Ken Williams jkwilli2 at
Mon Nov 16 05:21:46 PST 1998




Just because you're paranoid doesn't mean they aren't out to get you. Most computer users would be startled to realize that somebody 
parked outside their home with the right kind of (very expensive) receiving equipment can read the data that appear on their computer 
screens. The receiver uses the monitor's radio emanations to reconstruct the screen's contents. The <A HREF="">U.S. 
Department of State</A> and other organizations spend a fortune buying shielded hardware to defeat these signals, known as Tempest <A 
HREF="">radiation</A>, after the code name for a government program aimed at tackling it.

Now Ross Anderson, a computer scientist at the University of Cambridge, and graduate student Markus 
G. Kuhn say they have developed methods for controlling Tempest radiation. What's different about their techniques is that they run in 
software, making them much cheaper and easier to deploy.

The story began, Anderson says, when Microsoft made its $20-million investment in Cambridge's 
computer science lab and said the company was particularly interested in ways to control software piracy. Most approaches call for some 
kind of copy protection; Anderson's idea was to design something that would enable detection of offenders rather than prohibit copying, 
which is a nuisance loathed by consumers. Their concept was to make computer screens broadcast the serial number of the software in use. 
In principle, properly equipped vans could patrol business districts looking for copyright infringements. In researching the broadcast 
idea, Anderson and Kuhn came up with fundamental discoveries about Tempest.

In particular, they observed that emissions relating to screen content are mostly found in the higher bands--above 30 megahertz, in the 
UHF and VHF bands. So altering those frequencies could change the Tempest radiation.

Anderson and his colleagues have fashioned a couple of prototypes that rely on different frequency-alteration methods. One of the lab's 
prototypes, built using a black-and-white video display capable of monitoring and receiving Tempest radiation, filters the top 
frequencies. As a result, the fonts become unreadable to the eavesdropping receiver. On-screen, the fonts look comfortably legible and 
nearly normal. Filtering text requires display software that supports grayscale representation of fonts, but most computers have this 
ability. Therefore, Anderson believes this technology could be easily built into existing machines, although the fonts' interference with 
graphics makes it more likely they would be included in a security product than in, say, a general operating system.

The second prototype takes advantage of the display technique known as dithering, a method of mixing extra colors from a limited palette 
based on the principle that if the dots that make up the display are small enough, the human eye will perceive the mix as a solid color. 
Given a monitor of today's high resolutions, the human eye cannot distinguish between a solid medium gray and a pattern of 
black-and-white pixels that adds up to the same gray. But the pattern of black and white is much easier for the snooping receiver to 
detect, one consequence being that the computer could be programmed to broadcast a different signal from the one that actually appears on 
the screen. The demonstration on display at Anderson's lab serves as a nice example, in which the word "Oxford" on the display appears as 
"Cambridge" on the receiver.

Aside from stemming electronic eavesdropping, these prototypes could open the way to new types of security attacks on computers, Anderson 
and Kuhn suggest. A virus could be designed to find and then broadcast information stored on a machine without a user's knowledge. The 
game of spy versus spy goes on.

WENDY M. GROSSMAN is a freelance writer based in London.

- ----------

yeah,'s old news, but a new article, and from 
"Unscientific Scamerican" no less.


Ken Williams

Packet Storm Security
E.H.A.P. Head of Operations   ehap at
NC State CS Dept   jkwilli2 at

Get Your Private, Free, Encrypted Email at

Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv


More information about the cypherpunks-legacy mailing list