http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html Along with tips and examples. Enjoy, and don't use a CRT in the dark. :-) ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. -------------------------------------------------------------------------
Interesting. Contrary to what I thought (or what has been discussed here), only a 'scalar' of detected light is needed, not a vector. In other words, merely measuring overall radiated intensity over time seems to be sufficient to recover the message. This means that certain types of diffusive materials will not necessarily mitigate against this kind of eavesdropping. However, his discussion would indicate that the various practical concerns and limitations probably limit this to very niche-type applications...I'd bet that it's very rare when such a trechnique is both needed as well as useful, given the time, the subject and the place. -TD
From: Sunder <sunder@sunder.net> To: cypherpunks@al-qaeda.net Subject: Optical Tempest FAQ Date: Thu, 2 Dec 2004 10:27:04 -0500 (est)
http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html
Along with tips and examples.
Enjoy, and don't use a CRT in the dark. :-)
----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. -------------------------------------------------------------------------
IMHO, if you light up two or more other identical CRT's and have them display random junk it should throw enough noise to make it worthless - (and would put out enough similar RF to mess with RF tempest) there might be ways to filter the photons from the other monitors out, but, it would be difficult. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- On Thu, 2 Dec 2004, Tyler Durden wrote:
Interesting. Contrary to what I thought (or what has been discussed here), only a 'scalar' of detected light is needed, not a vector. In other words, merely measuring overall radiated intensity over time seems to be sufficient to recover the message. This means that certain types of diffusive materials will not necessarily mitigate against this kind of eavesdropping.
However, his discussion would indicate that the various practical concerns and limitations probably limit this to very niche-type applications...I'd bet that it's very rare when such a trechnique is both needed as well as useful, given the time, the subject and the place.
-TD
From: Sunder <sunder@sunder.net> To: cypherpunks@al-qaeda.net Subject: Optical Tempest FAQ Date: Thu, 2 Dec 2004 10:27:04 -0500 (est)
http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html
Along with tips and examples.
Enjoy, and don't use a CRT in the dark. :-)
--- Sunder <sunder@sunder.net> wrote:
IMHO, if you light up two or more other identical CRT's and have them display random junk it should throw enough noise to make it worthless - (and would put out enough similar RF to mess with RF tempest) there might be ways to filter the photons from the other monitors out, but, it would
be difficult.
Every resistor/cap is different, as is just about every other electronic component that you might find in either analogue or digital circuits -- including clock crystals. Even VLSI chips cut from the same die will exhibit (very) subtlely different analogue electrical properties as a consequence of their initial physical location on the wafer. Therefore, it is reasonable to expect that otherwise "identical" CRT monitors will exhibit subtle differences in signal timing, amplitude, and phase when their primary and intermediate outputs are examined in detail. If I'm not entirely off the mark, this means that RF tempest gear can in principle differentiate same make-and-model CRT devices. This does not mean that the suggestion is without merit, as it is likely that `jamming' your primary monitor with another will make things somewhat more difficult for an eavesdropper. But that just means that he may have to hook up his antenna directly to the water mains instead of sitting in his van down the street. As to the validity of this strategy to combat optical tempest, I am not sure. I would look up the state-of-the-art in audio-signal filtering to see what can be done today to differentiate similar mixed signals. All in all I would suspect that to get halfway decent jamming, you would have to synchronise your two monitors so that the video frames on each were being started at the same instant, while also using different sources and signals. That is likely beyond the capability of anyone who is not fairly good with electronics; off the top of my head I cannot suggest how I would thing about doing it. Caveat emptor: IANA electrical engineer by any stretch of the imagination, so I may be entirely full of crap without knowing it. Regards, Steve ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
On Thu, Dec 02, 2004 at 12:32:09PM -0500, Tyler Durden wrote:
However, his discussion would indicate that the various practical concerns and limitations probably limit this to very niche-type applications...I'd bet that it's very rare when such a trechnique is both needed as well as useful, given the time, the subject and the place.
-TD
The big problem with this technology (and classic Van Eck electromagnetic interception too) is that more and more folks are using LCD screens or other display devices that do not do single thread raster scans of what they are displaying. Thus no single signal exists to detect with all the pixels of the image in it. In fact the greater hazard may sometimes be from red, yellow or green LEDs on the front of equipment that are directly driven with real data in order to allow troubleshooting - recovering data from one of those at a distance using a good telescope may be possible and most people don't think of the gentle flicker of the LED as carrying actual information that could be intercepted. -- Dave Emery N1PRE, die@dieconsulting.com DIE Consulting, Weston, Mass 02493
On Fri, 3 Dec 2004 01:01:57 -0500, Dave Emery <die@dieconsulting.com> wrote:
... In fact the greater hazard may sometimes be from red, yellow or green LEDs on the front of equipment that are directly driven with real data in order to allow troubleshooting - recovering data from one of those at a distance using a good telescope may be possible and most people don't think of the gentle flicker of the LED as carrying actual information that could be intercepted.
Like this classic. Was just as much fun to reread as it was the first time. :) http://www.google.ca/search?q=cache:YdHPMAbPMeAJ:www.applied-math.org/optical_tempest.pdf+black+tape+over+modem+lights+tempest&hl=en&client=firefox http://www.applied-math.org/optical_tempest.pdf -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Well, the first one's a little "Hey this is scary give us some grant money"-ish. This has zero impact on real-world telecom systems in terms of detecting actual payloads BUT detecting some of the management channel info (via the external DS1 management channel) could actually matter in some cases. I'm still waiting for someone to put a trojan into the telecom control channels causing them to randomly reprovision themselves. That could have an impact that far exceeds mere PR... -TD
From: Chris Kuethe <chris.kuethe@gmail.com> Reply-To: Chris Kuethe <chris.kuethe@gmail.com> To: die@dieconsulting.com CC: Tyler Durden <camera_lumina@hotmail.com>, sunder@sunder.net, cypherpunks@al-qaeda.net Subject: Re: Optical Tempest FAQ Date: Thu, 2 Dec 2004 23:39:33 -0700
On Fri, 3 Dec 2004 01:01:57 -0500, Dave Emery <die@dieconsulting.com> wrote:
... In fact the greater hazard may sometimes be from red, yellow or green LEDs on the front of equipment that are directly driven with real data in order to allow troubleshooting - recovering data from one of those at a distance using a good telescope may be possible and most people don't think of the gentle flicker of the LED as carrying actual information that could be intercepted.
Like this classic. Was just as much fun to reread as it was the first time. :)
http://www.google.ca/search?q=cache:YdHPMAbPMeAJ:www.applied-math.org/optical_tempest.pdf+black+tape+over+modem+lights+tempest&hl=en&client=firefox http://www.applied-math.org/optical_tempest.pdf
-- GDB has a 'break' feature; why doesn't it have 'fix' too?
participants (5)
-
Chris Kuethe -
Dave Emery -
Steve Thompson -
Sunder -
Tyler Durden