Jerry Leichter wrote: > I commented earlier that $3200 seemed surprisingly cheap. One of the > articles on this claimed this was absurdly expensive - typical DoD gold > plating. Well ... the real price of a standard Blackberry is a couple > of hundred dollars, and put one in a room with a speaker phone and > listen to the famous "Blackberry buzz". Shielding these things, even to > avoid obvious interference, is *not* easy. Getting it to Tempest specs > must take some impressive engineering. For a non-mass-market device > with that kind of engineering, $3200 seems pretty cheap.
Quite a few TEMPEST approved devices are rather innocuous looking these days, the PDA a case in point. Having been present during the big TEMPEST adoption in the military (early 70's) and the introduction of FCC Part 15 (late 70's) I'd think that shielding requirements for compromising emanations are at least extremely closely related to EMI prevention. There's also Red/Black separation, electrical and physical isolation between circuitry carrying classified signals and those not. If I were to hazard a guess TEMPEST requirements are close to those found for VDE/CE approval today (a bit more stringent than FCC). I would expect that the reason for 'approved' cables has to do with insuring construction to an approved standard perhaps with some actual testing thrown in. The amount of shielding required in cabling is on par with the use of shielded twisted pairs. The additional cost of TEMPEST approved equipment primarily comes from design testing and certification. The engineering is otherwise on par with COTS best practices (today). I used to work on a non HY-11 CVSD secure voice link utilizing a KG-13/TSEC Key Generator, used in support of what we publicly know now as the National Reconnaissance Office. Got a late night call from the security officer complaining about picking up an AM radio station on the secure phone handset. The installation had a plan, nice Red/Black separation, ferrous conduits enclosing cabling, physical distance separations, power line filtering and separate power circuits, the whole nine yards. To make a long story short it was picking up the radio station because of a ground loop in the shield for the receive phone pair and a cold solder joint. Re-flowing the solder joint was sufficient to stop the impromptu crystal radio, and I broke the ground loop as well and sent off an annotated copy of the installation wiring diagram to the engineer who did the installation plan. The ground loop mixed inside and outside grounds exposing the shield for the receive pair to broadcast signals, this particularly strong local AM station in point. The cold solder joint acted as a rectifier. Working a few years later for a local video game company, one late night I had occasion to listen to the same AM station on the speaker of an arcade video game we were prototyping. That was cured by twisting a pair in the wiring harness. The next year FCC Part 15 was slated to go into effect and was causing all sorts of industry panic. A year or two later we were still seeing significant EMI from computer equipment. My upstairs neighbor's Apple II used to cause some serious interference with my TV reception using a pair of rabbit ears, some of the biggest EMI culprits for the longest time were power supplies. Today your desktop or laptop PC is generating a significant amount of power across various portions of the spectrum including up into the Giga Hertz range. The amount of EMI produced is closely on par with TEMPEST approved equipment, and the greatest threat to producing EMI or compromising emanations (following the demise of CRT displays) is cabled peripherals. The difference is that it isn't TEMPEST certified, nor has it necessarily been design with Red/Black separation in mind. There'd be strong motivation to use tested and approved cables in classified data handling equipment. While the reduction in EMI for any equipment is largely due to management of signal and power return paths, reduction in power by using smaller signal amplitudes, lower edge rates (rise and fall times as opposed to data rate) filtering and where necessary shielding. Connect one little cheap cable and the next thing you know someone is complaining about receiving AM broadcasts on their fancy (and expensive) secure voice system, or worse, being surveilled without knowing it. I'm not surprised you can hear a Blackberry with a speaker phone. It's got a radio transmitter, and more than likely the speaker phone has an RJ-11 connector on a long straight conductor cable. As a guess we'd be talking about a Blackberry within a couple of meters, and that phone wire strung across a conference table before reaching the floor. http://www.blackberry.com/solutions/pdfs/Healthcare/Wireless_EMI_in_Healthcare_Facilities_White_Paper.pdf You could note a preponderance of phone sensitivity due to proximity (Page 10). A secure handset will do the same thing. The difference is that there won't be any 'plaintext' from the secure phone detectable on the speaker phone. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
