TEMPEST is a U.S government code word for a once-classified set of standards for limiting electric or electromagnetic radiation emanations from electronic equipment such as microchips, monitors, or printers. It is a counter-intelligence measure aimed at the prevention of electronic espionage.
The key concept of TEMPEST is "red-black separation", i.e. maintaining distance between equipment used to handle classified or sensitive information (red) and normal unsecured equipment (black).
Basic TEMPEST standards have not been classified since 1995 and today the United States Army acknowledges its TEMPEST testing facility, the U.S. Army Information Systems Engineering Command, at Fort Huachuca, Arizona. The TEMPEST standard NSTISSAM TEMPEST/1-92 is publicly available.
In 1985, Wim van Eck published the first unclassified technical analysis of the security risks of emanations from computer monitors. This paper caused some consternation in the security community, which had previously believed that such monitoring was a highly sophisticated attack available only to governments; van Eck successfully eavesdropped on a real system, at a range of hundreds of metres, using just $15 worth of equipment plus a television set. In consequence of this research such emanations are sometimes called "van Eck radiation", although it is realised that an unknown government researcher had discovered it long before.
In 1998, Ross Anderson and Markus Kuhn discovered that a considerable degree of protection against monitoring of emanations from computer display units could be achieved in software alone, at considerably less expense than traditional TEMPEST rated hardware. Such protections are known as "Soft TEMPEST", and work by filtering out high-frequency components from fonts before rendering them on a computer screen.
See also: computer surveillance, computer insecurity, Echelon, Faraday cage
