Overview
ABSTRACT
Protection of sensitive information can fail because of electromagnetic leakage emitted by electronic system treating this information. Management of the electromagnetic spying risk constitutes the TEMPEST domain, to protect sensitive information which can be recovered at distance by electromagnetic radiation or electric conduction. This article shows for a hostile people the possibility to get information treated by electronic devices, the creation and analysis of the compromising emanations, their characterization and their reduction. Equivalences and differences between TEMPEST domain and EMC domain are shown.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHORS
-
Alain ALCARAS: Radio/CEM Expert - Technical Department, Thales/SIX/RCP/TAP, Cholet, France
-
Jean-François GAENG: TEMPEST expert - Thales/SIX/ITS/DES, Gennevilliers, France
INTRODUCTION
The TEMPEST risk concerns the problem of electromagnetic anti-compromission, i.e. the electromagnetic leakage of confidential information and the capture of compromising signals associated with this information by ill-intentioned people.
The victims of this electromagnetic espionage are the users of confidential information processed in a civil or military operational system via electrical or electronic equipment. This information is transformed into compromising electrical signals in the equipment. Then, through the phenomena of electrical and electromagnetic coupling, these transformed signals leak outside a secure perimeter, and can be intercepted by hostile individuals.
After Part 1, which introduces the TEMPEST domain, Part 2 presents concrete examples of the risk of TEMPEST interception of confidential information.
Part 3 then describes the phenomenology of the TEMPEST risk in terms of the coupling topologies between confidential signals and leaks outside the security perimeter. Definitions of TEMPEST risk terms shared by experts in the field and in TEMPEST standards are given.
To reduce or eliminate these risks, parts 4 and 5 present the conduct of theoretical risk analyses and performance validations at system, subsystem and equipment level. These two parts present the TEMPEST engineering processes, methods and resources for study (calculations/simulations) and validation (tests/measurements).
Part 6 deals with the French and international standards that frame and guide the TEMPEST field.
Part 7 provides a comparative description of TEMPEST risks/activities and EMC risks/activities. This comparison shows that the TEMPEST field is part of the EMC field in the broadest sense; some of the TEMPEST resources, methods and standards are borrowed from the EMC world. In particular, TEMPEST skills and expertise mainly require qualifications and experience in EMC, as well as knowledge of radio and signal processing.
The acronyms used are listed at the end of the article.
Exclusive to subscribers. 97% yet to be discovered!
Already subscribed? Log in!
KEYWORDS
TEMPEST | electromagnetic compromising countermeasures | CEM
CAN BE ALSO FOUND IN:
Electromagnetic spying
Context
Article included in this offer
"Security of information systems"
(
86 articles
)
Updated and enriched with articles validated by our scientific committees
A set of exclusive tools to complement the resources
Bibliography
Exclusive to subscribers. 97% yet to be discovered!
Already subscribed? Log in!
