Article | REF: E1345 V1

Electromagnetic spying – TEMPEST Risks, analysis, validation and standards

Authors: Alain ALCARAS, Jean-François GAENG

Publication date: February 10, 2024

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

Overview

Français

ABSTRACT

Protection of sensitive information can fail because of electromagnetic leakage emitted by electronic system treating this information. Management of the electromagnetic spying risk constitutes the TEMPEST domain, to protect sensitive information which can be recovered at distance by electromagnetic radiation or electric conduction. This article shows for a hostile people the possibility to get information treated by electronic devices, the creation and analysis of the compromising emanations, their characterization and their reduction. Equivalences and differences between TEMPEST domain and EMC domain are shown.

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHORS

Alain ALCARAS: Radio/CEM Expert - Technical Department, Thales/SIX/RCP/TAP, Cholet, France
Jean-François GAENG: TEMPEST expert - Thales/SIX/ITS/DES, Gennevilliers, France

INTRODUCTION

The TEMPEST risk concerns the problem of electromagnetic anti-compromission, i.e. the electromagnetic leakage of confidential information and the capture of compromising signals associated with this information by ill-intentioned people.

The victims of this electromagnetic espionage are the users of confidential information processed in a civil or military operational system via electrical or electronic equipment. This information is transformed into compromising electrical signals in the equipment. Then, through the phenomena of electrical and electromagnetic coupling, these transformed signals leak outside a secure perimeter, and can be intercepted by hostile individuals.

After Part 1, which introduces the TEMPEST domain, Part 2 presents concrete examples of the risk of TEMPEST interception of confidential information.

Part 3 then describes the phenomenology of the TEMPEST risk in terms of the coupling topologies between confidential signals and leaks outside the security perimeter. Definitions of TEMPEST risk terms shared by experts in the field and in TEMPEST standards are given.

To reduce or eliminate these risks, parts 4 and 5 present the conduct of theoretical risk analyses and performance validations at system, subsystem and equipment level. These two parts present the TEMPEST engineering processes, methods and resources for study (calculations/simulations) and validation (tests/measurements).

Part 6 deals with the French and international standards that frame and guide the TEMPEST field.

Part 7 provides a comparative description of TEMPEST risks/activities and EMC risks/activities. This comparison shows that the TEMPEST field is part of the EMC field in the broadest sense; some of the TEMPEST resources, methods and standards are borrowed from the EMC world. In particular, TEMPEST skills and expertise mainly require qualifications and experience in EMC, as well as knowledge of radio and signal processing.

The acronyms used are listed at the end of the article.

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors

+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year

From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

KEYWORDS

TEMPEST | electromagnetic compromising countermeasures | CEM

CAN BE ALSO FOUND IN: