TEMPEST
TEMPEST is a U.S. government code word for a classified set of standards for limiting electric or electromagnetic radiation emanations from electronic equipment such as microchips, monitors, or printers. It is a counter-intelligence measure aimed at the prevention of electronic espionage.
Basic TEMPEST information has not been classified since 1995. The TEMPEST standard, NSTISSAM TEMPEST/1-92, is publicly available in redacted form. However specific parameters for TEMPEST acceptance and some test techniques remain confidential. The NSA publishes lists of labs approved for TEMPEST testing and equipment that has been certified. The United States Army has a TEMPEST testing facility, as part of the U.S. Army Information Systems Engineering Command, at Fort Huachuca, Arizona.
An important concept of TEMPEST is "red-black separation", i.e. maintaining distance or installing shielding between circuits and equipment used to handle classified or sensitive information (red) and normal unsecured circuits and equipment (black), the latter including those carrying encrypted signals.
One aspect of TEMPEST testing that distinguishes it from limits on spurious emissions (e.g. FCC Part 15 is a requirement to correlate radiated energy with plain text signals that are being processed.
In 1985, Wim van Eck published the first unclassified technical analysis of the security risks of emanations from computer monitors. This paper caused some consternation in the security community, which had previously believed that such monitoring was a highly sophisticated attack available only to governments; van Eck successfully eavesdropped on a real system, at a range of hundreds of metres, using just $15 worth of equipment plus a television set. In consequence of this research such emanations are sometimes called "van Eck radiation", and the eavesdropping technique "van Eck phreaking", although it is realised that an unknown government researcher had discovered it long before.
In 1998, Ross Anderson and Markus Kuhn discovered that a considerable degree of protection against monitoring of emanations from computer display units could be achieved in software alone, at considerably less expense than traditional TEMPEST rated hardware. Such protections are known as "Soft TEMPEST", and work by filtering out high-frequency components from fonts before rendering them on a computer screen.
See also
