On Fri, Mar 07, 2003 at 10:46:06PM -0800, Bill Frantz wrote:
The next more complex version sends the same random screen over and over in sync with the monitor. Even more complex versions change the random screen every-so-often to try to frustrate recovering the differences between screens of data on the monitor.
Five or six years ago I floated the suggestion that one could do worse than phase lock all the video dot clock oscillators in a computer room or office to the same master timing source. This would make it significantly harder to recover one specific monitor's image by averaging techniques as the interference from nearby monitors would have exactly the same timing and would not average out as it does in the more typical case where each monitor is driven from a video board with a slightly different frequency dot clock (due to aging and manufacturing tolerances).
The dot clock on a megapixel display is around 70 MHz, or 14 nanoseconds per pixel. Syncing that over some distance is not trivial. Remember the speed of light is 1 nanosecond/foot. On the other hand, I think syncing the sweep signals would be enough to implement your idea and that should not be hard to do, possibly even in software since they are created on the video card.
Effectiveness is another matter. The attacker could use a directional antenna to separate out monitors. Even if his equipment was outside the building, the windows would act like an antenna whose radiation pattern would be different for the different monitors in the room. The attacker might be able to discriminate between different monitors just by driving his van around outside.
Even if he can't distinguish between different monitors, he still gets a signal that is the sum of the content on each monitor. That is analogous to a book code and likely just as secure, i.e. not very.
Modifying existing video boards to support such master timing references is possible, but not completely trivial - but would cost manufacturers very little if it was designed in in the first place.
Modifying existing monitors to shield the video signal wouldn't cost that much either. As I understand it the big expense in Tempest rated equipment is the testing and the tight manufacturing control needed to insure that the monitors produced are the same as the ones tested.
And of course one could "improve" the shielding on the monitor with the dummy unimportant data so it radiated 10 or 20 db more energy than the sensitive information monitor next to it. In many cases this might involve little more than scraping off some conductive paint or removing the ground on a cable shield.
Simply buying some class A monitors for the dummy data might do what you want, but I'm not sure 10-20 db of reduced signal to background buys you much. I've heard numbers of 100 db or more required for effective Tempest shielding, with Class B shielding (the higher grade FCC requirement) buying you 40-50 db. See for example http://www.cabrac.com/RFI_EMI_Tempest.html
I am sure that it would take little effort with a spectrum analyzer and some hand tools to defeat most of the EMI suppression in many monitors and whilst this would not be entirely legal under FCC rules (at least for a manufacturer or dealer) it probably would be closer to legal than deliberately creating rf interference with an intentionally radiating jammer.
I imagine, however, that the usefulness of the RF radiated by a modern TFT flat panel display fed with DVI digital video is already much less as there is no serial stream of analog pixel by pixel video energy at any point in such an environment. Most TFTs do one entire row or column of the display at a time in parallel which does not yield an easily separated stream of individual pixel energy. Thus extracting anything resembling an image would seem very difficult.
The signal is still serialized in digital form at some point on a pixel by pixel basis. Because flat panels do not have the high-power sweep signals of CRT monitors, the overall shielding needed to meet Class B may be less. That might make life easier for attackers.
This does suggest one simple approach that might be useful for flat panels displaying sensitive text: chose foreground and back ground colors that have the same number of on and off bits in each color byte pair, e.g. foreground red and background red each have three bits on, both blues have four bits on, both greens have five bits on. That might make background and foreground more difficult to distinguish via RF radiation in an all digital system.
So perhaps the era of the simplest to exploit TEMPEST threats is ending as both optical and rf TEMPEST is much easier with raster scan pixel at a time CRT displays than it is with modern more parallel flat panel display designs.
On the other hand, remember that the earliest Tempest systems were built using vacuum tubes. An attacker today can carry vast amounts of signal processing power in a briefcase.
All in all I would not put much faith in ad hoc Tempest protection. Without access to the secret specifications and test procedures, I would prefer to see highly critical operations done using battery powered laptops operating in a Faraday cage, with no wires crossing the boundary (no power, no phone, no Ethernet, nada). In that situation, one can calculate shielding effectiveness from first principles. http://www.cs.nps.navy.mil/curricula/tracks/security/AISGuide/navch16.txt suggests US government requirements for a shielded enclosure are 60 db minimum.
Arnold Reinhold
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
