Editing Tempest (codename) (section)

==Public research==
In 1985, [[Wim van Eck]] published the first unclassified technical analysis of the security risks of emanations from [[computer monitor]]s. This paper caused some consternation in the security community, which had previously believed that such monitoring was a highly sophisticated attack available only to [[governments]]; Van Eck successfully eavesdropped on a real system, at a range of hundreds of [[metre]]s, using just $15 worth of equipment plus a [[television]] set.

As a consequence of this research, such emanations are sometimes called "Van Eck radiation", and the eavesdropping technique [[Van Eck phreaking]], although government researchers were already aware of the danger, as [[Bell Labs]] noted this vulnerability to secure [[teleprinter]] communications during [[World War II]] and was able to produce 75% of the plaintext being processed in a secure facility from a distance of {{convert|80|ft|m|abbr=off}}<ref>{{cite web|title=A History of U.S. Communications Security (Volumes I and II)"; David G. Boak Lectures|work=National Security Agency |year= 1973 |url= https://www.governmentattic.org/2docs/Hist_US_COMSEC_Boak_NSA_1973.pdf |page= 90}}</ref> Additionally the NSA published ''Tempest Fundamentals, NSA-82-89, NACSIM 5000, National Security Agency'' (Classified) on February 1, 1982. In addition, the Van Eck technique was successfully demonstrated to non-TEMPEST personnel in [[Korea]] during the [[Korean War]] in the 1950s.<ref>{{Citation|title=1. Der Problembereich der Rechtsinformatik|url=http://dx.doi.org/10.1515/9783110833164-003|work=Rechtsinformatik|year=1977|place=Berlin, Boston|publisher=De Gruyter|doi=10.1515/9783110833164-003|isbn=978-3-11-083316-4|access-date=2020-11-30|url-access=subscription}}</ref>

[[Markus Kuhn (computer scientist)|Markus Kuhn]] has discovered several low-cost techniques for reducing the chances that emanations from computer displays can be monitored remotely.<ref name="Kuhn577">{{cite journal |last= Kuhn |first= Markus G. |author-link= Markus Kuhn (computer scientist) |date=December 2003|title= Compromising emanations: eavesdropping risks of computer displays |journal=Technical Report |issue= 577|publisher= University of Cambridge Computer Laboratory |location= Cambridge, United Kingdom |issn= 1476-2986 |id= UCAM-CL-TR-577 |url= http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdf |access-date= 2010-10-29}}</ref> With [[CRT display]]s and [[analog signal|analog]] video cables, filtering out [[high-frequency]] components from [[typeface|fonts]] before rendering them on a computer screen will attenuate the energy at which text characters are broadcast.{{sfn|Kubiak|2018|pp=582–592|ps=: Very often the devices do not have enough space on the inside to install new elements such as filters, electromagnetic shielding, and others. [...] a new solution [...] does not change the construction of the devices (e.g., printers, screens). [...] based on computer fonts called TEMPEST fonts (safe fonts)</b>. In contrast to traditional fonts (e.g., Arial or Times New Roman), the new fonts are devoid of distinctive features. Without these features the characters of the new fonts are similar each other.}}{{sfn|Kubiak|2019|pp=|ps=: Computer fonts can be one of solutions supporting a protection of information against electromagnetic penetration. This solution is called „Soft TEMPEST”. However, not every font has features which counteract the process of electromagnetic infiltration. The distinctive features of characters of font determine it. This article presents two sets of new computer fonts. These fonts are fully usable in everyday work. Simultaneously they make it impossible to obtain information using the non-invasive method.}} With modern [[flat panel display]]s, the high-speed digital [[serial interface]] ([[Digital Visual Interface|DVI]]) cables from the [[graphics controller]] are a main source of compromising emanations. Adding random [[noise]] to the [[least significant bit]]s of pixel values may render the emanations from flat-panel displays unintelligible to eavesdroppers but is not a secure method. Since DVI uses a [[8b/10b encoding|certain bit code scheme]] that tries to transport a balanced signal of 0 bits and 1 bits, there may not be much difference between two pixel colors that differ very much in their color or intensity. The emanations can differ drastically even if only the last bit of a pixel's color is changed. The signal received by the eavesdropper also depends on the frequency where the emanations are detected. The signal can be received on many frequencies at once and each frequency's signal differs in [[contrast (vision)|contrast]] and [[brightness]] related to a certain color on the screen. Usually, the technique of smothering the RED signal with noise is not effective unless the power of the noise is sufficient to drive the eavesdropper's receiver into [[saturation (telecommunications)|saturation]] thus overwhelming the receiver input.

[[Light-emitting diode|LED]] indicators on computer equipment can be a source of compromising optical emanations.<ref>J. Loughry and D. A. Umphress. [http://applied-math.org/acm_optical_tempest.pdf Information Leakage from Optical Emanations] (.pdf file), [http://portal.acm.org/citation.cfm?doid=545186.545189 ACM Transactions on Information and System Security], Vol. 5, No. 3, August 2002, pp. 262-289</ref> One such technique involves the monitoring of the lights on a [[modem|dial-up modem]]. Almost all modems flash an LED to show activity, and it is common for the flashes to be directly taken from the data line. As such, a fast optical system can easily see the changes in the flickers from the data being transmitted down the wire.

Recent research<ref>{{cite web |first1=Martin |last1=Vuagnoux |first2=Sylvain |last2=Pasini |url=http://lasecwww.epfl.ch/keyboard/ |title=Compromising radiation emanations of wired keyboards |publisher=Lasecwww.epfl.ch |access-date=2008-10-29 |archive-date=2019-09-25 |archive-url=https://web.archive.org/web/20190925122931/https://lasecwww.epfl.ch/keyboard/ |url-status=dead }}</ref> has shown it is possible to detect the radiation corresponding to a keypress event from not only [[wireless]] (radio) keyboards, but also from traditional wired keyboards [the PS/2 keyboard, for example, contains a microprocessor which will radiate some amount of radio frequency energy when responding to keypresses], and even from laptop keyboards. From the 1970s onward, Soviet bugging of US Embassy [[IBM Selectric]] typewriters allowed the keypress-derived mechanical motion of bails, with attached magnets, to be detected by implanted magnetometers, and converted via hidden electronics to a digital radio frequency signal. Each eight character transmission provided Soviet access to sensitive documents, as they were being typed, at US facilities in Moscow and Leningrad.<ref>{{cite web |first=Sharon |last=Maneki  |url=https://www.nsa.gov/Portals/70/documents/news-features/declassified-documents/cryptologic-histories/Learning_from_the_Enemy.pdf |title=Learning from the Enemy: The GUNMAN project|publisher=Center for Cryptologic History, [[National Security Agency]]|quote=All of the implants were quite sophisticated. Each implant had a magnetometer that converted the mechanical energy of key strokes into local magnetic disturbances. The electronics package in the implant responded to these disturbances, categorized the underlying data, and transmitted the results to a nearby listening post. Data were transmitted via radio frequency. The implant was enabled by remote control.[...] the movement of the bails determined which character had been typed because each character had a unique binary movement corresponding to the bails. The magnetic energy picked up by the sensors in the bar was converted into a digital electrical signal. The signals were compressed into a four-bit frequency select word. The bug was able to store up to eight four-bit characters. When the buffer was full, a transmitter in the bar sent the information out to Soviet sensors.|date=8 January 2007 |access-date=30 January 2019}}</ref>

In 2014, researchers introduced "AirHopper", a bifurcated attack pattern showing the feasibility of data exfiltration from an isolated computer to a nearby mobile phone, using FM frequency signals.{{sfn|Guri|Kedma|Kachlon|Elovici|2014|pp=58–67}}

In 2015, "BitWhisper", a Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations was introduced. "BitWhisper" supports bidirectional communication and requires no additional dedicated peripheral hardware.{{sfn|Guri|Monitz|Mirski|Elovici|2015|pp=276–289}} Later in 2015, researchers introduced GSMem, a method for exfiltrating data from air-gapped computers over cellular frequencies. The transmission - generated by a standard internal bus - renders the computer into a small cellular transmitter antenna.{{sfn|Guri|Kachlon|Hasson|Kedma|2015}} In February 2018, research was published describing how low frequency magnetic fields can be used to escape sensitive data from Faraday-caged, air-gapped computers with malware code-named ’ODINI’ that can control the low frequency magnetic fields emitted from infected computers by regulating the load of CPU cores.{{sfn|Guri|Zadov|Elovici|2018|pp=1190-1203}}

In 2018, a class of [[side-channel attack]] was introduced at [[Association for Computing Machinery|ACM]] and [[Black Hat Briefings|Black Hat]] by [[Eurecom]]'s researchers: "Screaming Channels".<ref>{{cite journal |last1=Camurati |first1=Giovanni |last2=Poeplau |first2=Sebastian |last3=Muench |first3=Marius |last4=Hayes |first4=Tom |last5=Francillon |first5=Aurélien |title=Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers |journal=Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS) |date=2018 |volume=CCS '18 |pages=163–177 |url=http://www.s3.eurecom.fr/docs/ccs18_camurati_preprint.pdf}}</ref> This kind of attack targets [[Mixed-signal integrated circuit|mixed-signal chips]] — containing an [[Analogue electronics|analog]] and [[Digital electronics|digital]] [[Electronic circuit|circuit]] on the same [[silicon die]] — with a [[radio transmitter]]. The results of this architecture, often found in [[Internet of things|connected objects]], is that the digital part of the chip will leak some metadata on its computations into the analog part, which leads to metadata's leak being encoded in the [[Background noise|noise]] of the radio transmission. Thanks to [[Signal processing|signal-processing]] techniques, researchers were able to extract [[cryptographic keys]] used during the communication and [[decrypt]] the content. This attack class is supposed, by the authors, to be known already for many years by governmental [[intelligence agencies]].