Overview
ABSTRACT
Protection of sensitive information can fail because of electromagnetic leakage emitted by electronic system treating this information. Management of the electromagnetic spying risk constitutes the TEMPEST domain, to protect sensitive information which can be recovered at distance by electromagnetic radiation or electric conduction. This article shows for a hostile people the possibility to get information treated by electronic devices, the creation and analysis of the compromising emanations, their characterization and their reduction. Equivalences and differences between TEMPEST domain and EMC domain are shown.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHORS
-
Alain ALCARAS: Radio/CEM Expert - Technical Department, Thales/SIX/RCP/TAP, Cholet, France
-
Jean-François GAENG: TEMPEST expert - Thales/SIX/ITS/DES, Gennevilliers, France
INTRODUCTION
The TEMPEST risk concerns the problem of electromagnetic anti-compromission, i.e. the electromagnetic leakage of confidential information and the capture of compromising signals associated with this information by ill-intentioned people.
The victims of this electromagnetic espionage are the users of confidential information processed in a civil or military operational system via electrical or electronic equipment. This information is transformed into compromising electrical signals in the equipment. Then, through the phenomena of electrical and electromagnetic coupling, these transformed signals leak outside a secure perimeter, and can be intercepted by hostile individuals.
After Part 1, which introduces the TEMPEST domain, Part 2 presents concrete examples of the risk of TEMPEST interception of confidential information.
Part 3 then describes the phenomenology of the TEMPEST risk in terms of the coupling topologies between confidential signals and leaks outside the security perimeter. Definitions of TEMPEST risk terms shared by experts in the field and in TEMPEST standards are given.
To reduce or eliminate these risks, parts 4 and 5 present the conduct of theoretical risk analyses and performance validations at system, subsystem and equipment level. These two parts present the TEMPEST engineering processes, methods and resources for study (calculations/simulations) and validation (tests/measurements).
Part 6 deals with the French and international standards that frame and guide the TEMPEST field.
Part 7 provides a comparative description of TEMPEST risks/activities and EMC risks/activities. This comparison shows that the TEMPEST field is part of the EMC field in the broadest sense; some of the TEMPEST resources, methods and standards are borrowed from the EMC world. In particular, TEMPEST skills and expertise mainly require qualifications and experience in EMC, as well as knowledge of radio and signal processing.
The acronyms used are listed at the end of the article.
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
KEYWORDS
TEMPEST | electromagnetic compromising countermeasures | CEM
This article is included in
Safety and risk management
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Electromagnetic spying
Bibliography
Standards and norms
NATO TEMPEST test standard: SECAN Doctrine and Information Publication (SDIP 27), TEMPEST Requirements and Evaluation Procedures.
TEMPEST UE test standard: Information Assurance Security Guidelines (IASG 7-03), TEMPEST Requirements and Evaluation Procedures.
TEMPEST Zoning Directive France: Secrétariat Général de la Défense et de la Sécurité Nationale (SGDSN)/Agence...
Directory
Organizations – Federations – Associations (non-exhaustive list)
French Information Systems Security Agency (ANSSI) https://cyber.gouv.fr
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference