At 9:19 PM -0800 2/8/98, Ryan Lackey wrote:
I'm a bit busy until at least after FC '98, or I'd do it myself. One of my goals is to keep my laptop as secure as possible, and that's an application where TEMPEST shielding is rather prohibitive.
Really? You think so? You think TEMPEST treatment of laptops is more expensive than of normal machines? The physics suggests just the opposite: the RF emissions from laptops are expected to be lower from first principles, and, I have heard, are measurably much lower. (I say "have heard" because I don't have any access to RF measurement equipment...I once spent many hours a day working inside a Faraday cage, but that was many years ago.) The first principles part is that the deflection yokes in a CRT are the largest radiated component of what got named "van Eck radiation." (I'd just call it RF, but whatever.) Laptops are missing this component. (It might be interesting to see the radiated RF numbers for various kinds of flat panel displays.) The emission from the keyboard would have to be looked at, of course. Also, laptops, being so small, are easy to shield with mesh bags. An inelegant approach would be to bend copper sheeting to form an enclosure. A more elegant approach might be to take one of the tight-fitting laptop cases (like the Silicon Sports "Wetsuit") and use it as a pattern for a case made of conductive mesh fabric...or even something like aluminum screen. Several layers would be even better. But before going this route, I'd want to see some measurements. Laptops might already be "quiet enough." (Measurements are needed to determine the effectiveness of any proposed RF shielding anyway, so....) Finally, for a number of years there have been proposals for viewing screens built into glasses or goggles. "Crystal Eyes" was one of them. Another was a replacement for standard EGA screens (this was 4-6 years ago). These were being announced during the period when virtual reality (VR) was expected to dominate...that hasn't happened, yet. With some of these glasses, gargoyle-style, one could completely encase the laptop in a shielded case (like a Zero Haliburton) and then use a palm keypad... Speaking of this sort of approach, a lower-tech version might be to use a palmtop, like the HP 95LX, as a remote terminal to a machine completely shielded. (The laptop could be in a shielded enclosure, or backpack, with the 95LX snaked to it with cables.) Given the battery operation, the long battery life (which says radiated RF is likely to be under control), the LCD display, etc., this should be pretty good against eavesdroppers. I haven't yet looked at the Ross Anderson paper, but some things bother me about it. It seems unlikely that a "TEMPEST font" will affect keyboard and main CPU board noise. Also, in a multiple window environment, with several active windows, and with the target window being of varying sizes, I'm not quite sure I buy the idea that a remote sensing of the content of one window is very easy to pull off. But I'll take a look at what Ross has to say. --Tim May Just Say No to "Big Brother Inside" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^3,021,377 | black markets, collapse of governments.