Authored by: Nika Amralah, Innovation and Engineering Research Lead
Introduction: What is TEMPEST?
The use of electronic devices for storing, sharing, and viewing digital information is common in the modern world. Since computers and other IT equipment generate electromagnetic fields, there is an unavoidable vulnerability to signal leakage unless countermeasures are applied. TEMPEST is the term used to refer to the unintentional compromising emanations from electronic equipment.
The exploitation of leakage emissions from malicious third parties can lead to devastating results and may potentially pose a risk to individuals, organizations, or national security. Protecting users from digital eavesdropping is therefore imperative in both private and professional applications.
One of the most troubling aspects of a TEMPEST attack is the fact that the adversary leaves no trace of a breach, and the victim is not aware of the eavesdropping. This means that the emanations can be exploited for a prolonged period without risk of discovery.
TEMPEST Risks
The most compromising digital signals have been evaluated to be from equipment communications ports, with video display signals considered to be particularly vulnerable [1]. Some typical examples include USB (Universal Serial Bus), HDMI (High-Definition Multimedia Interface) VGA (Video Graphics Array), and DVI (Digital Visual Interface) ports.
Figure 1 shows the results of a TEMPEST demonstration. It is not difficult to identify that the reconstructed images are from a user’s email program and calendar application. It is the information on the screen of a video-displaying target device that is at risk of being compromised by a malicious attacker’s setup. Depending on what the victim is viewing at the time of the attack, sensitive information can unknowingly become compromised.
The equipment needed to run a TEMPEST attack is alarmingly minimal, inexpensive, and easily accessible. Figure 2 presents the basic setup used to produce the compromising image reconstructions that were previously shown in Figure 1.
An adversary laptop is used to run open-source software that identifies unintentional signal transmissions and has a video display for reconstruction. These types of software are available freely on the internet, and in the wrong hands, can be used for the exploitation of digital information.
The software-defined radio (SDR) is one of the key components of the setup in Figure 2 and is connected to both the laptop and the receive antenna. Many possible antennas may be used, even something as simple as a TV antenna has shown to be successful [2], [3], [4]. Other popular antenna choices for TEMPEST experiments in literature are log-periodic or Yagi-Uda antennas [5].
It is important to note that the setup shown in Figure 2 is not unique, since there are many possible arrangements and selections of equipment that can produce a TEMPEST threat. However, because of the availability and growing popularity of software-defined radios, the setup in Figure 2 is a simple example of how inexpensive equipment can be used to exploit emanation vulnerabilities. Due to rapid technological development and the availability of receivers like SDRs, TEMPEST risks are becoming increasingly widespread.
An example of open-source software run on the laptop during a TEMPEST attack is shown in Figure 3. This is the TempestSDR program from [3]. In the case shown, the target device is a standard high-definition computer monitor with a resolution of 1920 x 1080. The frequency, based on the particular setup and antenna selected, has been set to 793 MHz. With these settings, the monitor’s screen has been reconstructed and shown in the top-left display of the program.
In early TEMPEST literature, the maximum eavesdropping distance was tested to be approximately 10 m [2]. This represents the furthest separation between a receive antenna and target device that still allows a TEMPEST attack to be successfully accomplished. Recent findings from [6] and [4] have extended the achieved range to 42 m and 80 m, respectively.
Software-based risk mitigation options, as presented in [1]and [7], may include image processing like the use of specialized TEMPEST fonts. This involves the transformation of images into formats that have been tested for difficulty of reconstruction.
Although software-based countermeasures are inexpensive, their implementation requires adjustment to all viewed information which may be impractical. In this method, the emanations themselves are not prevented, rather the readability is reduced.
There are also several hardware-based countermeasures that may be employed to protect from TEMPEST vulnerabilities. These include radio-frequency (RF) filtering, jamming, and shielding [7]. RF filtering reduces or prevents contamination at the source, while jamming is an active countermeasure to disrupt an attacker’s efforts by generating additional disruptive emanations. Shielding is one of the most effective TEMPEST countermeasures since it contains emanations within a space and acts as a barrier to protect a target from an external threat. Shielding may be in the form of TEMPEST hardened equipment or a shielded structure, where the former requires the placement of all existing IT equipment, while the latter allows the use of current equipment within a shielded room. The implementation of TEMPEST risk mitigation using shielded enclosures is further explained in the section to follow.
Risk Mitigation Using Shielded Enclosures
A shielded enclosure is an effective method of isolating equipment from TEMPEST vulnerabilities through an electromagnetic barrier. Rather than preventing or jamming emanations, the use of a shielded enclosure allows any equipment to operate within the secure space, while providing protection from interception of compromising unintentional transmissions using a physical structure.
With sufficient building space and appropriate structural support, there is no limit to the potential size of an electromagnetically shielded enclosure. In Figure 4, a single workspace-sized shielded enclosure is shown. This allows the user to operate regular IT equipment such as a laptop in the enclosure without the risk of the unintentional emanations exiting the space and being compromised by a TEMPEST attack. The solution in Figure 4 has the advantage of being a mobile workspace, which means that a secure space can be deployed on-site as required.
An example of a larger shielded enclosure, capable of housing multiple workstations, is shown in Figure 5. This setup allows for additional equipment and personnel to occupy the secure space than the example shown in Figure 4. Compared to the mobile single workstation, the example in Figure 5 is a fixed structure within a parent building and can represent a permanent office space.
Figure 5 also demonstrates the design selections and architectural finishes that can enhance the usability and practicality of a shielded enclosure. The space is equipped with lighting fixtures, power receptacles, HVAC (Heating, Ventilation, and Air Conditioning) systems, and floor treatments. Although not pictured, additional options to improve the workspace include wall finishes, ceiling treatments, and internal dividers to create distinct zones for equipment and personnel.
Conclusion
The widespread risk of TEMPEST attacks from emanation vulnerabilities can risk the security of confidential or proprietary information. Unintentional transmissions from electronics can be captured by an unauthorized party and reconstructed into readable images. If the victim is handling sensitive information, the accidental interception and disclosure of this information can result in detrimental consequences.
TEMPEST countermeasures may involve software or hardware solutions, with shielded enclosures being one of the most effective methods of protecting against TEMPEST threats. The use of a shielded enclosure contains emanations from equipment operating within and provides an electromagnetic barrier from adversaries.
References
[1] I. Kubiak, A. Boitan and S. Halunga, “Assessing the Security of TEMPEST Fonts against ElectromagneticEavesdropping by Using Different Specialized Receivers,” Applied Sciences, vol. 10, pp. 1-18, 2020.
[2] W. van Eck, Electromagnetic Radiation from VideoDisplay Units: An Eavesdropping Risk?, Leidschendam: Elsevier Science Publishers B.V. (North-Holland), 1985.
[3] M. Marinov, Remote video eavesdropping using a software-defined radio platform, University of Cambridge, St. Edmund’s College, 2014.
[4] P. De Meulemeester, B. Scheers and G. A. E.Vandenbosch, “Eavesdropping a (Ultra-)High-DefinitionVideo Display from an 80 Meter Distance Under RealisticCircumstances,” in IEEE International Symposium onElectromagnetic Compatibility & Signal/Power Integrity,2020.
[5] M. G. Kuhn, “Security Limits for CompromisingEmanations,” International Association for CryptologicResearch, pp. 265-279, 2005.
[6] F. Elibol, U. U. Sarac and I. Erer, “Realisticeavesdropping attacks on computer displays with low-cost and mobile receiver system,” in European Signal ProcessingConference (EUSIPCO), 2012.
[7] H. Tanaka, “Evaluation of Information Leakage via Electromagnetic Emanation and Effectiveness of Tempest, “The Institue of Electronics, Information and Communication Engineers Transactions, Vols. E91-D, no. 5, pp. 1439-1446, 2008.