[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Project Tempest

To: "'SpyKing'" <spyking@con2.com>, TeSt <maxspeed2@yahoo.com>
Subject: RE: Project Tempest
From: Bill Stewart <bill.stewart@pobox.com>
Date: Sun, 20 Jun 1999 18:03:47 -0700
Cc: "cypherpunks@toad.com" <cypherpunks@toad.com>
In-Reply-To: <01BEB9D7.661DF8A0@pub4.mfn.org>
Sender: owner-cypherpunks@toad.com

>On or about the 18th of June, SpyKing pondered... 
>> In researching Project Tempest, I find it unbelievable that the Government
>> would keep specifications of NACSIM 5100A Classified in order to keep 
>> it from the private sector.

TEMPEST standards, including the NACSIM 510x series, talk about
how much electronic emission the equipment the US military uses 
is allowed to put out, what techniques they use to reduce emissions, 
and what shielding techniques they should use to further reduce them.
If you know this stuff, it's easier to evaluate the vulnerability
of their equipment and develop techniques to exploit weaknesses.

Unlike cryptography, where you can develop mathematical certainty
about the strength of your encryption, and where the encryptor wins
because linear gains in cost lead to exponential gains in strength,
and open source lets you find and fix stuff you missed,
electromagnetic shielding is largely an Analog Black Art, 
quality control is on an individual installation by individual installation
basis,
depending on details like whether you tightened every screw enough
but not too much and stuffed enough copper-wool into the joints
and copper-tape around the outsides to block any leaks you noticed,
and technical gains are more likely to favor the eavesdropped by
finding signals at frequencies you didn't block well enough
than to favor the protector who's trying to keep things quiet
while the folks at Intel keep doubling clock frequencies every year.

60dB copper screen was enough during Vietnam but obsolete by the mid 80s;
100dB shielding was enough to handle Vaxes and 4.7MHz PCs,
and the penetrations we used to run fiber optics or air vents
tested fine at 500MHz, not that there was really any signal energy
at such amazingly high frequencies, and they were really good at much higher.
But now that you can buy 500MHz computers and 2.4GHz cordless phones at
Radio Shack,
wavelengths that used to come from your microwave oven are carrying
actual signals around your computer and out the windows.

Meanwhile, as information and logistics become more and more computerized,
they're becoming increasingly critical parts of modern warfare,
and they're more dependent on Commercial Off The Shelf equipment
to get the economies of scale they need to run a modern little war,
and running more things on Microsoft OSs than Compartmented Mode
Workstation Unix,
so cracking gets easier as well, and the opposition is more likely
to have skilled crackers.

Not bloody surprising they've tried to keep this stuff secret.



				Thanks! 
					Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

References:
- RE: Project Tempest
  - From: "J.A. Terranson" <sysadmin@mfn.org>

Prev by Date: Re: newbie questions
Next by Date: Bar Codes for the Body
Prev by thread: RE: Project Tempest
Next by thread: Re: Project Tempest
Index(es):
- Date
- Thread