Thermal Imaging Decision Applicable to TEMPEST?

Wed Jun 13 10:07:13 PDT 2001

> John Young says:
> ...I suspect that signal analysis,
> as with cryptanalysis, will be always able to find a way to get
> around obscurity. If you don't want to be acquired, don't signal.
> Silencio, mafia.

I completely concur, and this happens to be the rule followed for highly
sensitive information.  In fact the general assumption is that if it's
transmitted (wirelessly), it will end up in the wrong hands...so therefore
don't transmit if you don't have to, and if you have to transmit, use
obfuscation and cryptography.

Unless some super secret govt. agency has discovered a new realm of physics
unknown to the "public" physicists (not likely), I have to assume we're all
working with the same general principles/limitations.  Thus if one is
interested in intercepting faint signals from a distance, one needs at least
some of the following:

- noise cancellation.  sophisticated x-ray antenna arrays that focus on the
transmissions of one star out of a cluster of thousands or millions, many
lightyears away, proves the general noise cancellation approach is pretty
good today.  the same principles apply to cancelling the noise interfering
with signals over distances (and if you're only a few hundred feet away, you
don't need huge white antennas :)

- highly focused antennas.  phased array antennas which provide 2 degrees of
focus can be purchased for a few hundred dollars.  I'd have to imagine that
focused antennas providing 1/10 degree of focus are possible (for more
money) so that a particular omni-directional source (whether from monitors
or from wireless networks) could be acquired from hundreds or thousands of
feet away.  In fact, one company I know of (there are many) sells phased
array antennas that can interact with 100-500mw omni-directional antennas
using the 2.4GHz spectrum (802.11x) from 1,000ft to as much as 15 miles away
(the latter using 500mw antenna with clear line of sight.)

- a knowledge of which frequency range to focus in on.  For military vs.
military applications, this is the tricky thing...not knowing which
frequencies are being used or when or how.  For wireless networks we all use
well published frequencies with known handshaking protocols, known
encryption strength, easy to understand encyrption algorithms, etc.

One point not often addressed is the issue of how much security is enough.
An information analogy often used in cryptographic circles is figher pilot
communications vs. tactical battle plans.  A fighter pilot's communications
are generally important for the duration of the engagement and therefore one
only needs enough cryptographic sophistication to protect the communication
for, say, 15 minutes.  Whereas battle plans require enough cryptographic
sophistication to survive, say, 100 years of cryptanalysis(even given
moore's laws.)  This approach not only translates into hardware/software
cost savings, but also cuts back on R&D expenses considerably (for example
the $100M in equipment which landed in China recently probably cost billions
in R&D and hundreds of man-years to develop.)

phillip