tech-reports@cl.cam.ac.uk
07-25-2004, 02:49 AM
Publication announcement:
Compromising emanations: eavesdropping risks of computer displays
Markus G. Kuhn
Technical report UCAM-CL-TR-577, University of Cambridge,
Computer Laboratory, December 2003, 167 pages.
This document is now available at
http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-577.pdf
Abstract:
Electronic equipment can emit unintentional signals from which
eavesdroppers may reconstruct processed data at some distance. This has
been a concern for military hardware for over half a century. The
civilian computer-security community became aware of the risk through
the work of van Eck in 1985. Military "Tempest" shielding test standards
remain secret and no civilian equivalents are available at present. The
topic is still largely neglected in security textbooks due to a lack of
published experimental data.
This report documents eavesdropping experiments on contemporary computer
displays. It discusses the nature and properties of compromising
emanations for both cathode-ray tube and liquid-crystal monitors. The
detection equipment used matches the capabilities to be expected from
well-funded professional eavesdroppers. All experiments were carried out
in a normal unshielded office environment. They therefore focus on
emanations from display refresh signals, where periodic averaging can be
used to obtain reproducible results in spite of varying environmental
noise.
Additional experiments described in this report demonstrate how to make
information emitted via the video signal more easily receivable, how to
recover plaintext from emanations via radio-character recognition, how
to estimate remotely precise video-timing parameters, and how to protect
displayed text from radio-frequency eavesdroppers by using specialized
screen drivers with a carefully selected video card. Furthermore, a
proposal for a civilian radio-frequency emission-security standard is
outlined, based on path-loss estimates and published data about radio
noise levels.
Finally, a new optical eavesdropping technique is demonstrated that
reads CRT displays at a distance. It observes high-frequency variations
of the light emitted, even after diffuse reflection. Experiments with a
typical monitor show that enough video signal remains in the light to
permit the reconstruction of readable text from signals detected with a
fast photosensor. Shot-noise calculations provide an upper bound for
this risk.
--
University of Cambridge, Computer Laboratory,
Technical Reports (ISSN 1476-2986)
http://www.cl.cam.ac.uk/TechReports/
Compromising emanations: eavesdropping risks of computer displays
Markus G. Kuhn
Technical report UCAM-CL-TR-577, University of Cambridge,
Computer Laboratory, December 2003, 167 pages.
This document is now available at
http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-577.pdf
Abstract:
Electronic equipment can emit unintentional signals from which
eavesdroppers may reconstruct processed data at some distance. This has
been a concern for military hardware for over half a century. The
civilian computer-security community became aware of the risk through
the work of van Eck in 1985. Military "Tempest" shielding test standards
remain secret and no civilian equivalents are available at present. The
topic is still largely neglected in security textbooks due to a lack of
published experimental data.
This report documents eavesdropping experiments on contemporary computer
displays. It discusses the nature and properties of compromising
emanations for both cathode-ray tube and liquid-crystal monitors. The
detection equipment used matches the capabilities to be expected from
well-funded professional eavesdroppers. All experiments were carried out
in a normal unshielded office environment. They therefore focus on
emanations from display refresh signals, where periodic averaging can be
used to obtain reproducible results in spite of varying environmental
noise.
Additional experiments described in this report demonstrate how to make
information emitted via the video signal more easily receivable, how to
recover plaintext from emanations via radio-character recognition, how
to estimate remotely precise video-timing parameters, and how to protect
displayed text from radio-frequency eavesdroppers by using specialized
screen drivers with a carefully selected video card. Furthermore, a
proposal for a civilian radio-frequency emission-security standard is
outlined, based on path-loss estimates and published data about radio
noise levels.
Finally, a new optical eavesdropping technique is demonstrated that
reads CRT displays at a distance. It observes high-frequency variations
of the light emitted, even after diffuse reflection. Experiments with a
typical monitor show that enough video signal remains in the light to
permit the reconstruction of readable text from signals detected with a
fast photosensor. Shot-noise calculations provide an upper bound for
this risk.
--
University of Cambridge, Computer Laboratory,
Technical Reports (ISSN 1476-2986)
http://www.cl.cam.ac.uk/TechReports/