TEMPEST

Audio readout of this entry.

Overview

TEMPEST is the oldest continuously operational institutional doctrinal framework in the post-1947 NSA inventory. The framework's operational origins predate the establishment of NSA itself — the institutional discovery of unintentional-emanation exploitation is dated to 1943 Bell Telephone Laboratories work for the US Signal Corps on the operational vulnerability of the Bell 131-B2 mixer device (used with one-time-tape teletype systems including SIGTOT). The post-1949 development across the 1949–58 period produced the formal TEMPEST codename and the institutional doctrinal framework under which TEMPEST has operated since.

The institutional position of TEMPEST within the post-1947 NSA architecture is dual. TEMPEST is simultaneously an offensive-collection capability (the exploitation of foreign-equipment emanations to obtain classified-content access) and a defensive-protection framework (the specification of TEMPEST-shielded US-government equipment to prevent equivalent foreign exploitation of US-equipment emanations). The institutional balance between offensive and defensive operational positions has varied across the post-1958 period, with the contemporary position weighted toward the defensive framework given the proliferation of foreign emanation-collection capability.

Origins

The history of TEMPEST traces to the 1943 Bell Telephone Laboratories work on the operational vulnerability of the Bell 131-B2 mixer device (used with one-time-tape teletype systems including SIGTOT). The discovery — that the 131-B2 operational pattern produced an unintentional electromagnetic emanation that, with sufficiently sensitive collection equipment, encoded the operational state of the equipment — established the institutional foundation that subsequent TEMPEST development built on.

The post-1949 development across the 1949–58 period proceeded through the institutional cooperation of NSA's predecessor agencies (the Armed Forces Security Agency, established 20 May 1949, until 1952; NSA from 1952), documented research at Bell Labs and at the National Security Agency's research facility at Fort Meade, and the expansion of the doctrinal framework to cover the broader category of unintentional-emanation collection. The formalisation of TEMPEST as a named programme is dated to 1958, with the codename's institutional adoption coinciding with the consolidation of the doctrinal framework.

Public emergence: van Eck 1985

The institutional development across the 1958–85 period was conducted under classification — the institutional substance of TEMPEST was classified at the SECRET-or-higher level for substantially the entire period. The institutional public emergence of TEMPEST occurred in 1985 with Dutch researcher Wim van Eck's publication of the academic paper Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? in Computers and Security — the first public academic disclosure of the CRT-monitor electromagnetic-emanation reconstruction technique that became colloquially known as "Van Eck phreaking". The NSA position on the van Eck disclosure was the institutional pattern of neither-confirm-nor-deny; the settled subsequent assessment is that NSA had been operationally exploiting CRT-monitor emanations for decades prior to van Eck's public disclosure.

TEMPEST has expanded across the post-1985 period to address new operational-target categories. The expansion has included LCD-and-OLED-monitor emanation exploitation following the 2003–07 academic research at Cambridge University demonstrating that flat-panel-display emanations permit equivalent operational reconstruction; keyboard-acoustic emanation exploitation following 2004–13 academic research demonstrating reconstruction of typed content from acoustic-emanation collection; cabinet-fan-acoustic and power-line-fluctuation exploitation; and additional categories within the broader side-channel-emanation domain.¹⁴

Electromagnetic-emanation collection

The principal historical TEMPEST operational mode and the most extensively documented in the post-1985 academic literature. The operational substance is collection of electromagnetic emanations from the target equipment using sensitive radio-receiver equipment positioned within sufficient operational range — typically tens to hundreds of metres for typical office-equipment emanation levels, and substantially less for TEMPEST-shielded equipment.

The documented operational reconstruction quality permits the legible reconstruction of CRT-monitor screen content; the reconstruction of LCD-monitor screen content; the reconstruction of laser-printer document content; and adjacent operational categories. Each subsequent academic demonstration has shifted the operational benchmark — the Cambridge LCD work in the early-to-mid 2000s extended the public-record demonstration from CRTs to flat-panel displays, and the post-2010 academic literature has documented the corresponding extension to additional equipment categories.⁴

Acoustic-emanation collection

The documented operational mode covering keyboard-acoustic emanations, cabinet-fan acoustic patterns, and adjacent acoustic-emanation categories. The 2014 academic research by Daniel Genkin, Adi Shamir, and Eran Tromer at Tel Aviv University, RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis (CRYPTO 2014), demonstrated the operational extraction of 4096-bit RSA cryptographic keys through acoustic-emanation collection of the target computer's CPU operation while performing decryption — a foundational demonstration of the institutional principle that mechanical and acoustic emanations encode cryptographic-key state.³

Optical-emanation collection

The documented operational mode covering LED-status-indicator emanations, photodiode emanations, and adjacent optical-emanation categories. The principal academic demonstration is the 2002 Loughry and Umphress paper Information Leakage from Optical Emanations (ACM Transactions on Information and System Security), which documented the reconstruction of network-router-LED-encoded data traffic from a remote position using high-speed photodiode collection.⁵

Power-line-fluctuation collection

The documented operational mode covering the collection of unintentional fluctuations on the target equipment's power-supply line. The reconstruction methodology involves the spectral-analysis identification of the target equipment's operational signature in the power-line-fluctuation pattern. Documented operational reconstructions include CPU-instruction-execution patterns and adjacent operational categories.

Equipment certification standards

The institutional TEMPEST equipment-certification framework is defined in NACSIM 5100A (the earlier standard, commonly dated to 1981) and its 1992 successor NSTISSAM TEMPEST/1-92 (December 1992) and successive standards. The standards specify the maximum permitted emanation levels at specified frequencies for equipment certified at each operational TEMPEST level (Levels I, II, and III, with Level I most restrictive). The certification process requires the operational testing of candidate equipment at NSA-certified test laboratories with the measurement of the equipment's actual emanation levels.²

TEMPEST-shielded SCIF facilities

The broader TEMPEST defensive framework requires that classified-information processing at the sensitive-compartmented-information level occur within TEMPEST-shielded facilities (SCIFs). The TEMPEST-shielding specifications for SCIF construction are defined in Director of National Intelligence Intelligence Community Directive 705 — the institutional standard for SCIF construction — which incorporates the TEMPEST-emanation-shielding requirements as a component of the broader SCIF construction framework. The construction requirements include electromagnetic shielding of the SCIF perimeter (typically through Faraday-cage construction), acoustic isolation of the SCIF working space, restrictions on the routing of unclassified communications through the SCIF, and adjacent construction requirements.⁸

Zone separation

The institutional TEMPEST framework includes a separation-distance specification — the operational requirement that TEMPEST-certified equipment be operated at a defined minimum distance from any institutional location to which foreign personnel have operational access. The documented separation-distance specifications across the institutional history have varied; the post-1992 framework specified separation distances of 20–100 metres depending on the operational classification level and equipment category.⁹

Documented demonstrations

Alleged Cold War embassy operational deployment. The asserted institutional pattern of US-and-Soviet Cold War embassy-located TEMPEST collection has been the subject of substantial subsequent historical commentary. The documented institutional record on the operational pattern is limited; the asserted pattern is that both US and Soviet intelligence services across the 1958–91 Cold War period conducted TEMPEST collection from embassy-and-consular institutional locations against host-country government targets within operational range.

Confirmed Wim van Eck CRT-monitor reconstruction (1985). The 1985 public demonstration by Wim van Eck — conducted with off-the-shelf television-receiver equipment at substantial operational range from a target CRT monitor — established the institutional public-record reconstruction of CRT-monitor screen content. The NSA position on the van Eck demonstration was the institutional pattern of neither-confirm-nor-deny.

Confirmed Subsequent academic-research demonstrations (2003–present). The subsequent academic-research literature across the post-2003 period has produced documented operational reconstruction across substantially every category of electronic-equipment emanation — LCD monitors, laser printers, keyboards, network routers, video cards, hard drives, USB devices, and adjacent equipment categories. The institutional pattern is that academic research has reproduced — substantially with off-the-shelf collection equipment — operational capability that NSA had institutionally classified for decades.

Sources and further reading

1. Wim van Eck, Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?, Computers and Security 4 (1985), pp. 269–286 — the foundational academic disclosure.
2. National Security Agency, NACSIM 5100A (1981) and NSTISSAM TEMPEST/1-92 (December 1992) — the principal institutional TEMPEST equipment-certification standards; both remain largely classified with only limited portions and tables of contents released through FOIA.
3. Daniel Genkin, Adi Shamir, and Eran Tromer, RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, Advances in Cryptology – CRYPTO 2014, pp. 444–461 — the principal subsequent academic demonstration of acoustic cryptanalysis.
4. Markus G. Kuhn, Compromising Emanations: Eavesdropping Risks of Computer Displays, University of Cambridge Computer Laboratory Technical Report UCAM-CL-TR-577, December 2003 — the principal academic treatment of LCD-emanation reconstruction.
5. Joe Loughry and David A. Umphress, Information Leakage from Optical Emanations, ACM Transactions on Information and System Security 5(3) (2002), pp. 262–289 — the principal academic demonstration of LED-emanation reconstruction.
6. National Security Agency, TEMPEST: A Signal Problem, NSA Cryptologic Spectrum, declassified release — the NSA institutional declassified historical account.
7. James Bamford, Body of Secrets: Anatomy of the Ultra-Secret National Security Agency, Doubleday, 2001 — historical reconstruction of TEMPEST institutional development.
8. Director of National Intelligence Intelligence Community Directive 705, Sensitive Compartmented Information Facilities, May 2010 — the contemporary SCIF construction standard incorporating TEMPEST shielding.
9. National Security Telecommunications and Information Systems Security Committee, NSTISSAM TEMPEST/2-95: RED/BLACK Installation Guidance, December 1995 — the institutional installation-guidance standard.
10. Markus G. Kuhn and Ross J. Anderson, Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations, Information Hiding: Second International Workshop (1998), pp. 124–142 — the principal academic treatment of intentional-emanation covert-channel exploitation.