1998-02-10 - Re: TEMPEST

Header Data

From: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk>
To: Jim Choate <ravage@ssz.com>
Message Hash: 616626705a0d6bec7b14c39e92fe9a30081215c88482b4aa8e2c4a2a0c2e9ab0
Message ID: <E0y24lM-0001NQ-00@heaton.cl.cam.ac.uk>
Reply To: <199802092316.RAA24851@einstein.ssz.com>
UTC Datetime: 1998-02-10 01:52:39 UTC
Raw Date: Tue, 10 Feb 1998 09:52:39 +0800

Raw message

From: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk>
Date: Tue, 10 Feb 1998 09:52:39 +0800
To: Jim Choate <ravage@ssz.com>
Subject: Re: TEMPEST
In-Reply-To: <199802092316.RAA24851@einstein.ssz.com>
Message-ID: <E0y24lM-0001NQ-00@heaton.cl.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain

Jim Choate wrote on 1998-02-09 23:16 UTC:
> The screen grid is where the dot clock goes to modulate the e-beam, or is
> your claim we're going to modulate the filament directly?

Ok, now I understand what you where talking about. Sorry, this was just a very
silly language misunderstanding (my knowledge of CRTs is based on
German vocabulary, so I mixed up "screen grid" and "mask" and was surprised
to read that you seemed to claim that the per-pixel on-off modulation
that van Eck described for his old-style terminals in fig 8c of his
C&S paper is still there in the form of current interruptions caused
by mask holes ... I hope you can understand my surprise ... ;-).
Forget everything I wrote about "screen grid modulation" in my last
reply, I fully agreed with you here.

> If your getting your signal off the harmonics you're doing it the hard way.
> Go back and re-read your texts on Fourier Transforms and then do a
> power-spectrum analysis on the signals to the tube; what you will find is
> that the primary frequencies get the majority of the signal (eg 1st harmonic
> of a square wave (ie a dot clock) only gets, at best, 1/3 of the energy of
> the primary).

But this is not necessarily, where the the monitor resonates nicely.
Van Eck has reported very similar results in his paper: His VDU
had a dot clock of 11 MHz and he got nice resonance peaks near 125
and 210 MHz.

> A very effective method to confuse Van Eck is to have several monitors
> sitting next to each other with different displays. A more active display
> is much more effective than one that is static (eg. such as a person typing
> in an email to cypherpunks).

If you have only a van Eck style receiver, yes. But as soon as you record
the reception over some time and observe the images phases to drift only
slightly against each other, you might be able to separate them using
similar processing techniques as used in computer tomography.


Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK
email: mkuhn at acm.org,  home page: <http://www.cl.cam.ac.uk/~mgk25/>