Optical TEMPEST

[John Young]

As followup to Ross's reference to TEMPEST in "Security
Engineering," a most interesting paper announced today:

Date: Tue, 5 Mar 2002 15:32:24 -0700 (MST)
From: Joe Loughry <loughry@applied-math.org>
Message-Id: <200203052232.g25MWOK29335@twister.applied-math.org>
To: cryptography@wasabisystems.com
Subject: Information Leakage from Optical Emanations

A new paper describing a successful attack against compromising
*optical* emanations ("optical TEMPEST") has been accepted for
publication in ACM Transactions on Information and System Security.

The full paper will not appear until later this year, but we
thought you might like a heads-up.  The paper is available in PDF
and compressed Postscript at http://applied-math.org

Abstract:

A previously unknown form of compromising emanations has been
discovered.  LED status indicators on data communication equipment,
under certain conditions, are shown to carry a modulated optical
signal that is significantly correlated with information being
processed by the device.  Physical access is not required; the
attacker gains access to all data going through the device, including
plaintext in the case of data encryption systems.  Experiments show
that it is possible to intercept data under realistic conditions at
a considerable distance.  Many different sorts of devices, including
modems and Internet Protocol routers, were found to be vulnerable.
A taxonomy of compromising optical emanations is developed, and
design changes are described that will successfully block this kind
of "Optical Tempest" attack.

-Joe Loughry
Lockheed Martin Space Systems

-----

As followup to my inquiry about Ergonomic Theory in cryptanalysis,
Peter Wright wrote there was report on successful progress in 
the methodology in a 1986 Guardian article -- a report we are
eager to see.