Embed Size (px)
8/14/2019 Soft Tempest
Soft Tempest An Opportunity for NATO
Ross J. Anderson and Markus G. Kuhn
University of Cambridge, Computer Laboratory,
New Museums Site, Pembroke Street,
Cambridge CB2 3QG, United Kingdom
NATO countries spend billions of dollars a yearon electromagnetic security, of which the Tempest
shielding of personal computers, workstations and pe-ripherals is a large component. In the absence of acapable motivated opponent such as the former So-viet Union, this burden on both traditional and newmembers is increasingly difficult to justify. As a re-sult, many systems at a medium level of sensitivityare migrating from a shielded to a zoned mode ofprotection.
Over the last year, a new technology has emergedwhich complements zoning in an attractive way. SoftTempest consists of the use of software techniquesto filter, mask or render incomprehensible the infor-
mation bearing electromagnetic emanations from acomputer system. This may give complete protectionto some system components, and while the level ofprotection available for others is only of the order of1020 dB, this translates to a difference of about onezone, which can still give a very significant cost sav-ing. It is already available in COTS products; herewe discuss its introduction into NATO systems.
Protecting NATO Information Systems in the 21st Century, ISTSymposium, Washington DC, USA, 2527 Oct. 1999, RTO MeetingProceedings 27, NATO Research and Technology Organization.
NATO and its member states have been concernedfor decades about the electromagnetic emission secu-rity (emsec) of computer and communications equip-ment ; the threat was mentioned in the open liter-ature as early as 1967  and became widely publi-cised in 1985 [3, 4]. Emsec is commonly understoodas consisting of Tempest (the interception of strayinformation bearing RF emissions from equipment),Hijack (the interception of sensitive information thathas somehow contaminated an electrical signal acces-sible to an attacker, e.g. a power line or ciphertextfeed) and Nonstop (the interception of sensitive in-formation that has accidentally modulated secondary
emissions of an RF carrier such as a mobile phone orradar signal). Each of these three terms is also usedto refer to the relevant defensive techniques [5, 6, 7].
These definitions do not exhaust the space of emsecthreats; it is possible, for example, to extract infor-mation from some equipment by illuminating it witha microwave beam and studying the return signal .
Other equipment can be caused to fail and leak infor-mation by an attacker who inserts transients in thepower supply [9, 10]. Such active attacks tend to begiven less attention by military equipment suppliersbut are likely to become more important with the in-creasing use of COTS products; they can interact innasty ways with protocol and algorithm design .
Nor is emsec an exclusively military problem.Banks are worried about Tempest attacks on auto-matic teller machines; the ease with which the strayRF from an RS-232 line can be monitored has beendocumented in the open literature [12, 13], and such
lines are used to connect the ATM CPU with the mag-netic card reader and PIN pad. A number of sourcesreport the capture of both PIN and card stripe con-tents at a distances of up to 8 m (e.g., [14, 15]). Therehave now been at least two unclassified conferences onemsec protection [16, 17].
A growing concern is that many security proces-sors sold to the commercial market are vulnerableto emsec exploits. Smartcards are a case in point;by observing the current drawn by the card, it is of-ten possible to distinguish different instructions be-ing executed and even the Hamming weight of thedata words on the bus [18, 19]. Even where the im-plementation detail is unknown, the execution of ablock cipher such as DES can be observed as a 16-foldrepeated pattern [18, 20], and by comparing the cur-rent drawn when different blocks are encrypted underthe same key, the key may be found. In the case ofDES, this typically takes about 1000 blocks . Al-though security processors with a larger form factorcan incorporate capacitors or other filters to limit thebandwidth of information leakage through the powersupply, this is a hard problem with single-chip pro-cessors and is a subject of serious research.
Finally, although emsec attacks in the commercial
sector are still relatively specialised, the developmentof software radios may change this. Whereas devel-oping an attack today may require equipment such as
8/14/2019 Soft Tempest
the HP 3587 Signals Analysis System , which costsabout $100,000 and whose export can be controlled,the same functionality will probably be available inten years time in low-cost PC peripherals providinga range of RF services such as UMTS and GPS usingsoftware radio techniques .
So attacks remain a threat, despite the disappear-ance of the USSR; indeed, the threat environmentwill become more complex and diverse. But the tra-ditional countermeasure metal shielding  is ex-pensive and likely to remain so; the existing alter-natives, which include jamming  and specialisedhardware techniques such as scanning a VDU rasterin a random order , have a number of disadvan-tages. This motivates us to ask whether there are anyother alternatives.
2 Soft Tempest
It has been known for some time that the informationbearing RF emanations from a computer can be mod-ified by its software. For example, the first authorlearned to program in 1972 at the Glasgow SchoolsComputer Centre on an early IBM machine whichhad a 1.5 MHz clock; a radio tuned to this frequencyin the machine room would emit a loud whistle. A col-league wrote a set of subroutines of different lengthssuch that by calling them in sequence, the computercould be made to play a tune.
A modern re-implementation of this is describedin : a PC monitor with a pixel frequency of70 MHz can be fed video signals which implement a10 MHz radio signal, amplitude modulated with dif-ferent tones. This can be used to attack computersthat are not connected to networks and have goodphysical security: the computer is infected with avirus which searches the disk for keys or other in-teresting material and then transmits it to a nearbyreceiver. (A more sophisticated implementation coulduse spread spectrum rather than simple AM.) In-deed, there has been speculation that such a Tempest
virus has been used in at least one actual incident ofespionage .
Such phenomena led us to consider whether soft-ware techniques could be used for defence as well.We conducted a series of experiments in late 1997and early 1998 and tried a number of possible ap-proaches. For example, we tried to mask the Tempestsignal from a VDU by generating a jamming signalwith a dither pattern in the background; this did notwork too well as the jamming signal usually ended upmodulated fairly conspicuously with the screen con-tents we were trying to hide. Eventually, we evolved
a set of techniques that do appear to work reliably,and these are described in detail in [25, 27]. We willnow describe two of the techniques briefly.
Figure 1: Standard black on white text image.
Figure 2: The same text after horizontal low-passfiltering.
2.1 Filtered fonts
The technique which has attracted most publicity,and which is already fielded in two commercial secu-rity packages [28, 29], is font filtering. We discoveredthat most of the information bearing RF energy froma VDU was concentrated in the top of the spectrum,so filtering out this component is a logical first step.We removed the top 30% of the Fourier transformof a standard font by convolving it with a suitablesin(x)/x low-pass filter.
Figure 1 shows standard black on white text; fig-ure 2 shows the same text after low pass filtering;figure 3 shows a section through the original text;figure 4 a section through the filtered text, whosebackground is set at 85% white; figure 5 a sectionas received by the monitor if a cheap low-pass filteris installed in the VDU cable; figures 6 and 7 showthe same text (normal and filtered) as it appears tothe authorised user on the PC monitor; and finally
Figure 3: Video signal of a normal font
Figure 4: Video signal of a filtered font
8/14/2019 Soft Tempest
Figure 5: Video signal of a filtered font after analogHF suppression
figures 8 and 9 show the normal and filtered text asit appears to the unauthorised viewer using an ESLmodel 400 Tempest monitor .
The filtered text looks rather blurred and unpleas-ant in the magnified representation of figure 2, butsurprisingly, the loss in text quality is almost unno-
ticeable for the user at the computer screen, as can beseen from the magnified photos figures 6 and 7. Thesignal is in any case filtered by the video and mon-itor electronics and the impedance of the VDU ca-ble (which typically contains a ferrite choke to limitRFI/EMI). When one adds in the limited focus ofthe electron beam and the limited resolution of theeye, the net effect of filtering is small. Indeed, someobservers think that the image quality is slightly im-proved.
While there is little visible change for the user, suchfiltering causes a text which could previously be re-
ceived easily to vanish from the Tempest monitor,even when the antenna is right next to the VDU. TheTempest receiver screen shots in figures 8 and 9 showthat not only has the information bearing signal dis-appeared, but the receivers automatic gain controlhas turned up, displaying the synch pulses as verti-cal lines (the text appears four-up here as the linefrequency of the monitor in use is 70 kHz while ourelderly Tempest receiver was designed in the era ofthe PC-AT and only goes up to 20 kHz).
Filtered text display requires greyscale representa-tion of glyphs, but this technology is already avail-
able in many display drivers in order to support anti-
Figure 6: Screen appearance of a normal font
Figure 7: Screen appearance of a filtered font
Figure 8: Eavesdroppers view of normal fonts
Figure 9: Eavesdroppers view of filtered screen con-tent
aliasing fonts. The next generation of anti-Tempestdisplay routines may also apply the opposite of thetechniques used in OCR fonts: signal differences be-tween glyphs of different characters can be minimizedand there can be multiple representations of someglyphs with quite different signal characteristics. Thisshould make automatic character recognition by theeavesdropper more challenging.
Eavesdropping text from a monitor is only one ofthe Tempest risks associated with personal comput-ers. Nevertheless, we still consider it the most sig-nificant one, as the video display unit is usually thestrongest source of information bearing radiation.
2.2 Securing a keyboard
Another possible application of Soft Tempest tech-niques lies in securing computer keyboards. Herethere are two main threats: the passive observationof RF emanations at harmonics of the keyboard scancycle, and active attacks in which the keyboard cableis irradiated at a harmonic of its resonant frequencyand the scan codes are detected in the return signal
which is modulated by the nonlinear junction effect.Here our defensive technique involves reprogram-
ming the keyboard microcontroller so that the scan
8/14/2019 Soft Tempest
cycle is randomised, and then encrypting the scancodes before they are sent to the PC. Thus for agiven keypress, the number of keys scanned in a cyclewill be a random and changing value rather than aknown constant, and even although the value can bemeasured by an attacker, it should give him no in-
formation on the value of the keypress, on the userstyping pattern, or even on whether the keyboard is inuse at all. The necessary system modifications affectonly the PCs device driver and the firmware in thekeyboard microcontroller.
Three features of this keyboard protection tech-nique should be noted. The first is that, whereas fontfiltering may give only 1020 dB of protection andthus be inadequate on its own in the most demand-ing applications, the keyboard technique may be suf-ficient even there (the exception is where completeshielding is needed for tactical reasons to prevent ra-
dio direction finding). The second is that the key-board protection can be independent of other protec-tion options. The third is that suitably modified key-boards can be supplied through existing trusted dis-tribution chains (and can reinforce these controls asthey will not work with an unmodified PC). Thus thesavings of perhaps $500 per keyboard can be achievedindependently of any decision to deploy font filteringtechniques and in a way that appears compatible withcurrent infosec management practices.
3 DiscussionOur results on Soft Tempest are preliminary; our test-ing has been limited by the facts that we do not havea shielded room on site, and that we have avoidedgetting the security clearance needed for access tothe AMSG documents because of the restrictions thiswould place on our research. Further testing shouldexplore the extent to which the level of protectiongiven by filtered fonts depends on the display tech-nology; while we may get around 1020 dB with themonitor used for most of our testing (model MT-9017E produced by iiyama), the effect may be less onother monitors. We therefore welcome any feedbackfrom the government research community on how ourSoft Tempest techniques fare in the test environmentsavailable to them.
As a general point, we feel that the time mayhave come for the declassification of at least some ofthe Tempest, Hijack and Nonstop test requirements.(The publication of the specifications of KEA andSkipjack is an encouraging precedent.) Even if NATOis unwilling to declassify AMSG 720B, the physicalshielding of 100 dB or so which we understand it spec-ifies is excessive for many real world applications ,
and so the reasonable first step might be declassifica-tion of the AMSG 788/799 which apparently relatesto equipment used in zoned protection models .
The increasing reliance which NATO military organi-sations place on COTS components and systems, andthe growing importance of defensive infowar, make itadvantageous to enable commercial suppliers to usestandards that are in harmony with at least some ofthe military infosec requirements. In the absence of a
lead from NATO, we may have to develop separate,open, standards for Soft Tempest implementation andtesting.
What sort of applications should use Soft Tempest?We suggest the answer is all of them. Where a highlevel of protection is needed, as in a diplomatic or in-telligence system, 100 dB of shielding may be prudent but this can always fail. One of us was asked to doan independent review of a shielded product and hadno difficulty receiving a clear signal. The equipmentmanufacturer then stripped down the device, washedthe gaskets in alcohol, and reassembled it carefully;
the signal was now undetectable. If a new devicepresented by a manufacturer for hostile review wasfaulty, then what proportion of devices in the fieldare also defective? In applications which require thebest possible protection regardless of cost, we suggestthat Soft Tempest should be mandatory; otherwise,shield failure can leave critical data unprotected.
In less critical applications, where zoning tech-niques are used at present, Soft Tempest has the po-tential to make a difference of about one zone. NATOgovernments should consider whether the cost sav-ings from this will justify adopting the technology. It
should also be borne in mind that once adopted itcan be extended to large numbers of systems at lit-tle marginal cost; this will provide some potential forextending protection against future attackers usinglow-cost software radios.
In the case of some particular components, such ascomputer keyboards, Soft Tempest may be the bestprotection mechanism for all but the most demandingtactical applications. Adoption of the technology forkeyboards alone might save US$ 500 per device; and ifthe Bluetooth protocol for secure RF communicationbetween devices is successful in the marketplace, thenSoft Tempest might become the preferred option formany system components.
Soft Tempest techniques have the potential to saveNATO governments a very large amount of money.They are already fielded in COTS products, some ofwhich are already used by government agencies. Inorder to avoid the emergence of different, incompat-ible standards for COTS and military systems, werecommend that NATO declassify the relevant Tem-
pest test standards. More generally, it is time thatgovernments started looking seriously at a more sys-tematic exploitation of Soft Tempest technology.
8/14/2019 Soft Tempest
 D Russell, GT Gangemi, Computer Security Basics,OReilly & Associates, 1991, ISBN 0-937175-71-4;chapter 10 (TEMPEST)
 Harold Joseph Highland: Electromagnetic Radiation
Revisited. Computers & Security vol 5, pp 8593 and181184, 1986
 W van Eck, Electromagnetic Radiation from VideoDisplay Units: An Eavesdropping Risk? in Com-puters & Security v 4 (1985) pp 269286
 E Moller, L Bernstein, F Kolberg, Schutzma-nahmen gegen kompromittierende elektromagnetis-che Emissionen von Bildschirmsichtgeraten, La-bor fur Nachrichtentechnik, Fachhochschule Aachen,Germany; http://www.etechnik.fh-aachen.de/1/www1407.htm
 Electromagnetic Pulse (EMP) and Tempest Protec-
tion for Facilities, Engineer Pamphlet EP 1110-3-2,469 pages, U.S. Army Corps of Engineers, Publica-tions Depot, Hyattsville, December 31, 1990; http://www.jya.com/emp.htm
 Emission Security Countermeasures Reviews, AirForce Systems Security Memorandum 7011 (1 May1998), http://jya.com/afssm-7011.htm
 Uberkoppeln auf Leitungen, Faltblatter des BSI4, German Information Security Agency, Bonn,1997; http://www.bsi.bund.de/literat/faltbl/004_kopp.htm
 Personal communication, T Handel, 1998
 RJ Anderson, MG Kuhn, Tamper Resistance a Cautionary Note, in Proceedings of the SecondUsenix Workshop on Electronic Commerce (Nov 96)pp 111
 O Kommerling, MG Kuhn, Design Principles forTamper-Resistant Security Processors, USENIXWorkshop on Smartcard Technology, Chicago,IL (1011 May 1999) http://www.cl.cam.ac.uk/Research/Security/tamper/
 RJ Anderson, MG Kuhn, Low Cost Attacks onTamper Resistant Devices, in Security Protocols Proceedings of the 5th International Workshop, 7
9 April, Ecole Normal Superieure, Paris; SpringerLNCS v 1361 pp 125136
 P Smulders, The Threat of Information Theft byReception of Electromagnetic Radiation from RS-232Cables, in Computers & Security v 9 (1990) pp 5358
 B Demoulin, L Kone, C Poudroux, P Degauque,Electromagnetic Radiation of Shielded Data Trans-mission Lines, in  pp 163173
 DE Denning, Information Warfare and Security,Addison Wesley 1998; pp 189 ff
 Personal communication, HG Wolf
 Sicurezza Elettromagnetica nella ProtezionedellInformazione, Rome, Italy, 2425 Nov 1988,Fondazione Ugo Bordoni
 Symposium on Electromagnetic Security for Infor-mation Protection, Rome, Italy, 2122 November1991, Fondazione Ugo Bordoni
 P Kocher, J Jaffe, B Jun, Differential Power Analy-sis, in Michael Wiener (Ed.), Advances in Cryptol-ogy CRYPTO99, LNCS 1666, Springer, 1999, pp
 S Chari, C Jutla, JR Rao, P Rohatgi, A CautionaryNote Regarding Evaluation of AES Candidates onSmart-Cards, in Second Advanced Encryption Stan-dard Candidate Conference, 2223 Mar 1999, Rome,Italy; pp 133147; http://www.nist.gov/aes
 E Bovenlander, invited talk on smartcard security,Eurocrypt 97, May 1115, 1997, Konstanz, Germany
 Hewlett Packard Real-time Signal Analysis Sys-tem, http://www.tmo.hp.com/tmo/datasheets/English/HP3587.html
 RJ Lackey, DW Upmal, Speakeasy: The Military
Software Radio, in IEEE Communications Maga-zine v 33 no 5 (May 1995) pp 5661
 B Audone, F Bresciani, Signal Processing in ActiveShielding and Direction-Finding Techniques, IEEETransactions on Electromagnetic Compatibility v 38no 3 (August 1996) pp 334-340
 W van Eck, Video terminal with image line disar-rangement, U.S. Patent 4669117, May. 26, 1987.
 MG Kuhn, RJ Anderson, Soft Tempest: HiddenData Transmission Using Electromagnetic Emana-tions, in David Aucsmith (Ed.), Information Hid-ing, Second International Workshop, Portland, Ore-gon, USA, 15-17 April, 1998; Springer LNCS v 1525pp 124142; http://www.cl.cam.ac.uk/Research/Security/tamper/
 ER Koch, J Sperber, Die Datenmafia: Comput-erspionage und neue Informationskartelle, Rowohlt,ISBN 3-498-06304-9, 1995.
 MG Kuhn, RJ Anderson, Low Cost Counter-measures Against Compromising ElectromagneticComputer Emanations, UK patent application no9801745.2, January 28, 1998; also filed as US patent
 STEGANOS II Security Suite, from DEMCOM, Ger-many; http://www.demcom.com
 Pretty Good Privacy v 6.0.2, from NAI Inc, USA;http://www.pgpi.com
 Operating Manual for DataSafe/ESL Model400B/400B1 Emission Monitors, DataSafe Lim-ited, 33 King Street, Cheltenham, GoucestershireGL50 4AU, United Kingdom, June 1991
 Blostellende Abstrahlung, Faltblatter des BSI 12,German Information Security Agency, Bonn, 1996
 D Whitworth, Information Security and Electro-magnetic Emission Control, Relating to Installations,and Integrated Approach, in , pp 3138
 R Briol, Emanation How to keep your data confi-dential, in , pp 225234