[LUGA] Mit freundlicher Unterstützung von:

Mail Thread Index

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[luga] Tempest attacks

aus: comp.risks

Date: Sun, 8 Feb 1998 18:34:18 -0800
From: Martin Minow <minow@apple.com>
Subject: Markus Kuhn and Ross Anderson's Soft Tempest

An interesting article on "Software Tempest" -- here's a short
notice posted by Peter Gutmann to the Cryptography e-mail list:

> There's a fascinating paper on software anti-TEMPEST (and, in general,
> TEMPEST-related) measures by Markus Kuhn and Ross Anderson available
> from http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf.  It describes
> both how to make TEMPEST eavesdropping difficult using only software,
> and how to build TEMPEST-friendly software.

A much longer and more detailed announcement (with some background notes by
one of the authors) was posted by John Young to the Cypherpunks e-mail list.

> To: ukcrypto@maillist.ox.ac.uk
> Subject: It is really me - the story of Soft Tempest
> Date: Sun, 08 Feb 1998 15:09:40 +0000
> From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>

$The Washington Post$ gives a highly distorted account of some very
important scientific work we have done. I suggest that list members read our
paper - <www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf> - for themselves before
getting carried away.

The story is as follows. Bill G gave our department $20m for a new building,
and his people said that what they really wanted from our group was a better
way to control software copying.  So it would have been rather churlish of
us not to at least look at their `problem'.

Now the `final solution' being peddled by the smartcard industry (and
others) is to make software copying physically impossible, by tying program
execution to a unique tamper-resistant hardware token. We wouldn't like to
see this happen, and we have already done a lot to undermine confidence in
the claims of tamper-proofness made by smartcard salesmen.

So Markus and I sat down and tried to figure out what we could do for the
Evil Empire. We concluded that

(1)  large companies generally pay for their software;
(2)  if you try to coerce private individuals, the political backlash
     would be too much;
(3)  if the Evil Empire is to increase its revenue by cracking down on
     piracy, the people to go after are medium-sized companies.

So the design goal we set ourselves was a technology that would enable
software vendors to catch the medium-sized offender - the dodgy freight
company that runs 70 copies of Office 97 but only paid for one - while being
ineffective against private individuals.

We succeeded.

In the process we have made some fundamental discoveries about Tempest. Army
signals officers, defence contractors and spooks have been visibly
flabberghasted to hear our ideas or see our demo.

In the old days, Tempest was about expensive hardware - custom equipment to
monitor the enemy's emissions and very tricky shielding to stop him doing
the same to you. It was all classified and strictly off-limits to the open
research community.

We have ended that era. You can now use software to cause the eavesdropper
in the van outside your house to see a completely different image from the
one that you see on your screen. In its simplest form, our technique uses
specially designed `Tempest fonts' to make the text on your screen invisible
to the spooks. Our paper tells you how to design and code your own.

There are many opportunities for camouflage, deception and misconduct.  For
example, you could write a Tempest virus to snarf your enemy's PGP private
key and radiate it without his knowledge by manipulating the dither patterns
in his screen saver. You could even pick up the signal on a $100 short wave
radio. The implications for people trying to build secure computer systems
are non-trivial.

Anyway, we offered Bill G the prospect that instead of Word radiating the
text you're working on to every spook on the block, it would only radiate a
one-way function of its licence serial number.  This would let an observer
tell whether two machines were simultaneously running the same copy of Word,
but nothing more. Surely a win-win situation, for Bill and for privacy.

But Microsoft turned down our offer. I won't breach confidences, but the
high order bit is that their hearts are set on the kind of technology the
smartcard people are promising - one that will definitively prevent all
copying, even by private individuals. We don't plan to help them on that,
and I expect that if they field anything that works, the net result will be
to get Microsoft dismembered by the Department of Justice.

Meantime we want our Soft Tempest technology to be incorporated in as many
products as possible - and not just security products!

So to Rainier Fahs, who asked:

> If these rumors are true, I guess we will face a similar discussion on
> free availability in the area of TEMPEST equipment. Does privacy
> protection also include the free choice of protection mechanism?

I say this: our discovery, that Tempest protection can be done in software
as well as hardware, puts it beyond the reach of effective export
control. So yes, you now have a choice. You didn't before,

Ross Anderson

  [Tempest foo-gets! PGN]

powered by LINUX the choice of a gnu generation
linux user group austria;
Letzte Änderung:
September 2010