Forwarded message:
Subject: Re: SOFT TEMPEST Date: Mon, 09 Feb 1998 16:44:52 +0000 From: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk>
The software that displays the license number plus activation instance random code in your windows toolbar as an easy receivable spread spectrum barcode would have to take care of this depending on how exactly your license agreement is formulated. This can be resolved in many ways.
Has your technique been verified by any 3rd parties who are not affiliated with you or your firm? Do you expect to do any public demonstrations of this technology in the near future? Would it be possible to arrange for a indipendant 3rd party to receive a test setup for evaluation?
The technique of hunting software license violators via Tempest monitoring is not really targeted at providing 100% accurate and reliable identification of abuse at any point of time as
That's good. The thought that given current technology a signal reception van could pull one monitors display out of a building that could potentialy have 1,000+ pc's (my last job had about 1500/floor and 3 floors) at a range of say 200 ft. is truly incomprehensible. If it works that is a feat worth many laurels.
(e.g., has bought a single copy of an expensive CAD software but uses it on over 80 workstations all day long), which then can justify to get court relevant proof by traditional means of police investigation.
You show up in my companies parking lot without my permission and start snooping you'll be the one sitting in jail facing industrial espionage charges. Any defence lawyer worth a damn would be able to blow this out of the water, private citizens don't have the right to invade my privacy any more than police without a warrant - and that take probable cause.
One obvious countermeasure are Tempest shielded computers or rooms,
It's the monitors that need shielded, the computers already sit in a Faraday cage. Simple copper screen glued to the inside of the monitor case with a paper sheild and then grounded will resolve that problem. Be shure to put a grounded screen on the front of the tube as well (similar to those radiation shields that some companies make that don't work because they aren't grounded).
Another countermeasure are software reverse-engineering and modifying the broadcast code. This is around as difficult as removing dongle checking code: Not impossible, but for the majority of users too inconvenient.
A simple Gunn Diode oscillator driving a broad-band 100W rf amplifier will swamp any signal you could hope to catch. Cost, about $250 ea. With the new low-power transmitter rulings there wouldn't be much anyone could do about it either.
an interesting application. Tempest research requires some expensive equipment (special antennas, very high-speed DSP experimental systems, an absorber room, etc.).
Gee, and to think that when I've done this sort of stuff I only used a Commodore 1702 composite monitor and some rf amplifiers and filters... Duh, silly me. Any claim that it can *only* be done with lots of money is almost always wrong. ____________________________________________________________________ | | | The most powerful passion in life is not love or hate, | | but the desire to edit somebody elses words. | | | | Sign in Ed Barsis' office | | | | _____ The Armadillo Group | | ,::////;::-. Austin, Tx. USA | | /:'///// ``::>/|/ http://www.ssz.com/ | | .', |||| `/( e\ | | -====~~mm-'`-```-mm --'- Jim Choate | | ravage@ssz.com | | 512-451-7087 | |____________________________________________________________________|