TEMPEST

Overview

TEMPEST is the substantively oldest continuously-operational institutional doctrinal framework in the post-1947 NSA institutional inventory. The framework's substantive operational origins predate the establishment of NSA itself — the institutional discovery of unintentional-emanation exploitation is substantively dated to 1943 institutional Bell Telephone Laboratories work for the US Signal Corps on the substantive operational vulnerability of the SIGABA cryptographic equipment. The substantive subsequent institutional development across the 1947–58 period substantially produced the formal TEMPEST codename and the institutional doctrinal framework under which TEMPEST has operated since.

The institutional position of TEMPEST within the post-1947 NSA institutional architecture is substantively dual — TEMPEST is simultaneously an offensive-collection capability (the substantive exploitation of foreign-equipment emanations to obtain classified-content access) and a defensive-protection framework (the substantive specification of TEMPEST-shielded US-government equipment to prevent equivalent foreign exploitation of US-equipment emanations). The institutional balance between offensive and defensive operational positions has substantially varied across the post-1958 period, with the substantive contemporary institutional position being substantially weighted toward the defensive framework given the substantive proliferation of foreign emanation-collection capability.

Origins / Development

The institutional history of TEMPEST is substantively traceable to the 1943 Bell Telephone Laboratories institutional work on the substantive operational vulnerability of the SIGABA cryptographic equipment. The substantive discovery — that the SIGABA cryptographic-equipment operational pattern produced an unintentional electromagnetic emanation that, with sufficiently sensitive collection equipment, substantively encoded the operational state of the equipment — substantially established the institutional foundation that subsequent TEMPEST development was built on.

The post-1947 institutional development across the 1947–58 period substantially proceeded through the institutional cooperation of NSA's predecessor agencies (the Armed Forces Security Agency until 1952, NSA from 1952), the substantively-documented institutional research at Bell Labs and at the National Security Agency's institutional research facility at Fort Meade, and the substantive expansion of the institutional doctrinal framework to cover the broader category of unintentional-emanation collection. The substantive institutional formalisation of TEMPEST as a named programme is substantively dated to 1958, with the codename's institutional adoption substantively coinciding with the institutional consolidation of the doctrinal framework.

The substantive institutional development across the 1958–85 period was substantially conducted under classification — the institutional substance of TEMPEST was substantively classified at the SECRET-or-higher level for substantially the entire period. The institutional public emergence of TEMPEST occurred substantively in 1985 with Dutch researcher Wim van Eck's substantive publication of the academic paper Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? in Computers and Security — the first substantive academic disclosure of the CRT-monitor electromagnetic-emanation reconstruction technique that subsequently became colloquially known as "Van Eck phreaking". The institutional NSA position on the van Eck disclosure was the substantial pattern of neither-confirm-nor-deny; the substantively settled institutional assessment is that NSA had substantively been operationally exploiting CRT-monitor emanations for substantially decades prior to van Eck's institutional public disclosure.

The institutional substance of TEMPEST has substantially evolved across the post-1985 period to address the institutional emergence of new operational-target categories. The substantive expansion of the TEMPEST framework across the post-1985 period has substantially included: the expansion to LCD-and-OLED-monitor-emanation exploitation following the substantive 2003–07 academic research at Cambridge University demonstrating that flat-panel-display emanations substantially permit equivalent operational reconstruction; the expansion to keyboard-acoustic-emanation exploitation following the substantive 2004–13 academic research demonstrating the operational reconstruction of typed content from acoustic-emanation collection; the expansion to cabinet-fan-acoustic and power-line-fluctuation exploitation; and the substantial subsequent additions across the broader category of side-channel-emanation collection.

Operational characteristics

The substantively documented operational characteristics of TEMPEST collection across the post-1985 published institutional record substantially comprise the following operational pattern.

Electromagnetic-emanation collection

The principal historical TEMPEST operational mode and substantively the most extensively documented in the post-1985 academic literature. The operational substance is the substantive collection of electromagnetic emanations from the target equipment using sensitive radio-receiver equipment positioned within sufficient operational range — substantially within tens-to-hundreds of metres for typical office-equipment emanation levels, substantially less for TEMPEST-shielded equipment. The substantive operational reconstruction methodology substantially involves the spectral-analysis identification of the target equipment's operational signature, the substantive synchronisation of the collection equipment to the target equipment's operational clock, and the substantive reconstruction of the target equipment's operational content from the collected emanation signal. The substantively documented operational reconstruction quality substantially permits the legible reconstruction of CRT-monitor screen content; the substantial reconstruction of LCD-monitor screen content; the substantial reconstruction of laser-printer document content; and substantial subsequent operational categories.

Acoustic-emanation collection

The substantively documented operational mode covering keyboard-acoustic emanations, cabinet-fan acoustic patterns, and adjacent acoustic-emanation categories. The substantive 2013 academic research by Daniel Genkin, Adi Shamir, and Eran Tromer at Tel Aviv University, RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, substantively demonstrated the operational extraction of 4096-bit RSA cryptographic keys through the acoustic-emanation collection of the target computer's CPU operation while performing decryption — a substantively foundational subsequent demonstration of the institutional principle that mechanical and acoustic emanations encode cryptographic-key state.

Optical-emanation collection

The substantively documented operational mode covering LED-status-indicator emanations, photodiode emanations, and adjacent optical-emanation categories. The substantive operational reconstruction methodology substantially involves the high-speed photodiode collection of the target equipment's optical-status-indicator operational pattern, the substantive synchronisation of the collection equipment to the target equipment's operational clock, and the substantive reconstruction of the target equipment's operational content from the collected optical signal. The substantively documented operational reconstruction includes the substantive reconstruction of network-router-LED-encoded data traffic from a remote position.

Power-line-fluctuation emanation collection

The substantively documented operational mode covering the substantive collection of unintentional fluctuations on the target equipment's power-supply line. The substantive operational reconstruction methodology substantially involves the spectral-analysis identification of the target equipment's operational signature in the power-line-fluctuation pattern. The substantively documented operational reconstruction includes the substantive reconstruction of CPU-instruction-execution patterns and the substantial subsequent operational categories.

TEMPEST defensive framework

The defensive component of the TEMPEST framework — the substantive specification of TEMPEST-shielded equipment to prevent equivalent foreign exploitation — has across the post-1958 period been the principal institutional product of the framework's institutional vehicle.

Equipment certification standards

The institutional TEMPEST equipment-certification framework is substantively defined in NACSIM 5100A (the original 1992 institutional standard, subsequently renamed NSTISSAM TEMPEST/1-92) and successive standards. The institutional substance of the standards is the substantive specification of the maximum permitted emanation levels at specified frequencies for equipment certified at each operational TEMPEST level (Levels I, II, and III, with Level I substantively most-restrictive). The institutional certification process substantively requires the operational testing of candidate equipment at NSA-certified test laboratories with the substantive measurement of the equipment's actual emanation levels.

TEMPEST-shielded SCIF facilities

The institutional substance of the broader TEMPEST defensive framework is the substantive operational requirement that classified-information processing at the sensitive-compartmented-information level substantively occur within TEMPEST-shielded facilities (SCIFs). The substantive TEMPEST-shielding specifications for SCIF construction are substantially defined in Director of National Intelligence Intelligence Community Directive 705 — the institutional standard for SCIF construction — which substantively incorporates the TEMPEST-emanation-shielding requirements as a component of the broader SCIF construction framework. The institutional substance of the construction requirements substantially includes the substantive electromagnetic-shielding of the SCIF perimeter (substantially through Faraday-cage construction), the substantive acoustic-isolation of the SCIF working space, the substantive restriction on the routing of unclassified communications through the SCIF, and adjacent institutional construction requirements.

Zone separation framework

The institutional TEMPEST framework substantially includes a separation-distance specification — the substantive operational requirement that TEMPEST-certified equipment be operated at a substantively-defined minimum distance from any institutional location to which substantively-foreign personnel have operational access. The substantively documented separation-distance specifications across the institutional history have varied — the substantively documented post-1992 framework substantially specified separation distances of 20-to-100 metres depending on the operational classification level and the operational equipment category.

Documented deployments

The documented deployments of TEMPEST collection capability across the post-1985 published institutional record substantially comprise:

Alleged Cold War embassy operational deployment. The substantively-asserted-but-not-documented institutional pattern of US-and-Soviet Cold War embassy-located TEMPEST collection has been the subject of substantial subsequent historical commentary. The substantively documented institutional record on the operational pattern is substantively limited; the substantively-asserted operational pattern is substantially that both US and Soviet institutional intelligence services across the 1958–91 Cold War period substantively conducted TEMPEST collection from embassy-and-consular institutional locations against host-country government targets within operational range.

Confirmed Wim van Eck CRT-monitor reconstruction (1985). The substantive 1985 institutional public demonstration by Wim van Eck — substantially conducted with off-the-shelf television-receiver equipment at substantial operational range from a target CRT monitor — substantively established the institutional public-record reconstruction of CRT-monitor screen content. The institutional NSA position on the van Eck demonstration was the substantial pattern of neither-confirm-nor-deny.

Confirmed Subsequent academic-research demonstrations (2003–present). The substantial subsequent institutional academic-research literature across the post-2003 period has produced the substantively documented operational reconstruction across substantially every category of electronic-equipment emanation — LCD monitors, laser printers, keyboards, network routers, video cards, hard drives, USB devices, and substantial subsequent additions. The substantively-documented institutional pattern is substantially that academic research has substantively reproduced — substantially with off-the-shelf collection equipment — operational capability that NSA had institutionally-classified for substantially decades.

Sources & Further Reading

1. Wim van Eck, Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?, Computers and Security 4 (1985), pp. 269–286 — the foundational academic disclosure.
2. National Security Agency, NACSIM 5100A / NSTISSAM TEMPEST/1-92 — the principal institutional TEMPEST equipment-certification standard, substantially declassified across the post-2010 period.
3. Daniel Genkin, Adi Shamir, and Eran Tromer, RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, Advances in Cryptology – CRYPTO 2014, pp. 444–461 — the principal subsequent academic demonstration of acoustic cryptanalysis.
4. Markus G. Kuhn, Compromising Emanations: Eavesdropping Risks of Computer Displays, University of Cambridge Computer Laboratory Technical Report UCAM-CL-TR-577, December 2003 — the principal subsequent academic treatment of LCD-emanation reconstruction.
5. Joe Loughry and David A. Umphress, Information Leakage from Optical Emanations, ACM Transactions on Information and System Security 5(3) (2002), pp. 262–289 — the principal academic demonstration of LED-emanation reconstruction.
6. National Security Agency, TEMPEST: A Signal Problem, NSA Cryptologic Spectrum, declassified release — the principal NSA institutional declassified historical-account.
7. James Bamford, Body of Secrets: Anatomy of the Ultra-Secret National Security Agency, Doubleday, 2001 — substantial historical reconstruction of TEMPEST institutional development.
8. Director of National Intelligence Intelligence Community Directive 705, Sensitive Compartmented Information Facilities, May 2010 — the substantive contemporary SCIF construction standard incorporating TEMPEST shielding.
9. National Security Telecommunications and Information Systems Security Committee, NSTISSAM TEMPEST/2-95: RED/BLACK Installation Guidance, December 1995 — the institutional installation-guidance standard.
10. Markus G. Kuhn and Ross J. Anderson, Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations, Information Hiding: Second International Workshop (1998), pp. 124–142 — the principal academic treatment of intentional-emanation covert-channel exploitation.