1998-11-01 - Re: TEMPEST laptops

Header Data

From: Tim May <tcmay@got.net>
To: cypherpunks@cyberpass.net
Message Hash: 8eab4718096a1f3bf5c354cf46b14b99a9a2f0d6d1b761eb96aca76fab62e833
Message ID: <v03130317b2624a87e7a4@[209.66.100.110]>
Reply To: <v03130315b2618c270619@[209.66.100.110]>
UTC Datetime: 1998-11-01 18:28:45 UTC
Raw Date: Mon, 2 Nov 1998 02:28:45 +0800

Raw message

From: Tim May <tcmay@got.net>
Date: Mon, 2 Nov 1998 02:28:45 +0800
To: cypherpunks@cyberpass.net
Subject: Re: TEMPEST laptops
In-Reply-To: <v03130315b2618c270619@[209.66.100.110]>
Message-ID: <v03130317b2624a87e7a4@[209.66.100.110]>
MIME-Version: 1.0
Content-Type: text/plain



At 4:38 AM -0800 11/1/98, John Young wrote:

>Tim has heretofore advised on TEMPEST measures and the
>latest are useful, and correspond to what's available in the
>commercial market and what is available in mil/gov pubs --
>many listed at Joel's site.
>

Understand that my comments are just some "common sense with a little bit
of physics" estimates, not direct knowledge of how best to shield laptops.

I worked inside a Faraday cage for several months--a cube about 12 feet on
a side made up of two layers of fine copper mesh separated by about 2
inches. We used ordinary radios to check the seal. We entered the room with
the radio on, closed the copper-gasketed door and then checked the AM and
FM bands with the volume cranked up. If all was well, we didn't even get
"static," just the characteristic internal/thermal/Johnson noise of the
radio circuitry.

(We were looking for signals from a Josephson junction in SQUID
(superconducting quantum-interferometric device) that were very, very weak
compared to ambient radio noise levels. We used a Princeton Applied
Research 124 lock-in amplifier and a boxcar amplifier. I surmise that the
effective shielding was very good. This was in 1972-3.)

Later, at Intel, a lab right next to mine had a Faraday cage around it.

Anyway, were I to try to shield a laptop I'd start with microwave leakage
meters, a couple of t.v.s and radio (of different types and bands), and
then I'd start recording signal levels of various sorts as different
shielding layers and types were applied to the laptop(s). Simple lab stuff.

I'd do this in preference to worrying about what some 1978 government docs
had to say about the subject. TEMPEST the specs are probably a mixture of
"RF shielding" tips and standards, and a mix of Van Eck radiation tuner
designs.

>We are working on our desktop model with a manufacturer
>who supplies RF-protected glass for government and industry
>rooms as well as for entire buildings. We figure that if we can
>make a workable model, we'll be able to use to demonstrate
>to our clients why TEMPEST protection is needed and how it
>can be accomplished in an elegant design manner, paralleling
>demonstrations used by the glass manufacturer to substantiate
>claims for his products.

Suggestion: Read the client's laptop when he's visiting. Then show him your
stuff.

(This means you've built a working Van Eck decoder, which may be too much
to expect, per the above about concentrating on blocking the RF.)



>
>One of the many things that keeps techies from getting the public's
>money is being unable to convince the buyer that the invention
>is truly desirable. Thus comes the marketer, who has skills of
>invention of another sort to charm the skeptical consumer that
>this baby has got to be a part of his/her life -- like fancy homes,
>medical care, insurance cars, clothing, foods, weapons, bibles,
>and, above all, national security.

Look, let me put this bluntly:

VERY FEW PEOPLE CARE ABOUT SECURITY.

Most businessmen are not even using PGP. Why will any of them pay a lot of
extra money for something that makes their laptops look like gargoyles or
pieces of shit?

(This is for the travelling businessmen threat model. The corporate network
threat model is even more problematic, as it means the corporation needs to
TEMPEST-protect some large fraction of their desktop machines, with any
unprotected machines being the weak links. I don't understand which threat
model you're concentrating on, though.)

And your next paragraphs tell me you have even less chance of sellling your
product to corporate America:

>So a mongerer's brew is needed to peddle these inessentials,
>composed of seriousness, humor, terror, lies and pretended
>guilelessness, the practices of anyone doing well or doing badly,
>
>indeed, humans going about whatever they do to fill up the void.


>BTW, the best technology is nearly always going to be classified,
>with sky high prices paid for by gullible citizens to calm their
>manufactured terrors (the religion model, once churches and temples
>now weapons and satellites; once the priest/architect hustle, now
>that of the the NatSec wonk/scientist), so the commercial market is
>only going to offer less than the best, the declassified waste products,
>while selling it as "The Best."


??????

Is this a diagnosed medical condition, like Tourette's? You start out
communicating reasonably clearly, then, as usual, trail off into this
gobbledegook.

Pynchon's Syndrome?


--Tim May

Y2K: A good chance to reformat America's hard drive and empty the trash.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.







Thread