-----BEGIN PGP SIGNED MESSAGE----- So, if we're going to try to protect computers from TEMPEST threats, and we don't have access to the multiple government classified standards, we should come up with the Cypherpunks TEMPEST standard. A theoretical definition of what we want to do (strong) is that we should be able to put the equipment in a virtual box, have an empty virtual box, and then nothing anything which is not in the TCB can do can distinguish one box from the other. Perhaps the "empty" box should also contain simulators for the ethernet, visible light output, and straight power draw (harmonics are still to be avoided), or in some other definitional way they should be accounted for. This prevents non-TCB programs from utilizing the EM spectrum as a covert channel. Additionally, we need to protect the user from divulging state information about his TCB. I guess this condition can best be met by simply saying "take the target system and clone its state perfectly. Separate the two systems. Allow the user to modify the state of the target system while you retain the clone -- you do not have a non-negiligible improvement in matching future state using the EM emissions of the first system over not using the EM emissions." I think there is a better way of stating this, though. So, given a workable theoretical definition which defines perfection, it's time to reverse engineer the practical TEMPEST systems (and in so doing perhaps the classified TEMPEST spec) out there. Next time I find a TEMPEST case at swapfest, or at a con, I'll pick it up (if someone wants to ship me one, so much the better). You *can* buy them from some vendors, although they often refuse to sell them to non-government affiliated entities). MIT's quasi-affiliated Draper Labs has proper TEMPEST verification equipment, and I think some places on MIT's campus have some general purpose equipment which can be used for such purposes. If not, I have a copy of NI LabView and some DAQ hardware which, coupled with some antenna frobbery, can be used to do a quick spectrum analyzer, and there's the capacity to do some serious analysis once the data are on the computer. It would be nice to know how good government TEMPEST systems really are. In practice, matching them would probably be enough. The above theoretical definition doesn't really help that much -- in practice, there's going to be some information coming out, and just because you can't figure out how to use it, doesn't mean no one can. I think preventing the covert channel attack might actually go beyond the government's TEMPEST spec -- certainly if a non-TCB program can cause a system reboot, or power up a peripheral, you can detect the change in power draw, unless the system naturally throws away the difference between its max power consumption and its present power consumption all the time. Being able to telegraph even 1 bit of information might be enough, and if you've got an arbitrary precision clock, you could use this method to send an arbitrary codeword from an arbitrary-length codebook given an arbitrary time interval. The rainbow books talked about covert channel elimination being a really hard problem. Now I see even more why they were right. IIRC, it's only at the not-really-commercially-available levels (A1) that covert channels are utterly eliminated; usually they are comfortable just documenting them. Of course, it would probably make a lot of sense to do TEMPEST reverse engineering in a country that has neither an OSA nor the ability to randomly classify research. Yet another project for cypherpunks.to, Lucky? A practical way of approaching theoretical TEMPEST-perfection is just a decent faraday cage with a lead-glass monitor cover, shielded or eliminated cables, and a serious double-conversion UPS. From the government TEMPEST products I've seen, that's all they are (or they use mesh). I've mainly seen thinks like the SafeKeyper, not general purpose computers, though. I don't think Jim was that far off the mark in thinking class B machines are a worthwhile starting point, but it doesn't go anywhere near far enough. ObCrypto: I've been looking at implementing a cipher in a reconfigurable processor. I might even customize one. Yay. ObGuns: I got to use a .22cal nail gun. It was fun. ObPersonalAttacks: There are a lot of people who are not Real US Citizens on this list. Beware the evil multinationalist conspiacy in our midst, good followers of Bill Clinton! ObQuestion: Can the US government deny a passport for no reason to a random US citizen who is not a felon? - -- Ryan Lackey rdl@mit.edu http://mit.edu/rdl/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBNOD8sawefxtEUY69AQG3NQf9GWJjz3pwORa4y5V1YQA/BBAebDJNlnhd gauYxwALwsEIID20Da3x7f/ZZ/ipVH1fhk9SJYGgPK+mtc7HMpPA7WhEfR1awuyE FaP6VrJ18vKy6Cf+JlUbag2w5luQfSlo4o1jK0v6Os3D+PpuDyRN3GUI05dTxKyC +VfS8oiw+SaM455l1knHGnegLZzivCKGS/xXDFD71dl5QCRQsAMBaGrjg0pej8gJ ByiO4X7ae8OdlUytdQpfaNOtJTdSQJ7C3FLjczp9dQKvb7msfQUWzAWG9L8XneUP b6xRF5Ra1JaixfFEJisnP+CfZbtJknvNlffUh+//b17ql8Jz5WsFJg== =IRsn -----END PGP SIGNATURE-----