Re: How old is TEMPEST? (was Re: New Encryption Regulations have other gotchas)
By 1970-71 the US Air Force was testing its own facilities for emanations, and as a low grade enlisted person with a Top Secret/Crypto clearance, I was allowed to see the results of a test conducted against a facility where I worked. The site used KY-8's and KY-28's, and we thought we were very secure. The people in the Tempest van read us like a book, having picked up signals on the way to KY's. I got the impression Tempest was fairly well institutionalized by then, at least in the USAF, and that some of the old hands had seen this before. I can't recall whether the term 'Tempest' itself was an acronym, although most sources now say it was not (e.g., online computer dictionary) but these sources could be wrong. On Mon, 24 Jan 2000, Arnold G. Reinhold wrote: > Regarding the question of how far back TEMPEST goes, I took a look at > David Kahn's "The Codebreakers" which was copyrighted in 1967. > TEMPEST is not listed in the index. However I did find the following > paragraph in a portion of the chapter on N.S.A. that discusses > efforts to improve the US State Department's communications security > (p. 714): > > "... the department budgeted $221,400 in 1964 for 650 KW-7's. ... The > per-item cost of $4,500 may be due in part to refinements to prevent > inductive or galvanic interaction between the key pulses and the > plaintext pulses, which wire tappers could detect in the line pulse > and use to break the unbreakable system through its back door. " > > This would be the electro-mechanical equivalent of TEMPEST and > suggests that NSA was well aware of the compromising potential of > incidental emanations long before the computer communications era. > > Another useful data point would be earliest reports about the BBC's > system for detecting unlicensed television receivers. That system > used vans equipped to detect a TV's local oscillator, but may well be > an offshoot of emanations intelligence research. > > Arnold Reinhold > >
Re: New Encryption Regulations have other gotchas
[EMAIL PROTECTED] (Peter Gutmann): > I was reading an early-80's paper on OS security and it mentioned > some work from the 1950's on this. I've heard comments about knowledge > of Tempest issues during this time from various people, but this is > the earliest reference I've found in a published article. If I can > re-locate the source I'll post a reference to it. Edited by Lance J Hoffman of UCB Security and Privacy in Computer Systems Wiley 1973 ISBN 0471 40611 2 This book covers publicly-available crypto of the period (looks very weak now) and "rings" by Robert Graham and civil liberties threats involving data storage and aggregation. Page 77 Passive infiltraton may be accomplished by wiretapping or by electomagnetic pickup of the traffic at any point in the system. Although considerable effort has been applied to counter such threats to defense communications, nongovernmental approaches to information privacy usually assume that communication lines are secure, when in fact they are one of the most vulnerable parts of the system. Page 84 In addition to the spectrum of threats arising from wiretapping, electro- magnetic radiation from terminals myst be considered.[12] Electromagnetic radiation characteristics will depend heavily on the type of terminal, and may in some cases pose serious shielding and electrical-filtering problems. More advanced terminals using cathode ray tube for information display may create even greater problems in trying to prevent what has been called "tuning in the terminal on Channel 4." 12. R.L. Dennis, Security in computer environment, SP2440/000/01, System Development Corporation, August 18, 1966 Another chapter has (starting on page 101) a section called "THE PARADOX OF THE SECRECY ABOUT SECRECY" where it says: It should be noted that this Memorandum has been purposely written to be unclassified ... the only background information used is that found in the unclassified literature ... So can anyone say whether there are interesting things in that ref 12 ? -- ## # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##
Re: New Encryption Regulations have other gotchas
John Young <[EMAIL PROTECTED]> writes: >Phil Karn wrote: > >>I believe the anti-Tempest provisions have been in the export regs >>for some time. > >Yes, but when did they appear? We're attempting to trace Tempest's origin -- >not easy because of classification of so much stuff. One classified standard >dates to 1967. I was reading an early-80's paper on OS security and it mentioned some work from the 1950's on this. I've heard comments about knowledge of Tempest issues during this time from various people, but this is the earliest reference I've found in a published article. If I can re-locate the source I'll post a reference to it. Peter.
Re: New Encryption Regulations have other gotchas
Phil Karn wrote: >I believe the anti-Tempest provisions have been in the export regs >for some time. Yes, but when did they appear? We're attempting to trace Tempest's origin -- not easy because of classification of so much stuff. One classified standard dates to 1967. A French article on Tempest in December 99 states: "The initiators of this technique is the Bulgarian secret service (formed by the KGB) which placed modified vans around embassies or important companies." No date for the initiation. Is the claim accurate? We've read hints that some of the earliest research concerned naval vessels whose metal structure was discovered to be acting as unintentional antennas. Then, later, planes, other equipment and architectural/engineering elements of buildings. We would appreciate information on the history of Tempest. Not asking for classified/NDA info just dates, say, or what kind of discoveries led to the technology. And when it went into the export control regs. Who knows what emanates compromising information these days as the sensitivity of instruments and capabilities of EM interception and analysis increases. Thank you very much.
Re: New Encryption Regulations have other gotchas
{I take no blam^H^Hcredit for spotting this; I just relay it}
> "a.4. Specially designed or modified to reduce the compromising
> emanations of information-bearing signals beyond what is necessary
> for the health, safety or electromagnetic interference standards;"
This seems aimed at "Soft Tempest" work of recent years
And as a noted backhoe tracker mentioned:
|That may be what it is aimed at, however it is important to remember
|standards tend to be by their nature lowest common denominator. The
|BXA regs appear to create an official government policy you can not
|improve health or safety beyond that required to meet the minimum
|standards. At the absurd, these regulations appear to prohibit
|the use of surge suppressors, UPSs or isolation transformers.
|
|I knew Radio Shack sold many legally suspect items, but have we
|reached the point of "Freeze, put down that surge supressor or we'll
|shoot!"
--
A host is a host from coast to [EMAIL PROTECTED]
& no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or dead20915-1433
