TEMPEST security specifications are designated by US. National Security Agency (NSA) and refers to the susceptibility of computer and telecommunications devices to data theft.
Any device with a microchip generates an electromagnetic field, often called a compromising emanation by security experts. With the proper surveillance equipment, these emanations can be intercepted and the signal reconstructed and analyzed.
This is particularly worrisome to the National Security Agency, which identifies this as a concern in situations where classified information may be accessible and must be protected from outside agents.
Consequently, means have been developed to shield certain devices from emanations that could compromise national security.
Over the past 40 years, the NSA has adopted several industry standards, many of them strengthened. These improvement criteria are known as the TEMPEST standards (although the NSA also calls them EMSEC standards, short for Emission Safety).
The TEMPEST standards involve the design of circuits to minimize emissions and the application of appropriate shielding and bonding.
Experts in this area contend that one of the most vulnerable pieces of equipment is an analog VGA monitor. It’s possible for a spy to introduce a Trojan into the system and subsequently monitor and store keystrokes and passwords used throughout the day.
When the system was not in use at night, the spy could use the VGA display with grayscale, which has a high signal at certain frequencies.
VGA uses a single-ended signal that has a high common mode emission level, which is not protected by shielded cable and it is possible to monitor these signals from outside the safe zone using a ratio receiver.
Even without a Trojan, a sophisticated receiver located at nearby points might reveal sensitive information on the VGA monitor.
Want to learn more? Tonex offers Understanding TEMPEST: Secure Communications and Emission Security Training, a 2-day course where participants learn the fundamentals of TEMPEST and its role in secure communications as well as learn to identify potential vulnerabilities in electronic systems that may lead to compromising emanations.
Participants will also implement effective countermeasures to mitigate the risk of information leakage.
For more information, questions, comments, contact us.