentioned in this note are available from a wide
variety of sources including, for example, Radio Shack. I am enthusiastic
about ICE because of the "over-designed" quality of their equipment.
Standard disclaimers apply.)
 This particular filter from ICE is specified to reduce retransmission of
EMI by a factor of at least 1000 in its high-frequency design range. Although
ideally every computer component using an AC line cord ought to be filtered,
it is especially important for the monitor and computer CPU to be filtered in
this manner as the most useful information available to opponents is believed
to come from these sources.


V

Block retransmitted information from entering your fax/modem or telephone
line.

 Telephone line is generally very poorly shielded. EMI  from your computer
can be retransmitted directly into the phone line through your modem or can
be unintentionally picked up by the magnetic portion of the EMI spectrum
through magnetic induction from power supplies or the yoke of your cathode
ray tube "CRT" monitor.

 To prevent direct retransmission, EMI filters are specifically designed for
modular telephone jacks to mount at the telephone or modem, and for
mounting directly at the service entrance to the house.

 Sources of well-designed telephone-line filter products include ICE
(address above) and

K-COM
Box 82
Randolph, OH  44265
216-325-2110

 Your phone company or telephone manufacturer may be able to supply
you with free modular filters, although the design frequencies of these
filters may not be high enough to be effective through much of the EMI 
spectrum of interest. Keep telephone lines away from power supplies of
computers or peripherals and the rear of CRTs:  the magnetic field often
associated with those device can inductively transfer to unshielded lines
just as if the telephone line were directly electrically connected to them. 
Since this kind of coupling decreases rapidly with distance, this kind of
magnetic induction can be virtually eliminated by keeping as much distance
(several feet or more) as possible between the power supply/monitor yoke
and cabling.


VI

 Use ferrite toroids and split beads to prevent EMI from escaping on
the surface of your cables.

 Ferrites are magnetic materials that,  for certain ranges of EMI
frequencies, attenuate the EMI by causing it to spend itself in heat in
the material rather than continuing down the cable. They can be applied
without cutting the cable by snapping together a "split bead" form over
a thick cable such as a power cord or by threading  thinner cable such as
telephone several times around the donut-shaped ferrite form. Every cable
leaving your monitor, computer, mouse, keyboard, and other computer
peripherals should have at least one ferrite core attentuator. Don't forget
the telephone lines from your fax, modem, telephone or the unshielded DC
power cord to your modem. Ferrites are applied as close to the EMI emitting
device as possible so as to afford the least amount of cable that can act as
an antenna for the EMI.


Good sources for ferrite split beads and toroids include

Amidon Associates, Inc.
P.O. Box 956
Torrance, CA  90508
310-763-5770
(ask for their free information sheet)

Palomar Engineers
P.O. Box 462222
Escondido, CA  92046
619-747-3343
(ask for their free RFI information sheet)

and Radio Shack.


VII

Other practical remedies.

 Other remedies that are somewhat more difficult to correctly apply
include providing a good EMI "ground" shield for your computer equipment
and other more intrusive filters such as bypass capacitor filters.

 You probably ought not to think about adding bypass capacitors unless you
are familiar with electronic circuits and digital design. While quite effective,
added improperly to the motherboard or cabling of a computer they can
"smooth out" the square wave digital waveform -- perhaps to the extent
that signals are interpreted erroneously causing mysterious "crashes" of
your system. In other cases, bypass capacitors can cause unwanted parasitic
oscillation on the transistorized output drivers of certain circuits which
could damage or destroy those circuits in the computer or peripherals. Also,
unlike ferrite toroids, adding capacitors requires actually physically splicing
them in or soldering them into circuits. This opens up the possibility of
electric shock, damage to other electronic components or voiding the
warranty on the computer equipment.

 A good EMI ground is difficult to achieve. Unlike an electrical safety ground,
such as the third wire in a three-wire AC power system, the EMI ground
must operate effectively over a much wider part of the EMI spectrum. This 
effectiveness is related to a quality known as electrical impedance. You
desire to reduce the impedance to as low a value as possible over the entire
range of EMI frequencies. 
	
 Unlike the AC safety ground, important factors in achieving low impedance
include having as short a lead from the equipment to a good EMI earth ground
as possible (must be just a few feet); the gauge of the connecting lead (the
best EMI ground lead is not wire but woven grounding "strap" or wide copper
flashing sheets; and the physical coupling of the EMI into the actual earth
ground. An 8 ft. copper-plated ground may be fine for AC safety ground, but
may present appreciable impedance resistance to an EMI voltage. Much better
would be to connect a network of six to eight copper pipes arranged in a
six-foot diameter circle driven in a foot or two into the ground, electrically
bonded together with heavy ground strap and connected to the equipment to be
grounded via a short (at most, several feet), heavy (at least 3/4-1" wide)
ground strap.
	
 If you can achieve a good EMI ground, then further shielding possibilities
open up for you such as surrounding your monitor and computer equipment in
a wire-screen Faraday cage. You want to use mesh rather than solid sheet
because you must preserve the free flow of cooling air to your equipment.
Buy aluminum (not nylon) screen netting at your local hardware store. This
netting typically comes in rolls 36" wide by several feet long. Completely
surround your equipment you want to reduce the EMI being careful to make 
good electrical bonds between the different panels of netting and your good
earth ground. I use stainless steel nuts, bolts, and lock washers along with
special non-oxidizing electrical paste (available from Electrical contractors 
supply houses or from ICE) to secure my ground strapping to my net "cages".
A good Faraday cage will add several orders of magnitude of EMI attenuation
to your system.


VIII

Checking the effectiveness of your work.

 It is easy to get a general feeling about the effectiveness of your
EMI shielding work with an ordinary portable AM radio. Bring it very
close to the body of your computer and its cables in turn. Ideally, you
should not hear an increased level of static. If you do hear relatively
more at one cable than at another, apply more ferrite split beads or
obtain better shielded cable for this component. The practice of determining
what kind of operating system code is executing by listening to a nearby
AM radio is definitely obsolete for an well-shielded EMI-proof system!

 To get an idea of the power and scope of your magnetic field emissions,
an ordinary compass is quite sensitive in detecting fields. Bring a compass
within a few inches of the back of your monitor and see whether it is
deflected. Notice that the amount of deflection decreases rapidly with 
distance. You want to keep cables away from magnetic sources about as
far as required not to see an appreciable deflection on the compass.


VIIII

Summary

 If you start with good, shielded equipment that has passed the FCC
level B emission standard then you are off to a great start. You may
even be able to do even better with stock OEM equipment by specifying
"low-emission" monitors that have recently come on the market in
response to consumer fears of extremely low frequency ("ELF") and
other electromagnetic radiation. Consistently use shielded cables, apply
filtering and ferrite toroids to all cabling entering or leaving your computer
equipment. Finally, consider a good EMI ground and Faraday cages. Beyond
this there are even more effective means of confining the electrical and
magnetic components of your system through the use of copper foil 
adhesive tapes, conductive paint sprays, "mu metal" and other less common
components.

Copyright (c) 1993 by Grady Ward. All Rights Reserved.
Permission is granted for free electronic distribution.





Thread