Telecommunications electronics materials protected from emanating spurious transmissions (TEMPEST) testing, also called emission security (EMSEC) by the National Security Agency (NSA), is an NSA specification and is defined in the NATO SDIP-27 standard.
TEMPEST is designed to deny unauthorized access to information derived from intercepting and analyzing unintended electrical signals, sounds, and vibrations emanating from electronic equipment, including computers, servers, telecommunications systems, cryptographic equipment, and similar devices.
The specific requirements of TEMPEST testing are classified. This article reviews Van Eck’s phreaking, called Van Eck radiation, which forms the basis of the threat that TEMPEST testing addresses. It also presents an overview of the three levels of TEMPEST testing.
Initially, phreaking was specifically referred to as hacking into a telecommunication system. Today, its definition has expanded to include hacking into any electronic system.
Van Eck’s phreaking uses specialized equipment to attack the electromagnetic emissions of electronic devices’ side channels. While the U.S. government and Bell Labs knew about the possibility of phreaking as early as the Second World War, it was classified.
In 1985, Wim van Eck published the first unclassified paper on the security risks of unintended electromagnetic emissions. The paper described how to remotely reproduce the screen of a cathode-ray tube (CRT) display. The emissions were captured with a specialized antenna to recreate the displayed images (Figure 1). The technique is not limited to CRT displays.
TEMPEST testing
TEMPEST testing measures and analyzes the unintentional electromagnetic emissions from electronic devices. It uses specialized antennas and receivers to capture the emissions and software to analyze the data and determine whether it can reconstruct sensitive information.
Most of the specifics related to TEMPEST testing are classified. The three general factors include:
- Distance is a critical factor determining signal attenuation, and TEMPEST testing is defined for 1 m, 20 m, and 100 m.
- Frequency range is important, and testing is conducted across various frequencies.
- Orientation is also considered, and devices are tested from various angles to identify potential emission locations.
NSTISSAM TEMPEST/1-92 from the NSA details the TEMPEST laboratory test requirements for electromagnetic emissions. It defines three security levels and provides a certification framework for equipment and systems that meet the document’s standards.
NATO SDIP-27 also defines three security levels for electronic devices, which limit the electromagnetic radiation they emit to prevent eavesdropping. It also includes three NATO zoning levels.
Zones, levels, and ratings
TEMPEST performance is defined by a series of zones and levels that lead to equipment ratings. The three basic zones and levels are (Figure 2):
- Full is the strictest level of performance, which is called Level A by NATO and Level I by the NSA. It applies to Zone 0. It assumed that an attacker has almost immediate access to the equipment from 1 m or from a neighboring room.
- Intermediate is called Level B by NATO and Level II by the NSA. It applies to Zone 1 and is designed to protect equipment from 20 meters of unobstructed distance and a comparable distance through walls and obstacles.
- Tactical is the least strict performance and is called Level C by NASA and Level III by the NSA. It applies to Zone 2. This level protects equipment from 100 meters of unobstructed distance or a comparable distance through walls and obstacles.
In addition to TEMPEST zones and levels, the NSA includes three equipment type ratings:
- Type 1 is the highest level for classified cryptographic equipment used for national security purposes.
- Type 2 is for unclassified cryptographic equipment to protect unclassified but sensitive information.
- Type 3 is for unclassified commercial cryptographic equipment used in applications like corporate networks.
Summary
TEMPEST requirements are designed to prevent attackers from using Van Eck radiation to eavesdrop on sensitive and classified data. The specifics are classified and include requirements for distance to the device, frequencies, and orientations for testing. They are based on three levels or zones defined in NSA and NATO standards.
References
5 Things Everyone Should Know About TEMPEST and Information Security, FiberPlex
Electromagnetic Information Extortion from Electronic Devices Using Interceptor and Its Countermeasure, National Institute of Technology
National Security Agency TEMPEST Certification Program, UNCLASSIFIED
TEMPEST Electronics Testing: Keeping Your Secrets Secret, GRiD Defense Systems
TEMPEST Introduction, Spectrum Control
TEMPEST shielding, NordVPN
TEMPEST Shielding Standards, Interelectronix
Van Eck phreaking, Wikipedia
What is TEMPEST?, Astrodyne TDI
WTWH related links
AC mains filter cuts conducted EMI
EMI, EMC, EMS, and the ITU
How to locate EMI emissions with near-field probes: Part 1
What are some common EMI/EMC tests?
A comparison of EMI test setups and specifications for automotive, industrial, and defense applications, part 2: Radiated emissions
Leave a Reply
You must be logged in to post a comment.