1 February 2000. Thanks to PG and A.

Pointers to early research on TEMPEST are welcomed: jy@cryptome.org.


Date: Sun, 23 Jan 2000 14:40:26 GMT
From: Antonomasia <ant@notatla.demon.co.uk>
To: cryptography@c2.net
Subject: Re: How Old Is TEMPEST?

pgut001@cs.auckland.ac.nz (Peter Gutmann):

> I was reading an early-80's paper on OS security and it mentioned
> some work from the 1950's on this.  I've heard comments about knowledge
> of Tempest issues during this time from various people, but this is
> the earliest reference I've found in a published article.  If I can
> re-locate the source I'll post a reference to it.

  Edited by Lance J Hoffman of UCB
  Security and Privacy in Computer Systems
  Wiley 1973
  ISBN 0471 40611 2

This book covers publicly-available crypto of the period (looks very weak now)
and "rings" by Robert Graham and civil liberties threats involving data
storage and aggregation.

Page 77

Passive infiltraton may be accomplished by wiretapping or by electomagnetic
pickup of the traffic at any point in the system.  Although considerable
effort has been applied to counter such threats to defense communications,
nongovernmental approaches to information privacy usually assume that
communication lines are secure, when in fact they are one of the most
vulnerable parts of the system.

Page 84

In addition to the spectrum of threats arising from wiretapping, electro-
magnetic radiation from terminals must be considered.[12]  Electromagnetic
radiation characteristics will depend heavily on the type of terminal,
and may in some cases pose serious shielding and electrical-filtering
problems.  More advanced terminals using cathode ray tube for information
display may create even greater problems in trying to prevent what has been
called "tuning in the terminal on Channel 4."

12. R.L. Dennis, Security in computer environment, SP2440/000/01,
    System Development Corporation, August 18, 1966 [See below.]

Another chapter has (starting on page 101) a section called "THE PARADOX OF
THE SECRECY ABOUT SECRECY" where it says:

It should be noted that this Memorandum has been purposely written to be
unclassified ... the only background information used is that found in the
unclassified literature ...

So can anyone say whether there are interesting things in that ref 12 ?


Source: Hardcopy from Charles Babbage Institute Center for the History of Information Processing, University of Minnesota, Minneapolis, MN; The System Development Corporation Collection.

This is an excerpt on electromagnetic radiation of computers (TEMPEST) from a 31-page computer security report.


                               UNCLASSIFIED

                                                        AD 640 648


   SECURITY IN THE COMPUTER ENVIRONMENT

    Robert L. Dennis

    System Development Corporation Santa 
    Monica, California

    18 August 1966

    Processed for . . .

    DEFENSE DOCUMENTATION CENTER 
    DEFENSE SUPPLY AGENCY

------------------------------------------------------------------------------

    This document is being distributed by the Clearinghouse for Federal
    Scientific and Technical Information, Department of Commerce, as a
    result of a recent agreement between the Department of Defense (DOD)
    and the Department of Commerce (DOC).

    The Clearinghouse is distributing unclassified, unlimited documents
    which are or have been announced in the Technical Abstract Bulletin
    (TAB) of the Defense Documentation Center.

------------------------------------------------------------------------------

                                  SECURITY
                                   IN THE
                            COMPUTING ENVIRONMENT

                              Robert L. Dennis

                               August 18, 1966


                       SYSTEM DEVELOPMENT CORPORATION
                              2500 COLORADO AVE
                           SANTA MONICA, CALIFORNIA 
                                    90406


                    A Summary of the Quarterly Seminar, Research
                    Security Administrators - June 17, 1965
                    Santa Monica, California


------------------------------------------------------------------------------

August 18, 1966                       -1-                       SP-2440/000/01
                                (Page 2 Blank)



                                 INTRODUCTION

On June 17, 1965, System Development Corporation hosted a conference in behalf
of the Research Secuity Administrators to look further at the problems of
safeguarding classified information in relation to coputers and computer
technology. The meeting was the second of what is hoped will be a series of
conferences to explore the many aspects of this general subject, ranging from
the security aspect of time sharing to the protection of computer storage media.

This summary is a digest of the presentations made by the panelists and includes
some floor discussion on various topics as they were given. Research Security
Administrators would welcome comments on this paper as well as suggestions of
ways and means to best continue and broaden the extent and scope of these
studies.

------------------------------------------------------------------------------
[Snip pp. 3-15; nothing on EMR.]

------------------------------------------------------------------------------

August 18, 1966                       -16-                      SP-2440/000/01



ELECTROMAGNET1C RADIATION FROM COMPUTERS

Jerome A. Russell, Computation Division, University of California,
Lawrence Radiation Laboratory

I am here to talk about electromagnetic radiation, and this we all have. Every
machine radiates electromagnetic energy beeause of the wires transmitting
current, and magnetic and electrostatic fields are generated by these--they are
all actually little transmitters. The entire machine sends out radiation.
Every time a magnetic tape transport starts and stops, you get wide bands of
transmitted noise.

Our problem is to minimize the possibility of someone outside the fence picking
up these noises, and they can be picked up if you have a sophisticated enough
receiver.

At Livermore we have a radiation problem like everyone else, and you can't say,
"Well, let somebody try to figure out what it all means," because that is not
enough proof it's secure. I would hate to have this task myself; it would be
a life-long job, I am sure. We do take pains to control the radiation as much
as we can. The Edison Company lines coming in are all run through banks which
have shielding in them. We do this to protect the computers, not necessarily
to make the information secure, but it does keep the information from going
back to the power lines.

With the teletype setup, we have a multi-programming or multi-processing system
which we call Octopus. We have twisted pair cables carrying the teletype leads
to the physicists' and mathematicians' offices. These cables are enshielded
according to a classified regulation which says you have to have a shield on it
of a certain nature, and we do. We don't share the telephone facility with
regular voice-lined systems.


[Snip balance of report; nothing on EMR.]


The paper discusses how to compartmentalize files on time-shared computers so that deliberate or accidental access is denied to unauthorized users. While mentioned, encryption of files is not considered an option for denial of access, though the reasons for this are not given in the report.

Other discussion was on how to remove classified data from electronic media -- "cores," "drums," disks and tapes -- to assure that no recovery is possible, even by the most sophisticated laboratory methods. Degaussing devices were novel then (1965): according to the report only one had been approved for classified data removal.

There are indications that discussion of classified matters were omitted from the report.