Electronics Guide

Electromagnetic Emanations

Electromagnetic emanations are the most significant source of information leakage from electronic equipment. These emanations occur across a wide frequency spectrum from extremely low frequencies through microwave frequencies. Video display units are particularly vulnerable, as the raster scan signals can be reconstructed to reproduce the displayed image. Computer processors emit patterns that correlate with the instructions and data being processed. Data cables act as antennas, radiating signals that can be detected at considerable distances.

Conducted emissions also pose threats. Signals can couple onto power lines, grounding systems, and signal cables, allowing interception from distant points on shared infrastructure. Even supposedly isolated systems can leak information through power consumption patterns observable on electrical distribution networks. High-speed digital signals create broadband emissions that can extend well into the gigahertz range, making detection and analysis possible with relatively simple equipment.

Acoustic Emanations

Acoustic emanations from electronic equipment can reveal processed information. Keyboard acoustic emanations allow reconstruction of typed text by analyzing the unique sound signature of each key. Impact printers produce sounds that directly correspond to printed characters. Disk drives emit acoustics that reveal data access patterns. Even solid-state equipment can produce audible or ultrasonic emissions from components like inductors, capacitors, and piezoelectric elements that vary with the processed data.

Laser microphones and vibration sensors can detect acoustic emanations from outside secure facilities. Windows, walls, and ventilation ducts can carry acoustic information to monitoring points. The combination of acoustic and timing information can sometimes reveal sensitive data even when individual emanations seem innocuous.

Visual Emanations

Visual information leakage occurs when displays or indicators can be observed through windows, reflections, or optical surveillance. This includes not only direct viewing of screens but also reflections from glasses, jewelry, glossy surfaces, or windows. Tempest Orange (now declassified) described how CRT displays could be observed through laser illumination that detected vibrations of the display face. Modern LCD displays can also be vulnerable to various optical exploitation techniques.

Status indicators, keyboard backlighting, and printer output can all reveal information if observable from outside controlled areas. Even the glow from a computer screen reflected on a user's face or ceiling can potentially reveal information content. Visual TEMPEST countermeasures address these optical pathways for information leakage.

Seismic and Vibration Emanations

Mechanical vibrations from equipment can carry information. Hard disk drives produce distinctive vibration patterns during data access. Cooling fans, pumps, and other rotating equipment can amplitude-modulate their vibrations based on system load and activity. These vibrations can propagate through building structures and be detected with sensitive accelerometers or laser vibrometry.

While seismic emanations generally provide less detailed information than electromagnetic or acoustic channels, they can reveal operational patterns, system activity levels, and timing information that aids other forms of surveillance or analysis.

Radio Frequency Interception

Adversaries use specialized receiving equipment to intercept electromagnetic emanations. Software-defined radios provide flexible, wideband receivers capable of scanning frequency ranges and identifying exploitable signals. Direction-finding equipment locates emission sources. Advanced signal processing techniques extract information from weak or noisy emanations. Correlation techniques can separate compromising signals from background electromagnetic noise.

Van Eck phreaking, named after researcher Wim van Eck who publicly demonstrated the technique, involves reconstructing computer displays from electromagnetic emanations. Modern implementations use digital signal processing to synchronize with the display refresh, filter interference, and reconstruct images in real-time. The technique works at surprising distances with modest equipment investments.

Conducted Signal Injection and Monitoring

Power line monitoring can reveal information through conducted emissions. Attackers may inject probing signals into power or signal lines and analyze the modulation caused by equipment operation. Power analysis attacks against cryptographic implementations examine the correlation between power consumption and cryptographic operations, potentially revealing secret keys. These attacks can be mounted at the equipment, within the facility's electrical system, or even at utility connection points.

Acoustic Surveillance

Laser microphones detect acoustic vibrations by measuring the reflection of laser light from surfaces. Ultrasonic and infrasonic sensors detect emanations beyond human hearing. Signal processing techniques can filter room noise to isolate equipment-specific acoustics. Machine learning algorithms can be trained to recognize keyboard acoustic signatures and predict typed text with high accuracy.

Optical Surveillance

Telescopic observation provides direct viewing of displays through windows. Reflections from buildings, vehicles, and other surfaces can reveal information from unexpected angles. Infrared imaging can sometimes detect display content or paper documents through thermal signatures. Time-of-flight cameras and laser ranging can detect minute vibrations of surfaces that correlate with displayed information.

Shielded Enclosures

Shielded enclosures provide electromagnetic isolation for sensitive equipment and facilities. These range from small equipment cabinets to entire buildings constructed as Faraday cages. Effective shielding requires continuous conductive barriers with no gaps or penetrations that allow electromagnetic leakage. Walls, floors, and ceilings incorporate conductive mesh or solid metal barriers. Doors and access panels use conductive gaskets and multiple contact points to maintain continuity.

Shielding effectiveness is measured in decibels of attenuation across the frequency spectrum. High-security facilities may achieve 100 dB or greater attenuation at critical frequencies. Shielding must address both radiated and conducted paths. Regular inspection and testing ensure shields maintain effectiveness over time as buildings settle, gaskets age, and new penetrations are added.

Screen rooms provide complete electromagnetic isolation for test and operational areas. These modular or constructed rooms incorporate shielding in all surfaces, filtered power and data penetrations, and electromagnetic door seals. Personnel entering screen rooms may pass through electromagnetic portal monitors to prevent introduction of unauthorized electronic devices.

Filtered Power Systems

Power line filters prevent conducted emissions from leaving protected areas and block injected interference from entering. These filters incorporate series inductance and shunt capacitance to attenuate high-frequency signals while passing power-frequency currents. Installation must ensure the filter forms part of the shield boundary, with proper grounding and no bypass paths.

Isolation transformers provide galvanic separation between equipment and external power networks. The transformers incorporate electrostatic shields between windings to minimize capacitive coupling of high-frequency signals. Motor-generator sets provide complete electrical isolation, generating new power within the protected area from mechanical energy. This prevents any conducted signal path to external networks but requires significant infrastructure.

Uninterruptible power supplies (UPS) in protected areas often include filtering and isolation features. The UPS battery bank and inverter system can break conducted paths while maintaining power continuity. Some high-security implementations use dedicated power generation within the secure perimeter.

TEMPEST Certified Equipment

TEMPEST-certified equipment is specifically designed and tested to minimize compromising emanations. This includes computers, displays, printers, communications equipment, and data processing systems that meet emissions standards for classified information processing. Certification levels correspond to the distance at which emanations must be undetectable: from within the equipment case, within the room, at the building perimeter, or beyond.

Design techniques for TEMPEST equipment include extensive internal shielding, filtered interfaces, spread-spectrum clocking to disperse emissions, controlled impedance in signal paths, and careful component selection to minimize emissions. Display systems may use fiber optic connections to separate display drivers from video signals, indirect liquid crystal light modulation, or other technologies that minimize radiated signals.

Modern TEMPEST equipment increasingly uses secure microcontrollers with countermeasures against power analysis and electromagnetic analysis. These devices incorporate randomized operation timing, balanced logic that maintains constant power consumption, and active shielding that generates noise to mask information-bearing signals.

Fiber Optic Data Transmission

Fiber optic cables eliminate electromagnetic emanations from data transmission. Unlike copper cables that act as antennas radiating electromagnetic energy, fiber optics confine optical signals within the fiber core. This makes interception extremely difficult without physical access to tap the fiber. Fiber optic TEMPEST solutions include keyboard connections, display video links, network connections, and data storage interfaces that would otherwise use copper cables.

Complete fiber optic implementations isolate sensitive processing equipment in one location with displays and peripherals in another location, connected only by fibers that pass through the shield boundary. This allows users to work in a normal office environment while processing occurs in a secured, shielded room. Even if the remote display is compromised, no sensitive data exists at that location.

Red/Black Separation

Red/black separation maintains physical and electrical isolation between equipment and circuits processing classified information (red) and those processing unclassified information or connected to external networks (black). Red and black equipment are located in separate areas with physical barriers. Cables use different colors, routing paths, and sometimes different connector types to prevent cross-connection.

Encryption devices form the boundary between red and black systems, accepting classified information on the red side and outputting encrypted data on the black side. These devices undergo stringent testing to ensure no information leakage between sides. Red equipment uses filtered power and shielded housings to prevent emissions. Black equipment may connect to external networks but cannot contain classified information.

Maintenance and service procedures rigorously maintain red/black separation. Black technicians cannot access red equipment. Test equipment used on red systems cannot subsequently connect to black systems without sanitization or destruction. Documentation distinguishes red and black components, and circuit diagrams indicate the red/black boundary.

Zone of Control

The zone of control defines the physical area within which compromising emanations must be contained. This may be the equipment cabinet, the room, the building, or a defined perimeter around the facility. Establishing the zone of control requires understanding the propagation characteristics of emanations and the sensitivity of available interception equipment.

For highly classified information, the zone of control typically extends to the building perimeter or beyond. This requires comprehensive shielding, filtered penetrations, and assessment of all possible leakage paths. For less sensitive information, the zone of control might be the processing room, allowing simpler and less expensive countermeasures.

Security surveys assess whether emanations exceed specified limits at the zone of control boundary. This involves specialized test equipment that measures electromagnetic field strength, conducted emissions on cables, and other emanations. Areas outside the zone of control must not allow detection of compromising emanations even with sophisticated interception equipment.

White Noise and Active Protection

White noise generators produce controlled electromagnetic emissions that mask information-bearing signals. Noise is radiated at frequencies that could carry compromising emanations, making it extremely difficult for adversaries to separate signal from noise. The noise must have sufficient power and bandwidth to provide effective masking without creating interference to legitimate operations.

Acoustic noise generators mask keyboard and other equipment sounds. These may produce random noise, nature sounds, or music that masks the audio signatures of equipment operation. Placement and level must ensure effective masking without creating uncomfortable working conditions.

Active electromagnetic shielding uses driven shield surfaces that cancel external fields. Sensors detect field penetration, and amplifiers drive the shield to create opposing fields that neutralize the detected signals. This technique can provide effective shielding with lighter physical structures than passive shielding alone.

Physical Security Measures

Physical security complements electronic countermeasures. This includes facility design that maintains buffer zones around sensitive areas, window treatments that prevent optical surveillance, acoustic dampening materials in walls and ceilings, and controlled access that limits who can approach sensitive equipment.

Site selection considers electromagnetic background, terrain that provides natural shielding, and distance from potential observation points. Buildings are oriented to limit line-of-sight to sensitive areas. Landscaping and terrain features can provide visual barriers and increase stand-off distance.

Interior layouts position sensitive equipment away from exterior walls and windows. Protected areas are located in building cores when possible. False ceilings and raised floors can incorporate shielding and contain filtered power and communications distribution. Security zones separate areas processing information at different classification levels.

Emissions Testing Equipment

TEMPEST testing requires specialized equipment capable of detecting extremely weak electromagnetic signals across wide frequency ranges. Spectrum analyzers scan for electromagnetic emissions from low frequencies through microwaves. Near-field probes detect localized emissions close to equipment and cables. Antennas designed for different frequency ranges and polarizations receive radiated emissions. Software-defined radios provide flexible signal analysis capabilities.

Test equipment must have sensitivity exceeding potential adversary capabilities, as testing must demonstrate that exploitable signals do not exist rather than merely that they cannot be detected with typical equipment. Calibrated test setups relate measured signal levels to field strength at specified distances. Anechoic chambers provide controlled electromagnetic environments for precise measurements.

Conducted emissions testing uses line impedance stabilization networks (LISN) that provide defined impedance for measurement while isolating test equipment from power line noise. Current probes measure common-mode and differential-mode currents on cables and power lines. These measurements determine whether conducted signals could reveal information.

Test Methodologies

TEMPEST testing follows rigorous methodologies to ensure comprehensive evaluation. Tests operate equipment through representative scenarios that exercise all functions and data patterns. Special test patterns may include worst-case data that maximizes emissions. Multiple frequency bands are analyzed with appropriate antennas and receiver configurations.

Radiated emissions testing scans for signals at various distances and antenna orientations around the equipment or facility. Measurements at the zone of control boundary verify that compromising emanations remain below specified limits. Additional testing at shorter distances characterizes emission sources for corrective action if limits are exceeded.

Conducted emissions testing examines all cables and power connections for signals that correlate with processed information. This includes power cables, network connections, peripheral cables, and grounding conductors. Tests use correlation techniques that determine if conducted signals contain exploitable information rather than merely measuring signal levels.

Security Surveys

Periodic security surveys verify that TEMPEST protections remain effective. Surveys examine physical security, shield integrity, filter operation, equipment configuration, and operational procedures. Electromagnetic measurements confirm that emissions remain within acceptable limits. Changes to facilities, equipment, or operations trigger surveys to assess security implications.

Surveys also assess new threats and exploitation techniques. As adversary capabilities improve, countermeasures may require enhancement. Documented survey results provide baseline measurements for comparison over time, revealing degradation of shielding or filtering that requires correction.

Certification and Accreditation

Facilities and equipment processing classified information undergo formal certification and accreditation. Certification involves testing and analysis to verify all security requirements are met. Documentation describes the system, security features, testing results, and residual risks. Accreditation is the formal authorization to operate based on acceptable risk.

The certification process includes TEMPEST testing, physical security evaluation, personnel security verification, procedures review, and assessment of all potential vulnerabilities. Certifying authorities must be satisfied that risks are acceptable before granting accreditation. Accreditation typically has time limits, requiring recertification on a regular schedule.

National TEMPEST Standards

TEMPEST standards specify requirements for equipment, facilities, and test procedures. In the United States, TEMPEST standards are primarily classified, though some information appears in unclassified documents. NSA TEMPEST documents provide criteria for equipment certification and facility accreditation. Similar standards exist in other nations with classified TEMPEST programs.

TEMPEST levels define protection requirements based on classification level and threat assessment. Higher levels require more stringent countermeasures and testing. Equipment may be certified for specific zones of control corresponding to the distance at which emanations must be undetectable.

NATO TEMPEST Standards

NATO TEMPEST standards (SDIP-27 and SDIP-28 series) provide common requirements for alliance members. These enable sharing of information about certified equipment and mutual recognition of testing. NATO standards address equipment emanations, facility shielding, test procedures, and certification processes. Commercial TEMPEST products often meet NATO standards to enable international sales.

Commercial TEMPEST Programs

Some nations operate unclassified commercial TEMPEST programs. The U.S. formerly had the Commercial TEMPEST Program providing evaluation and listing of commercially available products. Similar programs exist in Germany (BSI TEMPEST Zone Equipment), France, and other countries. These programs enable private sector organizations to procure TEMPEST equipment for protecting sensitive but unclassified information.

Related EMC Standards

While not specifically TEMPEST standards, electromagnetic compatibility (EMC) standards address emissions and immunity. FCC regulations in the United States limit electromagnetic emissions from computing equipment. European CE marking requires EMC compliance. Military standards like MIL-STD-461 specify electromagnetic characteristics of defense electronics. These standards serve different purposes than TEMPEST but use similar test methods and can provide baseline protection.

Procedural Controls

Procedures complement technical controls. These include restrictions on electronic device introduction into protected areas, requirements for TEMPEST-approved equipment, rules for equipment placement and cable routing, and guidelines for window coverings and visual security. Procedures define who may authorize changes to protected systems and how modifications are assessed for security impact.

Maintenance procedures prevent security compromises during service. Removal of equipment from protected areas may require data sanitization. External service personnel may be restricted from certain areas or supervised during work. Test equipment brought into secure areas must be inspected for monitoring devices.

Emissions Monitoring

Continuous or periodic emissions monitoring provides ongoing security assurance. Permanently installed monitoring systems can detect unusual emissions that might indicate equipment malfunction, unauthorized devices, or attempted surveillance. Alert systems notify security personnel of emissions anomalies for investigation.

Monitoring also verifies that countermeasures remain effective. Shield degradation, filter failure, or improper equipment installation could increase emissions over time. Regular monitoring identifies these issues before they create security vulnerabilities.

Risk Assessment and Management

TEMPEST security requires risk-based decisions about protection levels. Complete elimination of all emanations is impractical; instead, emanations must be reduced to levels that provide acceptable risk given the information value and threat assessment. Higher-value information or more capable adversaries require stronger countermeasures.

Risk assessment considers the classification of information, the consequences of compromise, adversary capabilities and motivations, the physical security environment, and the cost and operational impact of countermeasures. Residual risk after countermeasure implementation must be acceptable to information owners and accrediting authorities.

Cost-Effectiveness

TEMPEST countermeasures involve significant costs. Shielded facilities require specialized construction. TEMPEST-certified equipment costs substantially more than commercial equivalents. Operational constraints from red/black separation, filtered connections, and restricted equipment placement affect productivity. Organizations must balance security requirements with practical and economic constraints.

Cost-effective approaches focus protection on the most sensitive information and most vulnerable emanations. Risk assessment identifies where strong countermeasures are essential and where basic protections suffice. Architectural and procedural controls often provide good security at lower cost than extensive shielding. Encryption of information at rest and in motion reduces the sensitivity of emanations, potentially allowing relaxed TEMPEST requirements.

Modern Display Technologies

Modern display technologies present evolving TEMPEST challenges. LCD displays produce different emanations than CRT displays. LED and OLED displays have unique electromagnetic signatures. High-resolution displays at higher refresh rates create broadband emissions. Touch-screen interfaces generate signals from touch sensing electronics. Each technology requires analysis to understand vulnerabilities and develop appropriate countermeasures.

Wireless Technologies

Proliferation of wireless technologies increases emanations concerns. WiFi, Bluetooth, near-field communication, and other wireless interfaces intentionally radiate signals that could be exploited. Even when encrypted, wireless signals reveal presence of equipment, activity levels, and timing information. TEMPEST-secure facilities typically prohibit wireless technologies or require extensive testing and risk assessment before approval.

Side-Channel Analysis

Advanced side-channel analysis techniques extract information from ever-smaller signal variations. Power analysis attacks against cryptographic implementations demonstrate that security can be compromised through careful analysis of power consumption patterns. Electromagnetic analysis uses near-field probes to detect minute emissions from integrated circuits during cryptographic operations. These techniques blur the line between TEMPEST and other security domains, requiring integrated countermeasures.

Software-Defined Radio and AI

Software-defined radio makes sophisticated emissions interception capabilities available at low cost. Machine learning algorithms can detect weak signals in noise, recognize patterns, and extract information from complex emanations. These technologies lower the barrier for adversaries to conduct electromagnetic surveillance, potentially requiring stronger TEMPEST protections.

Quantum Cryptography and Sensing

Quantum technologies may impact both TEMPEST threats and countermeasures. Quantum sensing techniques might detect ever-weaker emanations. Quantum key distribution could provide communications security that reduces reliance on TEMPEST protections. Research continues to assess how quantum technologies will affect emissions security requirements.

Commercial Applications

While TEMPEST originated in the classified world, commercial applications are growing. Financial institutions, healthcare providers, and corporations protecting trade secrets increasingly consider emissions security. Privacy concerns drive interest in preventing electromagnetic surveillance. As awareness grows and technology becomes more accessible, commercial TEMPEST countermeasures may become more common.