1998-11-01 - Re: TEMPEST laptops

Header Data

From: Bill Stewart <bill.stewart@pobox.com>
To: cypherpunks@cyberpass.net
Message Hash: d4af0567c8180c6abe3fd62de56363afd19a5fce355a58b7d2b78390744f62c2
Message ID: <3.0.5.32.19981101142536.008aee30@idiom.com>
Reply To: <199810312353.SAA23037@camel7.mindspring.com>
UTC Datetime: 1998-11-01 22:57:53 UTC
Raw Date: Mon, 2 Nov 1998 06:57:53 +0800

Raw message

From: Bill Stewart <bill.stewart@pobox.com>
Date: Mon, 2 Nov 1998 06:57:53 +0800
To: cypherpunks@cyberpass.net
Subject: Re: TEMPEST laptops
In-Reply-To: <199810312353.SAA23037@camel7.mindspring.com>
Message-ID: <3.0.5.32.19981101142536.008aee30@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain



At 08:19 PM 10/31/98 -0800, Tim May wrote:
>At 3:44 PM -0800 10/31/98, John Young wrote:
> > Not to beat an NDA horse but while we're waiting for NSA to
> > process our FOIA request for TEMPEST docs, are there
> > products available to shield a desktop box, or better, a laptop?
>I haven't been following this FOIA request for TEMPEST docs. It seems
>pointless, for several reasons:
>1. No doubt a lot of stuff will be classified, and FOIA can't break
>classification, generally.

Yup.   Most of it's SECRET COMSEC or CONFIDENTIAL COMSEC.
The parts I'm aware of cover making equipment not radiate,
blocking radiation that does occur, and making sure signals
don't leak between the red and black sides.  There's presumably
much more secret documentation at NSA about how to spy on stuff,
and there's no way you'll get any of that.

>2. The physics is what's important, not TEMPEST specs on specific pieces
>of equipment the government may be using, etc.

That too.  TEMPEST, like other security problems,
depends a lot on your threat models - you need a lot quieter equipment
if there's an NSA Antenna Van parked in your driveway
than if you're out in an empty field with nobody around for miles.
What the equipment specs tell you is what the military thinks
is adequate protection for typical threat environments,
such as defense contractor office buildings or low-tech battlefields.

The last time I checked, which was 8-10 years ago,
there was a lot of TEMPEST-certified equipment on the market,
though many of the vendors would only sell to the government
and businesses working on TEMPEST-requiring government contracts.

The main things on the market back then were
- Room/building enclosure technology, so you could put lots of
regular computer equipment in a big shielded room.
This includes heavy-duty filtering of power supplies;
our equipment was quite happy with it's nice clean power feeds.
- Shielded minicomputers - basically stuck in rack-sized versions
of room enclosures, with fiber-optic comm lines or shielded cables.
- Quiet PCs, which generally had heavier metal cases, shielded cables,
rather heavy keyboards, and lots of shielding in the monitors.
They tended to cost about $5000 more than the equivalent non-TEMPEST PC.

I don't know how the market is today, but it's probably a LOT more work
to quiet and/or shield a 400MHz Pentium2 than a 4.77Mhz 8086 -
higher frequency signals have shorter wavelengths, so they can
leak through smaller holes, and the newer Pentiums probably put out a
lot more energy above 3GHz than 8086s did, which means that
centimeter-long cracks can leak signals.

At the time, the rule of thumb for room shielding was that you
wanted 100dB attenuation; the actual specs were
more complex than that, and presumably classified.
We did our routine measurements using a 450MHz transmitter, 
which would let us find any leaks that evolved from wear&tear
on our doors or wiring mistakes on our comm or power gear
(like forgetting to screw some lid on tight enough),
but the TEMPEST contractors did the official complex measurements.
This was a significant change from Vietnam-era shielding,
which was typically copper mesh that provided 60dB attenuation

Just using a regular laptop isn't enough; I've seen laptops
transmit recognizable images to a television (though I was probably
using AC power rather than batteries, and may or may not have had
the display mode set to LCD-and-monitor.)


				Thanks! 
					Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639





Thread