At 08:19 PM 10/31/98 -0800, Tim May wrote:
Not to beat an NDA horse but while we're waiting for NSA to process our FOIA request for TEMPEST docs, are there products available to shield a desktop box, or better, a laptop? I haven't been following this FOIA request for TEMPEST docs. It seems
At 3:44 PM -0800 10/31/98, John Young wrote: pointless, for several reasons: 1. No doubt a lot of stuff will be classified, and FOIA can't break classification, generally.
Yup. Most of it's SECRET COMSEC or CONFIDENTIAL COMSEC. The parts I'm aware of cover making equipment not radiate, blocking radiation that does occur, and making sure signals don't leak between the red and black sides. There's presumably much more secret documentation at NSA about how to spy on stuff, and there's no way you'll get any of that.
2. The physics is what's important, not TEMPEST specs on specific pieces of equipment the government may be using, etc.
That too. TEMPEST, like other security problems, depends a lot on your threat models - you need a lot quieter equipment if there's an NSA Antenna Van parked in your driveway than if you're out in an empty field with nobody around for miles. What the equipment specs tell you is what the military thinks is adequate protection for typical threat environments, such as defense contractor office buildings or low-tech battlefields. The last time I checked, which was 8-10 years ago, there was a lot of TEMPEST-certified equipment on the market, though many of the vendors would only sell to the government and businesses working on TEMPEST-requiring government contracts. The main things on the market back then were - Room/building enclosure technology, so you could put lots of regular computer equipment in a big shielded room. This includes heavy-duty filtering of power supplies; our equipment was quite happy with it's nice clean power feeds. - Shielded minicomputers - basically stuck in rack-sized versions of room enclosures, with fiber-optic comm lines or shielded cables. - Quiet PCs, which generally had heavier metal cases, shielded cables, rather heavy keyboards, and lots of shielding in the monitors. They tended to cost about $5000 more than the equivalent non-TEMPEST PC. I don't know how the market is today, but it's probably a LOT more work to quiet and/or shield a 400MHz Pentium2 than a 4.77Mhz 8086 - higher frequency signals have shorter wavelengths, so they can leak through smaller holes, and the newer Pentiums probably put out a lot more energy above 3GHz than 8086s did, which means that centimeter-long cracks can leak signals. At the time, the rule of thumb for room shielding was that you wanted 100dB attenuation; the actual specs were more complex than that, and presumably classified. We did our routine measurements using a 450MHz transmitter, which would let us find any leaks that evolved from wear&tear on our doors or wiring mistakes on our comm or power gear (like forgetting to screw some lid on tight enough), but the TEMPEST contractors did the official complex measurements. This was a significant change from Vietnam-era shielding, which was typically copper mesh that provided 60dB attenuation Just using a regular laptop isn't enough; I've seen laptops transmit recognizable images to a television (though I was probably using AC power rather than batteries, and may or may not have had the display mode set to LCD-and-monitor.) Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639