TEMPEST is an acronym for Transient ElectroMagnetic Pulse Emanation Standard.  A tempest filter eliminates conducted EMI (Electro Magnetic Interference) information.  Most electronic equipment inadvertently emits EMI emanations, which could be constructed into usable data if picked up by a skilled electronics expert.  

Tempest Lock

Some commonly compromised sources of information include telephone signals, personal computer data, server information, and countless other sources.  Simply put, data is constantly being leaked through power lines and almost any other outlet that transmits electronic information.  A tempest filter protects your sensitive data (commonly referred to by tech junkies as “red” data) by filtering information across a much wider range of available frequencies than other standard filters.

The military and other branches of defense use EMI to protect some of our nation’s most sensitive data.  Everything from personal medical information, to top-secret military operations, and even private diplomatic correspondence are all protected by using some form of an advanced TEMPEST filter.  These TEMPEST filters are also available to the public sector.  These filters are perfect for guarding your precious client information, personal banking data, and other sensitive materials.

Collecting data (economic espionage) can occur on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations. These leaking emanations can be used to collect data from others and provides the answer on how to shield equipment against such collection. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC).

Protecting equipment and data from the collection is done with distance, shielding, filtering, and masking. The protection standards mandate elements such as equipment distance from walls, amount of shielding in buildings and equipment, and distance separating wires carrying classified (proprietary) vs. unclassified (public source) materials, filters on cables, and even distance and shielding between wires or equipment and building pipes. Noise can also protect information by masking the actual data.

Two types of emissions must be considered, conducted and radiated.  Noise level, is measured in decibels (dB), which is the measurement standard to rate both conducted and radiated emissions.   Radiated emissions dissipate over distance with physical barriers (walls, etc.), but conducted emissions can transmit for long distances along lines/wire. When protecting data, it is important to take both conducted and radiated emissions into account.

Conducted emissions travel through the data and power lines.  Conducted emissions are typically addressed using a filter, thus precluding data from traveling over power lines when TEMPEST filters are placed on the power line.  TEMPEST filters may range from 60dB to 100+dB in terms of insertion loss (the ability of the filter to suppress emissions).

Radiated emission are typically contained by building a Faraday type cage (shielded enclosure) around the equipment.  Application requirements will determine the level of shielding effectiveness needed.  In many military applications, where data is classified and under attack by state-sponsored actors, 100+dB of insertion loss is required.  In other applications where there are several layers of building materials and other elements that provide shielding, e.g. server housings, the shielding effectiveness may not have to be as stringent. 

While much of this protection is about leaking electromagnetic emanations, it also encompasses sounds and mechanical vibrations. For example, it is possible to log a user’s keystrokes using the motion sensor inside smartphones.  Compromising emissions are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any information-processing equipment.

TEMPEST Standards

Current the United States and NATO Tempest standards define three levels of protection requirements:

  • NATO SDIP-27 Level A (formerly AMSG 720B) and USA NSTISSAM Level I
    This is the strictest standard for devices that will be operated where it is assumed that an attacker has almost immediate access (e.g. neighboring room, <1 meter distance).
  • NATO SDIP-27 Level B (formerly AMSG 788A) and USA NSTISSAM Level II
    This is a slightly relaxed standard for devices that are operated where it is assumed that an attacker cannot get closer than about 20 meters (or where building materials ensure an attenuation equivalent to the free-space attenuation of this distance).
  • NATO SDIP-27 Level C (formerly AMSG 784) and USA NSTISSAM Level III
    An even more relaxed standard for devices operated where attackers have to deal with the equivalent of 100 meters of free-space attenuation (or equivalent attenuation through building materials).
    Additional standards include:
  • NATO SDIP-29 (formerly AMSG 719G)
    This standard defines installation requirements, for example in respect to grounding and cable distances.
  • AMSG 799B
    Defines an attenuation measurement procedure, according to which individual rooms within a security perimeter which then determines what shielding test standard is required for equipment that processes secret data in these rooms.

Shielding Requirements

A declassified specification for shielded enclosures has shielding values, requiring, and a minimum of 100 dB insertion loss from 1 KHz to 10 GHz. 

Certification

The information-security agencies of several NATO countries publish lists of accredited testing labs and of equipment that has passed these tests:

  • In Canada: Canadian Industrial TEMPEST Program
  • In Germany: BSI German Zoned Products List
  • In the UK: UK CESG Directory of Infosec Assured Products, Section 12
  • In the U.S.: NSA TEMPEST Certification Program

The US Army also has a Tempest testing facility, as part of the U.S. Army Information Systems Engineering Command, in Arizona. Similar lists and facilities exist in other NATO countries.

Tempest certification must apply to an entire system, not just to individual components, since connecting a single unshielded component (such as a cable or device) to an otherwise secure system could dramatically alter the system RF characteristics.

Standards require maintaining distance or installing shielding between circuits and equipment used to handle plaintext classified or sensitive information that is not encrypted (RED) and secured circuits and equipment (BLACK), the latter including those carrying encrypted signals. Manufactures of TEMPEST-approved equipment must be done under careful quality control to ensure that additional units are built exactly the same as the units that were tested. Changing even a single wire can invalidate the tests.

One aspect of Tempest testing that distinguishes it from limits on spurious emissions (e.g., FCC Part 15) is a requirement of absolute minimal correlation between radiated energy or detectable emissions and any plaintext data that are being processed.

LED indicators on computer equipment can be a source of compromising optical emanations.  Almost all modems flash an LED to show activity, and it is common for the flashes to be directly taken from the data line. As such, a fast optical system can easily see the changes in the flickers from the data being transmitted down the wire.

Research has shown it is possible to detect the radiation corresponding to a keypress event from not only wireless (radio) keyboards, but also from traditional wired keyboards, and even from laptop keyboards.

In 2014, researchers introduced “AirHopper”, a bifurcated attack pattern showing the feasibility of data exfiltration from an isolated computer to a nearby mobile phone, using FM frequency signals.

In 2015, “BitWhisper”, a Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations was introduced. “BitWhisper” supports bidirectional communication and requires no additional dedicated peripheral hardware.

Later in 2015, researchers introduced GSMem, a method for exfiltrating data from air-gapped computers over cellular frequencies. The transmission – generated by a standard internal bus – renders the computer into a small cellular transmitter antenna.

In February 2018, research was published describing how low-frequency magnetic fields can be used to escape sensitive data from Faraday-caged, air-gapped computers with malware code-named ’ODINI’ that can control the low-frequency magnetic fields emitted from infected computers by regulating the load of CPU cores.

MPE Filters

MPE Limited’s range of TEMPEST pluggable filters have been designed for use within TEMPEST applications, where protection compliant to SDIP-29 and equipment hardening to SDIP-27 is required. Utilizing ultra-reliable self-healing capacitors, all units deliver optimum performance across the full frequency range and under all loading conditions. The filter range has been designed for use within unprotected power environments to ensure fitting and electrical installation is as quick and simple as possible.

DESCRIPTION

  • TEMPEST SP&N filters providing the performance to support installation SDIP-29 protection
  • EMI and signal suppression supporting equipment compliance to SDIP-27
  • Insertion loss of 60dB from 100kHz to 1GHz
  • 6A & 13A BS1363 3 pin plug & socket outlets
  • 32A IEC 60309 ‘Commando’ connector input & socket outlets
  • *alternatively terminated filters (e.g. Powercon, Schuko, IEC etc.) are available upon request
  • Designed to IT equipment safety standard EN60950-1
  • Fully 360 screened 2-meter input cable to maintain red/black separation to filter
  • Low Smoke Zero Halogen (LSZH) rated cabling for use in sensitive areas
  • Self-healing metalized plastic film capacitors
  • Rugged magnetic stainless steel enclosure
  • 6A and 13A designs of the filter are downline tolerable to a personal protection RCCD
  • CE compliant
  • Simple mechanical and electrical installation

 

RATINGS AND CHARACTERISTICS

Rated Voltage                                                             250V ac 50/60Hz

Test Voltage (line – earth)                                           2250V dc

Test Voltage (line – line)                                             1250V dc

Rated Current, Iat 50°C                                           6A, 13A, 32A

Earth Leakage Current:                                              6A & 16A less than 3.5mA, 32A less than 35mA

Maximum Temperature Rise on Full Load                 25˚C

Operating Temperature Range                                  -25˚C to 50˚C

Insertion Loss (50Ω, asymmetric)                              60dB from 100 kHz to 1GHz

Discharge Time                                                          Less than 1s to below 34V

Enclosure                                                                   Stainless steel

Finish                                                                          Natural, brushed