Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
tempest and echelon full report
Post: #1

[attachment=1321]
ABSTRACT
TEMPEST and ECHELON are the method of spying in a
sophisticated manner; both are developed by National Security Agency
(NSA) for monitoring the people. These technologies are originally
developed for pure military espionage, but hackers use them now for
spying in to other peopleâ„¢s activities.
Tempest is the technology, which can reproduce what
you are seeing in your monitor, what you are typing in your keyboard
from a couple of kilometers away. It traces all electromagnetic
radiation from the victimâ„¢s monitor, keyboard, even pc memory and hard
disk, then it reproduces the signals. By using this technology it is
possible to intrude (only listening) in to a personâ„¢s computer from a
couple of kilometers away, even it is a computer which is not
Networked and enables the intruder to hack without any connection to
the victimâ„¢s computer.

Echelon is the spying on a large network by sniffing
through the words. It is the ongoing secret project of NSA and itâ„¢s
counterparts in UK, Canada, Australia and New Zealand. It can intercept
as many as 2 million communications per hour through phone calls,
faxes, e-mails, downloads, microwave, cellular, satellite communication
etc..
As quoted above it is developed for military purposes but it is now
used for spying on organizations, business and individuals.
This seminars describes about the various methods
employed in spying with the help of Tempest and Echelon


1. INTRODUCTION
The notion of spying is a very sensitive topic after the
September 11 attack of Terrorists in New York. In the novel 1984,
George Orwell foretold a future where individuals had no expectation of
privacy because the state monopolized the technology of spying. Now
the National security Agency Of USA developed a secret project to spy
on people for keep tracing their messages to make technology enabled
interception to find out the terrorist activities across the globe,
named as Echelon. Leaving the technology ahead of the any traditional
method of interception .
The secret project Developed by NSA (National Security Agency
of USA) and its allies is tracing every single transmission even a
single of keyboard. The allies of USA in this project are UK,
Australia, New Zealand and Canada. Echelon is developed with the
highest computing power of computers connected through the satellites
all over the world. In this project the NSA left the wonderful method
of Tempest and Carnivores behind.
Echelon is the technology for sniffing through the messages
sent over a network or any transmission media, even it is wireless
messages. Tempest is the technology for intercepting the
electromagnetic waves over the air. It simply sniffs through the
electromagnetic waves propagated from any devices, even it is from the
monitor of a computer screen. Tempest can capture the signals through
the walls of computer screens and keystrokes of key board even the
computer is not connected to a network. Thus the traditional way of
hacking has a little advantage in spying.

For the common people it is so hard to believe that their
monitor can be reproduced from anywhere in one kilometer range without
any transmission media in between the equipment and their computer. So
we have to believe the technology enabled us to reproduce anything from
a monitor of computer to the Hard Disks including the Memory (RAM) of a
distant computer without any physical or visual contact. It is done
with the Electromagnetic waves propagated from that device.
The main theory behind the Tempest(Transient Electromagnetic
Pulse Emanation Standard.) is that any electronic or electrical devices
emit Electromagnetic radiations of specific key when it is operated.
For example the picture tube of computer monitor emits radiations when
it is scanned up on vertical of horizontal range beyond the screen. It
will not cause any harm to a human and it is very small. But it has a
specific frequency range. You can reproduce that electromagnetic waves
by tracing with the powerful equipments and the powerful filtering
methods to correct the errors while transmission from the equipment.
Actually this electromagnetic waves are not necessary for a human being
because it not coming from a transmitter, but we have a receiver to
trace the waves.
For the project named as Echelon the NSA is using
supercomputers for sniffing through the packets and any messages send
as the electromagnetic waves. They are using the advantage of
Distributed computing for this. Firstly they will intercept the
messages by the technology named as the Tempest and also with the
Carnivore. Every packet is sniffed for spying for the USAâ„¢s NSA for
security reasons.

Interception of communications is a method of spying commonly
employed by intelligence services, For an intelligence agency they are
make use of the spies for the secret services for government to provide
the security of government and the people. So they can use any methods
to ensure the security of people including spying, it is not guilt. It
depends on the target we are aiming. To capture the terrorists before
they can make any harm to people, we must keep the technology ahead.
We, Engineers are behind that project of NSA and so we have to aware of
that technology for enabling our INDIA also in this field. Because it
is used mainly by the security agencies and spies all over the world
even though there is a lack of equipments for this purpose. Equipments
for Tempest spying is available in USA and is prohibited of exporting
from there. Some smuggled equipments may be here. But we have to
develop the systems for our Military and Intelligence Agencies for
ensuring the best security for our people.
While Considering about the limitations of the surveillance
system, The issues depends in particular, upon worldwide interception
of satellite communications, although in areas characterised by a high
volume of communications only a very small proportion of those
communications are transmitted by satellite; whereas this means that
the majority of communications cannot be intercepted by earth stations,
but only by tapping cables and intercepting radio signals, something
which -as the investigations carried out in connection with the report
have shown - is possible only to a limited extent; whereas the numbers
of personnel required for the final analysis of intercepted
communications imposes further restrictions; whereas, therefore, the
UKUSA states have access to only a very limited proportion of cable and
radio communications and can analyze an even more limited proportion of
those communications, and whereas, further, however extensive the
resources and capabilities for the interception of communications may
be, the extremely high volume of traffic makes exhaustive, detailed
monitoring of all communications impossible in practice.

2. TEMPEST AND ECHELON
Interception of communications is a method of spying commonly
employed by intelligence services, whereas there can now be no doubt
that the purpose of the system is to intercept, at the very least,
private and commercial communications, and not military communications,
although the analysis carried out in the report has revealed that the
technical capabilities of the system are probably not nearly as
extensive as some sections of the media had assumed.
2.1 The Need for an Interception System
Interception of messages is the major work for the intelligence
agencies all over the world, to keep track of the spies and terrorists
for preserving the security of the country from the leaking of
sensitive documents and the terrorist attacks. By the work of the
intelligence agencies the government is ensuring the security of the
state. For that we have to enable our intelligence agencies with modern
technologies like USA. For that we must setup an interception system.
While developing this we have to consider about the privacy of common
people and industrial organization.

The targets for the ECHELON system developed by the NSA are
apart from directing their ears towards terrorists and rogue states;
ECHELON is also being used for purposes well outside its original
mission. In America the regular discovery of domestic surveillance
targeted at American civilians for reasons of unpopular political
affiliation or for no probable cause at all in violation of the First,
Fourth and Fifth Amendments of the Constitution of America“ are
consistently impeded by very elaborate and complex legal
arguments and privilege claims by the intelligence agencies and the US
government. The guardians and caretakers of their liberties, their duly
elected political representatives, give scarce attention to these
activities, let alone the abuses that occur under their watch. The
other ECHELON targets are political spying and industrial espionage.
The existence and expansion of ECHELON is a foreboding omen
regarding the future of our Constitutional liberties. If a government
agency can willingly violate the most basic components of the Bill of
Rights without so much as Congressional oversight and approval, we have
reverted from a republican form of government to tyranny.
While considering about the political spying we have to
consider many legal issues. It consists of spying the other parties and
the messages sent by them. Since the close of World War II, the US
intelligence agencies have developed a consistent record of trampling
the rights and liberties of the American people. Even after the
investigations into the domestic and political surveillance activities
of the agencies that followed in the wake of the Watergate fiasco, the
NSA continues to target the political activity of unpopular political
groups and our duly elected representatives.
While considering about the Industrial Espionage we have to
discuss we have to redefine the notion of National Security to include
economic, commercial and corporate concerns. Many of the major
companies helped NSA to develop the ECHELON system to tackle the
mammoth task for setting up the largest computing power throughout the
world.
ECHELON is actually a vast network of electronic spy stations
located around the world and maintained by five countries: the US,
England,
Canada, Australia, and New Zealand. These countries, bound together in
a still-secret agreement called UKUSA, spy on each otherâ„¢s citizens by
intercepting and gathering electronic signals of almost every telephone
call, fax transmission and email message transmitted around the world
daily. These signals are fed through the massive supercomputers of the
NSA to look for certain keywords called the ECHELON dictionaries.
For these above reasons our country INDIA must be enabled to
cop with the new interception system. For that we, engineers must do
the work other wise our country will also become vulnerable to any
attacks from the other states. For that reason i am presenting this
seminars.

3 INSIDE TEMPEST
TEMPEST is a short name referring to investigations and studies
of compromising emanations (CE). Compromising emanations are defined as
unintentiorial intelligence-bearing signals which, if intercepted and
analyzed, disclose the national security information transmitted,
received, handled or otherwise processed by any information-processing
equipment. Compromising emanations consist of electrical or acoustical
energy unintentionally emitted by any of a great number of sources
within equipment/systems which process national security information.
This energy may relate to the original message, or information being
processed, in such a way that it can lead to recovery of the plaintext.
Laboratory and field tests have established that such CE can be
propagated through space and along nearby conductors. The
interception/propagation ranges and analysis of such emanations are
affected by a variety of factors, e.g., the functional design of the
information processing equipment; system/equipment installation; and,
environmental conditions related to physical security and ambient noise
"compromising emanations" rather than "radiation" is used because the
compromising signals can, and do, exist in several forms such as
magnetic and/or electric field radiation, line conduction, (signal and
power) or acoustic emissions. More specifically, the emanations occur
as
1. Electromagnetic fields set free by elements of the plaintext
processing equipment or its associated conductors.
2. Text-related signals coupled to cipher, power, signal, control
or other BLACK lines through (a) common circuit elements such as
grounds and power supplies or (b) inductive and capacitive coupling.
3. Propagation of sound waves from mechanical or electromechanical
devices.
4. The TEMPEST problem is not one which is confined to
cryptographic devices; it is a system problem and is of concern for all
equipment which process plaintext national security data.
Sources of TEMPEST Signals:- In practice, the more common types of
compromising emanations (CE )are attenuated RED(A term applied to wire
lines, components, equipment, and systems which handle national
security signals, and to areas in which national security signals
occur.) base band signals, spurious carriers modulated by RED base band
signals, and impulsive emanations.
1) Functional Sources. - Functional sources are those designed for
the specific purpose of generating electromagnetic energy. Examples are
switching transistors, oscillators. Signal generators, synchronizers,
line drivers, and line relays.
2) Incidental Sources - Incidental sources are those which are not
designed for the specific purpose of generating electromagnetic energy.
Examples are electromechanical switches and brush-type motors.
Types of TEMPEST Signals: - In practice, the more common types of CE
(compromising emanations) are attenuated RED base band signals,
spurious carriers modulated by RED base band signals, and impulsive
emanations.

RED Base band Signals -- The most easily recognized CE is the RED base
band signal in attenuated but otherwise unaltered form, since it is
essentially identical to the RED base band signal itself. This
emanation can be introduced into electrical conductors connected to
circuits (within an EUT) which have an impedance or a power source in
common with circuits processing RED baseband signals. It can be
introduced into an escape medium by capacitive or
inductive coupling, and especially by radiation with RED baseband
signals of higher frequencies or data rates.
Modulated Spurious Carriers -- This type of CE is generated as the
modulation of a carrier by RED data. The carrier may be a parasitic
oscillation generated in the equipment, i.e., the chopper frequency of
a power supply, etc. The carrier is usually amplitude or angle-
modulated by the basic RED data signal. or a signal related to the
basic RED data signal, which is then radiated into space or coupled
into EUT external conductors. See Figure below for time and frequency
domain representations.

Figure 1
Impulsive Emanations -- Impulsive emanations are quite common in
Equipment under Tests processing digital signal, and are caused by very
fast mark-to-space and space-to-mark transitions of digital signals.
Impulsive emanations can be radiated into space or coupled into
Equipment under Test external conductors. See Figure 2 below for the
time and frequency domain representations.


Figure 2
Other Types of Emanations -- Most CE resembles one of the types
mentioned thus far. There are, however, other possible types of CE
which are caused by various linear and nonlinear operations occurring
in information-processing equipments and systems. Such CE cannot easily
be categorized. In practice, these emanations often exhibit features
which can frequently be related to one of the three types discussed.
Propagation of TEMPEST Signals: - There are four basic means by which
compromising emanations may be propagated
1) Electromagnetic Radiation
2) Line Conduction
3) Fortuitous Conduction
4) Acoustics
Technology behind the TEMPEST: - We discussed that the TEMPEST uses the
electromagnetic waves propagated from the electronic devices
intentionally or non intentionally. For receiving the texts or data at
the other end we have to screw up to a specific frequency range and
just listen or replicate the data at the other end. Tempest is the
technology, which can reproduce what you are seeing in your monitor,
what you are typing in your keyboard from a couple of kilometres away.
It traces all electromagnetic radiation from the victimâ„¢s monitor,
keyboard, even pc memory and hard disk, and then it reproduces the
signals. By using this technology it is possible to intrude (only
listening) in to a personâ„¢s computer from a couple of kilometres away,
even it is a computer which is not Networked and enables the
intruder to hack without any connection to the victimâ„¢s computer.
We discuss techniques that enable the software on a
computer to control the electromagnetic radiation it transmits. This
can be used for both attack and defence. To attack a system, malicious
code can encode stolen information in the machine's RF emissions and
optimize them for some combination of reception range, receiver cost
and covertness. To defend a system, a trusted screen driver can display
sensitive information using fonts which minimize the energy of these
emissions.

When snooping in to a computerâ„¢s VDU, similar periodic
averaging and cross-correlation techniques can be used if the signal is
periodic or if its structure is understood. Video display units output
their frame buffer content periodically to a monitor and are therefore
a target, especially where the video signal is amplified to several
hundred volts. Knowledge of the fonts used with video displays and
printers allows maximum likelihood character recognition techniques to
give a better signal/noise ratio for whole characters than is possible
for individual pixels.
Similar techniques can be applied when snooping on CPUs that
execute known algorithms. Even if signals caused by single instructions
are lost in the noise, correlation techniques can be used to spot the
execution of a known pattern of instructions. Bovenlander reports
identifying when a smartcard performs a DES encryption by monitoring
its power consumption for a pattern repeated sixteen times. Several
attacks become possible if one can detect in the power consumption that
the smartcard processor is about to write into EEPROM. For example, one
can try a PIN, deduce that it was incorrect from the power consumption,
and issue a reset before the non-volatile PIN retry counter is updated.
In this way, the PIN retry limit may be defeated.
Smulders showed that even shielded RS-232 cables can often be
eavesdropped at a distance. Connection cables form resonant circuits
consisting of the induction of the cable and the capacitance between
the device and ground; these are excited by the high-frequency
components in the edges of the data signal, and the resulting short HF
oscillations emit electromagnetic waves.
It has also been suggested that an eavesdropper standing near
an automatic teller machine equipped with fairly simple radio equipment
could pick up both magnetic stripe and PIN data, because card readers
and keypads are typically connected to the CPU using serial links. A
related risk is cross-talk between cables that run in parallel. For
instance, the reconstruction of network data from telephone lines has
been demonstrated where the phone cable ran parallel to the network
cable for only two metres. Amateur radio operators in the neighbourhood
of a 10BASE-T network are well aware of the radio interference that
twisted-pair Ethernet traffic causes in the short-wave bands. Laptop
owners frequently hear radio interference on nearby FMradio
receivers, especially during operations such as window scrolling that
cause bursts of system bus activity. A Virus could use this effect to
broadcast data.
Compromising emanations are not only caused directly by signal
lines acting as parasitic antennas. Power and ground connections can
also leak high frequency information. Data line drivers can cause low-
frequency variations in the power supply voltage, which in turn cause
frequency shifts in the clock; the data signal is thus frequency
modulated in the emitted RFI. Yet another risk comes from `active'
attacks, in which parasitic modulators and data-dependent resonators
affect externally applied electromagnetic radiation: an attacker who
knows the resonant frequency of (say) a PC's keyboard cable can
irradiate it with this frequency and then detect key-press codes in the
retransmitted signal thanks to the impedance changes they cause. In
general, transistors are non-linear and may modulate any signals that
are picked up and retransmitted by a line to which they are connected.
This effect is well known in the counterintelligence community, where
`nonlinear junction detectors' are used to locate radio microphones and
other unauthorised equipment.
Short wave attacks:-
If one wants to spy to a computer, then an important
design criterion is the cost of the receiver. While intelligence
services may already possess phased array antennas and software radios,
such equipment is not yet generally available. The graduate student's
Tempest spying kit is more likely to be just a radio receiver connected
to an audio cassette recorder.
In order to get a computer VDU to produce audible tones on our
radio, we have to design a screen image that causes the VDU beam
current to
approximate a broadcast AM radio signal. If this latter has a carrier
frequency fc and an audio tone with a frequency ft, then it can be
represented as

The timing of a digital video display system is first
of all characterised by The pixel clock frequency fp, which is the
reciprocal of the time, in which the electron beam in the CRT travels
from the centre of one pixel to the centre of its right neighbour. The
pixel clock is an integer multiple of both the horizontal and vertical
deflection frequencies, that is the rate fh = fp/xt with which lines
are drawn and the rate fv = fh/yt with which complete frames are built
on the screen. Here, xt and yt are the total width and height of the
pixel field that we would get if the electron beam needed no time to
jump back to the start of the line or frame. However the displayed
image on the screen is only xd pixels wide and yd pixels high as the
time allocated to the remaining xtyt - xdyd virtual pixels is used to
bring the electron beam back to the other side of the screen.
Attack software can read these parameters directly from
the video controller chip, or find them in configuration files. For
instance, on the ones Linux Workstation, a line of the form
ModeLine "1152x900" 95 1152 1152 1192 1472 900 900 931 939
in the X Window System server configuration file
/usr/lib/X11/XF86Config indicates that the parameters fp = 95 MHz, xd =
1152, yd = 900, xt = 1472 and yt = 939 are used on this system, which
leads to deflection frequencies of fh = 64.5 kHz and fv = 68.7 Hz.
If we de_ne t = 0 to be the time when the beam is in the centre of the
upper left corner pixel (x = 0, y = 0), then the electron beam will be
in the centre of the pixel (x,y) at time

For all 0 _ x < xd, 0 _ y < yd and n 2 IN. Using the above formula with
the frame counter n = 0, we can now calculate a time t for every pixel
(x,y) and set this pixel to an 8-bit greyscale value of [255/2+S(t)+R]
with amplitudes, A = 255/4 and m = 1, where R is in between 0 and 1 is
a uniformly distributed random number that spreads the quantization
noise (dithering) for screen contents generated this way to broadcast
an AM tone.

figure 3
It is not necessary to fill the entire screen with the pattern,
but the energy of the transmitted signal is proportional to the number
of pixels that display it. Ideally, both fc and ft should be integer
multiples of fv to avoid phase discontinuities from one line or frame
to the next.
This will work everywhere in the labs and in nearby rooms,
while reception over longer distances was good so long as the receiver
antenna was held close to power supply lines. As one might expect from
the wavelengths involved, the power lines appear to propagate more RF
energy than the parasitic antennas in the PC do. In addition, the
handheld radio used for this demonstration had only a simple untuned
dipole antenna, so with a better antenna we would expect to get
reasonable reception at several hundred metres.
The shortwave (HF) radio bands in the 3{30 MHz range seem to be
the best for this attack. They are the highest bands that normal radios
can pick up and that are well below the pixel frequency fp. Although
computer monitors and video cables are too small to be efficient
antennas for these frequencies, the lower frequency bands would be even
worse, while the VHF frequencies at which electronic components radiate
well are too close to current pixel frequencies for software to
modulate efficiently, especially using FM. (Of course, as time passes,
rising pixel frequencies might bring VHF FM radio within reach.)
In a typical low-cost attack, the eavesdropper would
place a radio and cassette recorder near the target and implant the
attack software using standard virus or Trojan techniques. Since the
broadcast patterns will be visible, the attack should take place after
business hours while avoiding times when the chosen frequency is
swamped by ionospheric propagation of interfering stations. Many PCs
are not turned off at night, a habit encouraged by the power management
features of modern systems. If monitors are also left powered up, then
the attack software might monitor network traffic to detect the
presence of people in the department. Where monitors are turned off but
PCs are not, a serviceable signal can usually be picked up: as well as
the power
line, the VDU cable can be a quite adequate antenna. In these cases,
the attack software can broadcast unobtrusively in the evening and
early morning hours.
The attack software can use frequency shift keying, with 0 and
1 represented by tone patterns like those shown in Fig. 3. These would
be loaded into two video buffers which would be switched at the frame
rate fv. Fast switches between screen patterns and real-time amplitude
modulation can also be accomplished using the colour lookup table. The
bit pattern would be encoded first to provide forward error correction
before its bits are used to select the sequence of tones transmitted.
Broadband Transmission attacks:-
Above dither amplitude modulation of large readable
letters was designed to allow easy low-cost reception of hidden
broadcast information with a modified TV set. A professional
eavesdropper is more likely to select a method that affects only a
small part of the screen layout and that is optimized for maximum range
and robust reception with sophisticated equipment. In this section, we
outline what such a system might look like.

Reception of monitor emanations with modified TV sets
requires either exact knowledge of the horizontal and vertical
deflection frequencies or a strong enough Signal to adjust the sync
pulse generators manually. With larger distances and low signal levels,
the emitted information can only be separated from the noise by
averaging the periodic signal over a period of time, and manual
adjustment of the synch is difficult.

In a professional attack, one might use spread-spectrum
techniques to increase the jamming margin and thus the available range.
The
attack software would dither one or more colours in several lines of
the screen layout using a pseudorandom bit sequence. A cross-correlator
in the receiver gets one input from an antenna and sees at its other
input the same pseudorandom bit sequence presented with the guessed
pixel clock rate of the monitor. It will generate an output peak that
provides the phase difference between the receiver and the target. A
phase-locked loop can then control the oscillator in the receiver such
that stable long-term averaging of the screen content is possible.
Information can be transmitted by inverting the sequence depending on
whether a 0 or 1 bit is to be broadcast. Readers familiar with direct
sequence spread-spectrum modulation will find the idea familiar, and
many spread-spectrum engineering techniques are applicable.
The advantages of using spread-spectrum techniques are
that higher data rates and reception ranges can be achieved, and that
only the pixel clock frequency and (perhaps) the carrier frequency have
to be selected. This enables fast lock-on and fully automatic
operation.
A practical benefit is that it may only be necessary to
use a small number of lines-perhaps in the toolbar, or even off the
visible edge of the screen. If a spreading sequence coded as a series
of black and white pixels is too different from the normal grey toolbar
expected by the user, then phase modulation can be used instead. The
amplitude of the dither pattern can be reduced smoothly for a few
pixels at phase jumps to avoid visible bright or dark spots.
PROTECTION FROM TEMPEST ATTACKS:-
There are three ways to protect the computers from TEMPEST
attacks, They are
1) TEMPEST testing and selection of appropriate devices
2) TEMPEST Fonts
3) TEMPEST Proof walls
Among these three protective measures the TEMPEST “Proof walls
are the most effective one (It is not like the firewall and it is a
physical wall which reflects the entire signals back to the room)
TEMPEST testing and selection:-
TEMPEST tests are performed to prove that all or a part of
communications or information handling systems which are to process
national security information do, in fact. Provide emission security.
An equipment or system tested is called equipment under test (EUT). An
EUT can be visualized as an input/output box which receives an input
signal and produces an output signal. The figure shows this

In most cases, only EUT input and/or output conductors carry
the intentional RED signals; all other conductors usually carry signals
devoid of classified data. Because of design weaknesses, poor component
quality or location, improper wiring layout, and inadequate shielding
by the chassis
cabinet, some unintentional signals may be generated in an EUT and
emitted through space or on external conductors. Such unintentional
signals are the object of detection and measurement during TEMPEST
tests, and of particular interest are those signals which may be
similar to the RED signals because they are compromising emanations
(CE).
Test types are of three, they are
1. Electric radiation tests are performed to detect and measure
emanations escaping from an EUT in the form of E-fields
2. Magnetic radiation tests are performed to detect and measure
emanations escaping from an EUT in the form of H-fields.
3. Conduction tests are performed to detect and measure emanations
escaping from an EUT as voltage and current on conductors (including
returns and grounds) interfacing an EUT with other equipments and power
sources.
TEMPEST FONTS:-
TEMPEST fonts are used for protecting the computers form the
eavesdropper. There is some specific software for this and these
softwares will calculate the power dissisipation of the normal fonts
and if it is vulnerable to the TEMPEST attack, the software will filter
that software and show that font as the most convenient way
The filtered text looks rather blurred and unpleasant in this
magnified representation, but surprisingly, the loss in text quality is
almost unnoticeable for the user at the computer screen, as the
magnified photos in the lower half of Fig. 4 show. The limited focus of
the electron beam, the limited resolution of the eye, as well as
effects created by the mask and the monitor electronics filter the
signal anyway.

fig 4:-The text on the left is displayed with a conventional font,
while the text on the right has been filtered to remove the top 30% of
the horizontal frequency spectrum. The graphics in the upper row show
the pixel luminosities, while below there are magnified screen
photographs of a 21_5 mm text area. While the user can see practically
no difference between the fonts, the filtered text disappears from the
eavesdropping monitor while the normal text can be received clearly.
TEMPEST PROOF WALLS:-
TEMPEST proof walls are developed for preventing from
TEMPEST attacks. These walls are specially designed for reflecting the
electromagnetic waves back to the same room it self. Many of the
corporate firms have the TEMPEST proof walls for protecting the
databases from the hackers and spies, otherwise the secret data will be
leaked and the eavesdropper will cause threat to that corporate firm.

4 INSIDE ECHELON
ECHELON stands for NSAâ„¢s (National Security Agency of America)
secret Global Surveillance System developed for intercepting the
messages over the world. As said in the Medias NSA is No Such Agency,
but it is not the truth. This massive surveillance system apparently
operates without the oversight of either Congress or the courts.
Shockingly, the NSA has failed to adequately disclose to Congress and
the public the legal guidelines for the project. Without those legal
guidelines and an explanation of what they allow and forbid, there is
no way of knowing if the NSA is using Echelon to spy on Americans in
violation of federal law. In April 2000, the House Intelligence
Committee held a hearing to deal with credible reports that suggest
Echelon is capturing satellite, microwave, cellular and fiber-optic
communications worldwide. The House Intelligence Committee intended the
hearing to help ensure that ECHELON does not circumvent any requirement
in federal law that the government obtains a warrant from a court
before it eavesdrops on a conversation to, from, or within the United
States.
ESPIONAGE, what does it means..:-

Governments have a need for systematic collection and
evaluation of information about certain situations in other states.
This serves as a basis for decisions concerning the armed forces,
foreign policy and so on. They therefore maintain foreign intelligence
services, part of whose task is to systematically assess information
available from public sources. The rapporteur has been informed that on
average this account for at least 80% of the work of the intelligence
services. However, particularly significant information in the fields
concerned is kept secret from governments or
businesses and is therefore not publicly accessible. Anyone who
nonetheless wishes to obtain it has to steal it. Espionage is simply
the organised theft of information.
Espionage targets
The classic targets of espionage are military secrets,
other government secrets or information concerning the stability of or
dangers to governments. These may for example comprise new weapons
systems, military strategies or information about the stationing of
troops. No less important is information about forthcoming decisions in
the fields of foreign policy, monetary decisions or inside information
about tensions within a government. In addition there is also interest
in economically significant information. This may include not only
information about sectors of the economy but also details of new
technologies or foreign transactions.

Espionage methods

Espionage involves gaining access to information which the
holder would rather protect from being accessed by outsiders. This
means that the protection needs to be overcome and penetrated. This is
the case with both political and industrial espionage. Thus the same
problems arise with espionage in both fields, and the same techniques
are accordingly used in both of them. Logically speaking there is no
difference; only the level of protection is generally lower in the
economic sphere, which sometimes makes it easier to carry out
industrial espionage. In particular, businessmen tend to be less aware
of risks when using interceptible communication media than does the
state when employing them in fields where security is a concern.
Processing of electromagnetic signals

The form of espionage by technical means with which the public
are most familiar is that which uses satellite photography. In
addition, however, electromagnetic signals of any kind are intercepted
and analysed (.signals intelligence, SIGINT). In the military field,
certain electromagnetic signals, e.g. those from radar stations, may
provide valuable information about the organisation of enemy air
defences (.electronic intelligence, ELINT). In addition,
electromagnetic radiation which could reveal details of the position of
troops, aircraft, ships or submarines is a valuable source of
information for an intelligence service. Monitoring other states, spy
satellites which take photographs, and recording and decoding signals
from such satellites, is also useful. The signals are recorded by
ground stations, from low-orbit satellites or from quasi-geostationary
SIGINT satellites. This aspect of intelligence operations using
electromagnetic means consumes a large part of services. Interception
capacity, however, this is not the only use made of technology.
Processing of intercepted communications
The foreign intelligence services of many states intercept the
military and diplomatic communications of other states. Many of these
services also monitor the civil communications of other states if they
have access to them. In some states, services are also authorised to
monitor incoming or outgoing communications in their own country. In
democracies, intelligence services, monitoring of the communications of
the countryâ„¢s own citizens is subject to certain triggering conditions
and controls. However, domestic law in general only protects nationals
within the territory of their own country and other residents of the
country concerned
The interception on the spot
On the spot, any form of communication can be
intercepted if the eavesdropper is prepared to break the law and the
target does not take protective measures.

¢ Conversations in rooms can be intercepted by means of planted
microphones (bugs) or laser equipment which picks up vibrations in
window panes.
¢ Screens emit radiation which can be picked up at a distance of
up to 30 metres, revealing the information on the screen.
¢ Telephone, fax, and e-mail messages can be intercepted if the
eavesdropper taps into a cable leaving the relevant building.
¢ Although the infrastructure required is costly and complex,
communications from a mobile phone can be intercepted if the
interception station is situated in the same radio cell (diameter 300 m
in urban areas, 30 km in the countryside).
¢ Closed-circuit communications can be intercepted within the
USW-radio range.
The worldwide interception system
Nowadays various media are available for all forms of
intercontinental communication (voice, fax and data). The scope for a
worldwide interception system is restricted by two factors:
¢ Restricted access to the communication medium
¢ The need to filter out the relevant communication from a huge
mass of communications taking place at the same time.
Access to communication media
Cable communications:- All forms of communication (voice, fax, e-mail,
data) are transmitted by cable. Access to the cable is a prerequisite
for the interception of communications of this kind. Access is
certainly possible if the terminal of a cable connection is situated on
the territory of a state which allows interception. In technical terms,
therefore, within an individual state all communications carried by
cable can be intercepted, provided this is permissible under the law.
However, foreign intelligence services generally have no legal access
to cables situated on the territory of other states. At best, they can
gain illegal access to a specific cable, although the risk of detection
is high.
From the telegraph age onwards, intercontinental cable
connections have been achieved by means of underwater cables. Access to
these cables is always possible at those points where they emerge from
the water. Electric cables may also be tapped between the terminals of
a connection, by means of induction (i.e. electromagnetically, by
attaching a coil to the cable), without creating a direct, conductive
connection. Underwater electric cables can also be tapped in this way
from submarines, albeit at very high cost.
In the case of the older-generation fibreoptic cables used
today, inductive tapping is only possible at the regenerators. These
regenerators transform the optical signal into an electrical signal,
strengthen it and then transform it back into an optical signal.
However, this raises the issue of how the enormous volumes of data
carried on a cable of this kind can be transmitted from the point of
interception to the point of evaluation without the laying of a
separate fibreoptic cable.
The conditions apply to communications transmitted over the
Internet via cable. The situation can be summarised as follows:
¢ Internet communications are carried out using data packets and
different packets addressed to the same recipient may take different
routes through the network.
¢ In the internet communication the routes followed by individual
data packets were completely unpredictable and arbitrary. At that time,
the most important international connection was the 'science backbone'
between Europe and America.
¢ The commercialisation of the Internet and the establishment of
Internet providers also resulted in a commercialisation of the network.
Internet providers operated or rented their own networks. They
therefore made increasing efforts to keep communications within their
own network in order to avoid paying user fees to other operators.
Today, the route taken through the network by a data packet is
therefore not solely determined by the capacity available on the
network, but also hinges on costs considerations.
Scope for interception from aircraft and ships:-
It has long been known that special AWACS aircraft are used for
the purpose of locating other aircraft over long distances. The radar
equipment in these aircraft works in conjunction with a detection
system, designed to identify specific objectives, which can locate
forms of electronic radiation, classify them and correlate them with
radar sightings .They have no separate SIGINT capability. In contrast,
the slow-flying EP-3 spy plane used by the US Navy has the capability
to intercept microwave, USW and short-wave transmissions. The signals
are analysed directly on board and the aircraft is
used solely for military purposes. In addition, surface ships, and in
coastal regions, submarines are used to intercept military radio
transmissions.
The scope for interception by spy satellites (The Backbone of
Echelon):-
Provided they are not focused through the use of
appropriate antennae, radio waves radiate in all directions, i.e. also
into space. Low-orbit Signals Intelligence Satellites can only lock on
to the target transmitter for a few minutes in each orbit. In densely
populated, highly industrialised areas interception is hampered to such
a degree by the high density of transmitters using similar frequencies
that it is virtually impossible to filter out individual signals19. The
satellites cannot be used for the continuous monitoring of civilian
radio communications.
Alongside these satellites, the USA operates so-called
quasi-geostationary SIGINT satellites stationed in a high earth orbit
(42 000 km)20. Unlike the geostationary telecommunications satellites,
these satellites have an inclination of between 3 and 10o, an apogee of
between 39 000 and 42 000 km, and a perigee of between 30 000 and 33
000 km. The satellites are thus not motionless in orbit, but move in a
complex elliptical orbit, which enables them to cover a larger area of
the earth in the course of one day and to locate sources of radio
transmissions. This fact, and the other non-classified characteristics
of the satellites, point to their use for purely military purposes. The
signals received are transmitted to the receiving station by means of a
strongly-focused, 24GHz downlink.

The automatic analysis of intercepted communications (The Backbone of
Echelon):-
When foreign communications are intercepted, no single
telephone connection is monitored on a targeted basis. Instead, some or
all of the communications transmitted via the satellite or cable in
question are tapped and filtered by computers employing keywords ñ
analysis of every single communication would be completely impossible.
It is easy to filter communications transmitted along
a given connection. Specific faxes and e-mails can also be singled out
through the use of keywords. If the system has been trained to
recognise a particular voice, communications involving that voice can
be singled out. However, according to the information available to the
rapporteur the automatic recognition to a sufficient degree of accuracy
of words spoken by any voice is not yet possible. Moreover, the scope
for filtering out is restricted by other factors: the ultimate capacity
of the computers, the language problem and, above all, the limited
number of analysts who can read and assess filtered messages
When assessing the capabilities of filter systems,
consideration must also be given to the fact that in the case of an
interception system working on the basis of the vacuum-cleaner
principle, those technical capabilities are spread across a range of
topics. Some of the keywords relate to military security, some to drug
trafficking and other forms of international crime, some to the trade
in dual-use goods and some to compliance with embargoes. Some of the
keywords also relate to economic activities. Any move to narrow down
the range of keywords to economically interesting areas would simply
run counter to the demands made on intelligence services by
governments; what is more, even the end of the Cold War was not enough
to prompt such a step.
The Echelon System developed by NSA and it alliesâ„¢ uses
this type of filtering of the messages by use of Directories and
Keywords. Thus the system filters the messages using the modern
techniques for searching by use of the sophisticated searching
algorithms. In this method the NSA uses sophisticated Speech
Recognition Softwares and the OCR softwares for searching or sniffing
through the packets. The searching through the packets is done by the
specific keyword and Directories. These keyword and Directories are the
power of an Echelon System. It is told that an echelon system can
intercept about billions of messages every hour. This makes the echelon
system as the largest spying network of the world using the largest
computing power that the human kind ever experienced. The Power of the
Echelon System is Dictionaries containing Keywords.
Keywords:-
When sniffing through the packets and sending the
information to the destination of agencies the computers in the part of
Echelon system uses some Sensitive Words to find out the messages
which carries the sensitive information. These words are known as the
Keywords. The computers automatically search through millions of
intercepted messages for the ones containing the pre-programmed
keywords and then ship the selected messages off to the computers of
the requesting agency.
Processing millions of messages every hour, the ECHELON
systems churn away 24 hours a day, 7 days a week, looking for targeted
keyword series, phone and fax numbers, and specified voiceprints. It is
important to note that very few messages and phone calls are actually
transcribed and recorded by the system. The vast majority are filtered
out after they are read or listened to by the system. Only those
messages that produce
keyword hits are tagged for future analysis. Again, it is not just
the ability to collect the electronic signals that gives ECHELON its
power; it is the tools and technology that are able to whittle down the
messages to only those that are important to the intelligence agencies.
The Echelon System compares the intercepted messages with the
keywords and when a Hit occurs the system will forward the messages
to the corresponding agencies.
The ECHELON Dictionaries:-

The extraordinary ability of ECHELON to intercept most of the
communications traffic in the world is breathtaking in its scope. And
yet the power of ECHELON resides in its ability to decrypt, filter,
examine and codify these messages into selective categories for further
analysis by intelligence agents from the various UKUSA agencies. As the
electronic signals are brought into the station, they are fed through
the massive computer systems, such as Menwith Hillâ„¢s SILKWORTH, where
voice recognition, optical character recognition (OCR) and data
information engines get to work on the messages.
The database containing the keywords may be huge, these
huge database is called as the Dictionaries. Each station maintains a
list of keywords (the Dictionary) designated by each of the
participating intelligence agencies. A Dictionary Manager from each of
the respective agencies is responsible for adding, deleting or changing
the keyword search criteria for their dictionaries at each of the
stations. Each of these station dictionaries is given codeword, such
as COWBOY for the Yakima facility and FLINTLOCK
for the Waihopai facility. These codewords play a crucial
identification role for the analysts who eventually look at the
intercepted messages.
¢ By the rise of post-modern warfare “ terrorism “ gave the
establishment all the justification it needed to develop even greater
ability to spy on our enemies, The satellites that fly thousands of
miles overhead and yet can spy out the most minute details on the
ground; the secret submarines that troll the ocean floors that are able
to tap into undersea communications cables.
The Problems of Echelon:-
Even the technology made us to access the sophisticated
spying methods and prevention of terrorist activities up to certain
extend. The Echelon system has its drawbacks.
¢ The Echelon system will not provide any privacy for our own
people in home and abroad. Every thing is monitored by the Big-
Brother. It will not provide any security of the data of the corporate
firms. It will result in the complete destruction of the industries and
it will lead to the 19th century colonialism. It will cause a threat to
our modern culture.
¢ Every military secret is public to NSA and it™s allies, even
though if we are hiding that from their eyes. They will hear and see
with a sixth-sense¦yes¦.. the computers. It will lead to the mass
destruction of human kind. Even a single war can cause the complete
destruction of the man-kind.
¢ As stated above the Echelon systems can be developed to protect
us from the terrorist attacks, but we have to ensure that these systems
are protected from intrusion and weather it occurs the result will be
hazardous. If the terrorists got the sensitive information about the
military secrets and the intelligence secrets, the terrorists can cause
a world war.
5. CONCLUSION AND FUTURESCOPE
The interception of communication is the main function
done by the intelligence agencies all over the world. The intelligence
agencies are searching for the sophisticated methods for surveillance
and spying from its own people and from its enemies. Here the
scientists in the NSA developed the modern techniques for finding the
interception of messages. And they developed a network known as the
Echelon System. It made them to leap ahead of the hackers in one step.
The main topics discussed here is Tempest and Echelon.
Tempest is the technology for spying from electronic equipments with
out any physical contact. It is the wonderful technology which people
ever experienced. It enables us to replicate the data on an electronic
equipment from a couple of kilometres away. We can replicate the
computer monitor and Hard disk (or even Memory) of computer system by
this way.
Echelon is the vast network formed by NSA and its
allies all over the world to intercept the messages sent through any
transmission media. It plays a major role in the intelligence related
work of the NSA and its allies. It uses the largest computing power of
distributed systems. It uses search algorithms and sophisticated
softwares like speech recognition and OCR software¦.
Even though we discussed about the advantages of the
Echelon and Tempest there is some major disadvantages for these
systems. These systems are GOD-LIKE and nothing can be hidden from
the Echelon system. But the Echelon system will not provide any secrecy
for the common people. It will only preserve the states policies. This
will cause the leaking of
the sensitive data of the industries and it will cause harm to that
companies. And again the Tempest equipments are available in USA and is
prohibited of exporting from there, and thus if some terrorists got
these Tempest equipments then it will cause harm to our industries and
society. But many of the corporate firms are protecting their companies
from the Tempest attacks by use of software and equipments to prevent
the Tempest attacks.
Discussing about the future scope of Tempest and
Echelon, we can say that these can be used to empower our intelligence
agencies to do their job better than before. Unfortunately our India
does not have a Tempest equipment developed yet. But we have to take
care of the foreign intelligence agencies stealing our military data
and the diplomatic data. We have to take the counter measures to
protect our secret data from them. And we are not a part of Echelon
network developed by NSA, so we have to develop one such for empowering
our intelligence agencies and military agencies.

6 . REFERENCES
¢ EUROPEAN PARLIAMENT Session document 11 July 2001
¢ http://acluechelon/index.htm
¢ http://wirednews/ehelon.html
¢ http://cl.cam.ac.uk
¢ http://cryptomenacsim-5000.htm
¢ http://lib.utexas.edu
¢ http://mit.edu



CONTENTS
1. Introduction
1
2. Tempest and Echelon
4
3. Inside Tempest
7
4. Inside Echelon
23
5. Conclusion and Future Scope
34
6. References
36


ACKNOWLEDGMENT

I express my sincere thanks to Prof. M.N Agnisarman
Namboothiri (Head of the Department, Computer Science and Engineering,
MESCE), Mr. Sminesh (Staff incharge) for their kind co-operation for
presenting the seminars.
I also extend my sincere thanks to all other members of the
faculty of Computer Science and Engineering Department and my friends
for their co-operation and encouragement.
Anwar
Husain
Post: #2
Hi,
the presentations of this topic can be accessed in the following links:
http://scribddoc/23496448/tempest-and-echelon
http://scribddoc/22613423/Tempest-and-Echelon
http://scribddoc/22613718/Tempest-and-Echelon
http://scribddoc/19801520/tempest-and-echelon
http://scribddoc/23496625/TempestandEchelon
Post: #3
[attachment=5530]
CHAPTER 1
INTRODUCTION
1.1. INTRODUCTION

The notion of spying is a very sensitive topic after the September 11 attack of Terrorists in New York. In the novel 1984, George Orwell foretold a future where individuals had no expectation of privacy because the state monopolized the technology of spying. Now the National security Agency Of USA developed a secret project to spy on people for keep tracing their messages to make technology enabled interception to find out the terrorist activities across the globe, named as Echelon. Leaving the technology ahead of the any traditional method of interception.

The secret project Developed by NSA (National Security Agency of USA) and its allies is tracing every single transmission even a single of keyboard. The allies of USA in this project are UK, Australia, New Zealand and Canada. Echelon is developed with the highest computing power of computers connected through the satellites all over the world. In this project the NSA left the wonderful method of Tempest and Carnivores behind.

Echelon is the technology for sniffing through the messages sent over a network or any transmission media, even it is wireless messages. Tempest is the technology for intercepting the electromagnetic waves over the air. It simply sniffs through the electromagnetic waves propagated from any devices, even it is from the monitor of a computer screen. Tempest can capture the signals through the walls of computer screens and keystrokes of key board even the computer is not connected to a network. Thus the traditional way of hacking has a little advantage in spying.

For the common people it is so hard to believe that their monitor can be reproduced from anywhere in one kilometer range without any transmission media in between the equipment and their computer. So we have to believe the technology enabled us to reproduce anything from a monitor of computer to the Hard Disks

including the Memory (RAM) of a distant computer without any physical or visual contact. It is done with the Electromagnetic waves propagated from that device.

The main theory behind the Tempest(Transient Electromagnetic Pulse Emanation Standard.) is that any electronic or electrical devices emit Electromagnetic radiations of specific key when it is operated. For example the picture tube of computer monitor emits radiations when it is scanned up on vertical of horizontal range beyond the screen. It will not cause any harm to a human and it is very small. But it has a specific frequency range. You can reproduce that electromagnetic waves by tracing with the powerful equipments and the powerful filtering methods to correct the errors while transmission from the equipment. Actually this electromagnetic waves are not necessary for a human being because it not coming from a transmitter, but we have a receiver to trace the waves.

For the project named as Echelon the NSA is using supercomputers for sniffing through the packets and any messages send as the electromagnetic waves. They are using the advantage of Distributed computing for this. Firstly they will intercept the messages by the technology named as the Tempest and also with the Carnivore. Every packet is sniffed for spying for the USA’s NSA for security reasons.
Interception of communications is a method of spying commonly employed by intelligence services, For an intelligence agency they are make use of the spies for the secret services for government to provide the security of government and the people. So they can use any methods to ensure the security of people including spying, it is not guilt. It depends on the target we are aiming. To capture the terrorists before they can make any harm to people, we must keep the technology ahead. We, Engineers are behind that project of NSA and so we have to aware of that technology for enabling our INDIA also in this field. Because it is used mainly by the security agencies and spies all over the world even though there is a lack of equipments for this purpose. Equipments for Tempest spying is available in USA and is prohibited of exporting from there. Some smuggled equipments may be here. But we have to develop the systems for our Military and Intelligence Agencies for ensuring the best security for our people.

While Considering about the limitations of the surveillance system, The issues depends in particular, upon worldwide interception of satellite communications, although in areas characterised by a high volume of communications only a very small proportion of those communications are transmitted by satellite; whereas this means that the majority of communications cannot be intercepted by earth stations, but only by tapping cables and intercepting radio signals, something which -as the investigations carried out in connection with the report have shown - is possible only to a limited extent; whereas the numbers of personnel required for the final analysis of intercepted communications imposes further restrictions; whereas, therefore, the UKUSA states have access to only a very limited proportion of cable and radio communications and can analyze an even more limited proportion of those communications, and whereas, further, however extensive the resources and capabilities for the interception of communications may be, the extremely high volume of traffic makes exhaustive, detailed monitoring of all communications impossible in practice.

CHAPTER 2
LITERATURE REVIEW

2.1. TEMPEST AND ECHELON

Interception of communications is a method of spying commonly employed by intelligence services, whereas there can now be no doubt that the purpose of the system is to intercept, at the very least, private and commercial communications, and not military communications, although the analysis carried out in the report has revealed that the technical capabilities of the system are probably not nearly as extensive as some sections of the media had assumed.

2.2. The Need for an Interception System

Interception of messages is the major work for the intelligence agencies all over the world, to keep track of the spies and terrorists for preserving the security of the country from the leaking of sensitive documents and the terrorist attacks. By the work of the intelligence agencies the government is ensuring the security of the state. For that we have to enable our intelligence agencies with modern technologies like USA. For that we must setup an interception system. While developing this we have to consider about the privacy of common people and industrial organization.

The targets for the ECHELON system developed by the NSA are apart from directing their ears towards terrorists and rogue states; ECHELON is also being used for purposes well outside its original mission. In America the regular discovery of domestic surveillance targeted at American civilians for reasons of “unpopular” political affiliation or for no probable cause at all in violation of the First, Fourth and Fifth Amendments of the Constitution of America– are consistently impeded by very elaborate and complex legal arguments and privilege claims by the intelligence agencies and the US government. The guardians and caretakers of their liberties, their

duly elected political representatives, give scarce attention to these activities, let alone the abuses that occur under their watch. The other ECHELON targets are political spying and industrial espionage.

The existence and expansion of ECHELON is a foreboding omen regarding the future of our Constitutional liberties. If a government agency can willingly violate the most basic components of the Bill of Rights without so much as Congressional oversight and approval, we have reverted from a republican form of government to tyranny.

While considering about the political spying we have to consider many legal issues. It consists of spying the other parties and the messages sent by them. Since the close of World War II, the US intelligence agencies have developed a consistent record of trampling the rights and liberties of the American people. Even after the investigations into the domestic and political surveillance activities of the agencies that followed in the wake of the Watergate fiasco, the NSA continues to target the political activity of “unpopular” political groups and our duly elected representatives.

While considering about the Industrial Espionage we have to discuss we have to redefine the notion of National Security to include economic, commercial and corporate concerns. Many of the major companies helped NSA to develop the ECHELON system to tackle the mammoth task for setting up the largest computing power throughout the world.

ECHELON is actually a vast network of electronic spy stations located around the world and maintained by five countries: the US, England,

Canada, Australia, and New Zealand. These countries, bound together in a still-secret agreement called UKUSA, spy on each other’s citizens by intercepting and gathering electronic signals of almost every telephone call, fax transmission and email message transmitted around the world daily. These signals are fed through the massive

supercomputers of the NSA to look for certain keywords called the ECHELON “dictionaries.”

For these above reasons our country INDIA must be enabled to cop with the new interception system. For that we, engineers must do the work other wise our country will also become vulnerable to any attacks from the other states. For that reason i am presenting this seminars.

2.3. INSIDE TEMPEST

TEMPEST is a short name referring to investigations and studies of compromising emanations (CE). Compromising emanations are defined as unintentiorial intelligence-bearing signals which, if intercepted and analyzed, disclose the national security information transmitted, received, handled or otherwise processed by any information-processing equipment. Compromising emanations consist of electrical or acoustical energy unintentionally emitted by any of a great number of sources within equipment/systems which process national security information. This energy may relate to the original message, or information being processed, in such a way that it can lead to recovery of the plaintext. Laboratory and field tests have established that such CE can be propagated through space and along nearby conductors. The interception/propagation ranges and analysis of such emanations are affected by a variety of factors, e.g., the functional design of the information processing equipment; system/equipment installation; and, environmental conditions related to physical security and ambient noise "compromising emanations" rather than "radiation" is used because the compromising signals can, and do, exist in several forms such as magnetic and/or electric field radiation, line conduction, (signal and power) or acoustic emissions. More specifically, the emanations occur as

1.Electromagnetic fields set free by elements of the plaintext processing equipment or its associated conductors.


2.Text-related signals coupled to cipher, power, signal, control or other BLACK lines through (a) common circuit elements such as grounds and power supplies or (b) inductive and capacitive coupling.
3.Propagation of sound waves from mechanical or electromechanical devices.

4.The TEMPEST problem is not one which is confined to cryptographic devices; it is a system problem and is of concern for all equipment which process plaintext national security data.


Fig1:-Schematic view of tempest technology


Sources of TEMPEST Signals:- In practice, the more common types of compromising emanations (CE )are attenuated RED(A term applied to wire lines, components, equipment, and systems which handle national security signals, and to areas in which national security signals occur.) base band signals, spurious carriers modulated by RED base band signals, and impulsive emanations.


1)Functional Sources. - Functional sources are those designed for the specific purpose of generating electromagnetic energy. Examples are switching transistors, oscillators. Signal generators, synchronizers, line drivers, and line relays.
2)Incidental Sources - Incidental sources are those which are not designed for the specific purpose of generating electromagnetic energy. Examples are electromechanical switches and brush-type motors.

2.3.1. Types of TEMPEST Signals: - In practice, the more common types of CE (compromising emanations) are attenuated RED base band signals, spurious carriers modulated by RED base band signals, and impulsive emanations.

2.3.1.1. RED Base band Signals -- The most easily recognized CE is the RED base band signal in attenuated but otherwise unaltered form, since it is essentially identical to the RED base band signal itself. This emanation can be introduced into electrical conductors connected to circuits (within an EUT) which have an impedance or a power source in common with circuits processing RED base band signals. It can be introduced into an escape medium by capacitive or inductive coupling, and especially by radiation with RED base band signals of higher frequencies or data rates.

2.3.1.2. Modulated Spurious Carriers -- This type of CE is generated as the modulation of a carrier by RED data. The carrier may be a parasitic oscillation generated in the equipment, i.e., the chopper frequency of a power supply, etc. The carrier is usually amplitude or angle-modulated by the basic RED data signal. or a signal related to the basic RED data signal, which is then radiated into space or coupled into EUT external conductors. See Figure below for time and frequency domain representations.


Fig2:-time and frequency domain representation


2.3.1.3. Impulsive Emanations -- Impulsive emanations are quite common in Equipment under Tests processing digital signal, and are caused by very fast mark-to-space and space-to-mark transitions of digital signals. Impulsive emanations can be radiated into space or coupled into Equipment under Test external conductors. See Figure 2 below for the time and frequency domain representations.

Other Types of Eanations -- Most CE resembles one of the types mentioned thus far. There are, however, other possible types of CE which are caused by various linear and nonlinear operations occurring in information-processing equipments and systems. Such CE cannot easily be categorized. In practice, these emanations often exhibit features which can frequently be related to one of the three types discussed.




2.3.2. Propagation of TEMPEST Signals: - There are four basic means by which compromising emanations may be propagated
1)Electromagnetic Radiation
2)Line Conduction
3)Fortuitous Conduction
4)Acoustics

2.3.3. Technology behind the TEMPEST: - We discussed that the TEMPEST uses the electromagnetic waves propagated from the electronic devices intentionally or non intentionally. For receiving the texts or data at the other end we have to screw up to a specific frequency range and just listen or replicate the data at the other end. Tempest is the technology, which can reproduce what you are seeing in your monitor, what you are typing in your keyboard from a couple of kilometres away. It traces all electromagnetic radiation from the victim’s monitor, keyboard, even pc memory and hard disk, and then it reproduces the signals. By using this technology it is possible to intrude (only listening) in to a person’s computer from a couple of kilometres away, even it is a computer which is not “Networked” and enables the intruder to hack without any connection to the victim’s computer.

We discuss techniques that enable the software on a computer to control the electromagnetic radiation it transmits. This can be used for both attack and defence. To attack a system, malicious code can encode stolen information in the machine's RF emissions and optimize them for some combination of reception range, receiver cost and covertness. To defend a system, a trusted screen driver can display sensitive information using fonts which minimize the energy of these emissions.

When snooping in to a computer’s VDU, similar periodic averaging and cross-correlation techniques can be used if the signal is periodic or if its structure is understood. Video display units output their frame buffer content periodically to a monitor and are therefore a target, especially where the video signal is amplified to several hundred volts. Knowledge of the fonts used with video displays and printers


allows maximum likelihood character recognition techniques to give a better signal/noise ratio for whole characters than is possible for individual pixels.


Similar techniques can be applied when snooping on CPUs that execute known algorithms. Even if signals caused by single instructions are lost in the noise, correlation techniques can be used to spot the execution of a known pattern of instructions. Bovenlander reports identifying when a smartcard performs a DES encryption by monitoring its power consumption for a pattern repeated sixteen times. Several attacks become possible if one can detect in the power consumption that the smartcard processor is about to write into EEPROM. For example, one can try a PIN, deduce that it was incorrect from the power consumption, and issue a reset before the non-volatile PIN retry counter is updated. In this way, the PIN retry limit may be defeated.

Smulders showed that even shielded RS-232 cables can often be eavesdropped at a distance. Connection cables form resonant circuits consisting of the induction of the cable and the capacitance between the device and ground; these are excited by the high-frequency components in the edges of the data signal, and the resulting short HF oscillations emit electromagnetic waves.

It has also been suggested that an eavesdropper standing near an automatic teller machine equipped with fairly simple radio equipment could pick up both magnetic stripe and PIN data, because card readers and keypads are typically connected to the CPU using serial links. A related risk is cross-talk between cables that run in parallel. For instance, the reconstruction of network data from telephone lines has been demonstrated where the phone cable ran parallel to the network cable for only two metres. Amateur radio operators in the neighbourhood of a 10BASE-T network are well aware of the radio interference that twisted-pair Ethernet traffic causes in the short-wave bands. Laptop owners frequently hear radio interference on nearby FMradio


receivers, especially during operations such as window scrolling that cause bursts of system bus activity. A Virus could use this effect to broadcast data.

Compromising emanations are not only caused directly by signal lines acting as parasitic antennas. Power and ground connections can also leak high frequency information. Data line drivers can cause low-frequency variations in the power supply voltage, which in turn cause frequency shifts in the clock; the data signal is thus frequency modulated in the emitted RFI. Yet another risk comes from `active' attacks, in which parasitic modulators and data-dependent resonators affect externally applied electromagnetic radiation: an attacker who knows the resonant frequency of (say) a PC's keyboard cable can irradiate it with this frequency and then detect key-press codes in the retransmitted signal thanks to the impedance changes they cause. In general, transistors are non-linear and may modulate any signals that are picked up and retransmitted by a line to which they are connected. This effect is well known in the counterintelligence community, where `nonlinear junction detectors' are used to locate radio microphones and other unauthorised equipment.

2.3.4. Short wave attacks:-

If one wants to spy to a computer, then an important design criterion is the cost of the receiver. While intelligence services may already possess phased array antennas and software radios, such equipment is not yet generally available. The graduate student's Tempest spying kit is more likely to be just a radio receiver connected to an audio cassette recorder.

In order to get a computer VDU to produce audible tones on our radio, we have to design a screen image that causes the VDU beam current to
approximate a broadcast AM radio signal. If this latter has a carrier frequency fc and an audio tone with a frequency ft, then it can be represented as


The timing of a digital video display system is first of all characterised by The pixel clock frequency fp, which is the reciprocal of the time, in which the electron beam in the CRT travels from the centre of one pixel to the centre of its right neighbour. The pixel clock is an integer multiple of both the horizontal and vertical deflection frequencies, that is the rate fh = fp/xt with which lines are drawn and the rate fv = fh/yt with which complete frames are built on the screen. Here, xt and yt are the total width and height of the pixel field that we would get if the electron beam needed no time to jump back to the start of the line or frame. However the displayed image on the screen is only xd pixels wide and yd pixels high as the time allocated to the remaining xtyt - xdyd virtual pixels is used to bring the electron beam back to the other side of the screen.

Attack software can read these parameters directly from the video controller chip, or find them in configuration files. For instance, on the ones Linux Workstation, a line of the form

ModeLine "1152x900" 95 1152 1152 1192 1472 900 900 931 939

in the X Window System server configuration file /usr/lib/X11/XF86Config indicates that the parameters fp = 95 MHz, xd = 1152, yd = 900, xt = 1472 and yt = 939 are used on this system, which leads to deflection frequencies of fh = 64.5 kHz and fv = 68.7 Hz.


If we de_ne t = 0 to be the time when the beam is in the centre of the upper left corner pixel (x = 0, y = 0), then the electron beam will be in the centre of the pixel (x,y) at time



For all 0 _ x < xd, 0 _ y < yd and n 2 IN. Using the above formula with the frame counter n = 0, we can now calculate a time t for every pixel (x,y) and set this pixel to an 8-bit greyscale value of [255/2+S(t)+R] with amplitudes, A = 255/4 and m = 1, where R is in between 0 and 1 is a uniformly distributed random number that spreads the
quantization noise (dithering) for screen contents generated this way to broadcast an AM tone.

It is not necessary to fill the entire screen with the pattern, but the energy of the transmitted signal is proportional to the number of pixels that display it. Ideally, both fc and ft should be integer multiples of fv to avoid phase discontinuities from one line or frame to the next.


This will work everywhere in the labs and in nearby rooms, while reception over longer distances was good so long as the receiver antenna was held close to power supply lines. As one might expect from the wavelengths involved, the power lines appear to propagate more RF energy than the parasitic antennas in the PC do. In addition, the handheld radio used for this demonstration had only a simple untuned dipole antenna, so with a better antenna we would expect to get reasonable reception at several hundred metres.

The shortwave (HF) radio bands in the 3{30 MHz range seem to be the best for this attack. They are the highest bands that normal radios can pick up and that are well below the pixel frequency fp. Although computer monitors and video cables are too small to be efficient antennas for these frequencies, the lower frequency bands would be even worse, while the VHF frequencies at which electronic components radiate well are too close to current pixel frequencies for software to modulate efficiently, especially using FM. (Of course, as time passes, rising pixel frequencies might bring VHF FM radio within reach.)


In a typical low-cost attack, the eavesdropper would place a radio and cassette recorder near the target and implant the attack software using standard virus or Trojan techniques. Since the broadcast patterns will be visible, the attack should take place after business hours while avoiding times when the chosen frequency is swamped by ionospheric propagation of interfering stations. Many PCs are not turned off at

night, a habit encouraged by the power management features of modern systems. If monitors are also left powered up, then the attack software might monitor network traffic to detect the presence of people in the department. Where monitors are turned off but PCs are not, a serviceable signal can usually be picked up: as well as the power

line, the VDU cable can be a quite adequate antenna. In these cases, the attack software can broadcast unobtrusively in the evening and early morning hours.

The attack software can use frequency shift keying, with 0 and 1 represented by tone patterns like those shown in Fig. 3. These would be loaded into two video buffers which would be switched at the frame rate fv. Fast switches between screen patterns and real-time amplitude modulation can also be accomplished using the colour lookup table. The bit pattern would be encoded first to provide forward error correction before its bits are used to select the sequence of tones transmitted.

2.3.5. Broadband Transmission attacks:-

Above dither amplitude modulation of large readable letters was designed to allow easy low-cost reception of hidden broadcast information with a modified TV set. A professional eavesdropper is more likely to select a method that affects only a small part of the screen layout and that is optimized for maximum range and robust reception with sophisticated equipment. In this section, we outline what such a system might look like.

Reception of monitor emanations with modified TV sets requires either exact knowledge of the horizontal and vertical deflection frequencies or a strong enough Signal to adjust the sync pulse generators manually. With larger distances and low signal levels, the emitted information can only be separated from the noise by averaging the periodic signal over a period of time, and manual adjustment of the synch is difficult.

In a professional attack, one might use spread-spectrum techniques to increase the jamming margin and thus the available range. The attack software would dither one or more colours in several lines of the screen layout using a pseudorandom
bit sequence. A cross-correlator in the receiver gets one input from an antenna and sees at its other input the same pseudorandom bit sequence presented with the guessed pixel clock rate of the monitor. It will generate an output peak that provides the phase difference between the receiver and the target. A phase-locked loop can then control the oscillator in the receiver such that stable long-term averaging of the screen content is possible. Information can be transmitted by inverting the sequence depending on whether a 0 or 1 bit is to be broadcast. Readers familiar with direct sequence spread-spectrum modulation will find the idea familiar, and many spread-spectrum engineering techniques are applicable.
The advantages of using spread-spectrum techniques are that higher data rates and reception ranges can be achieved, and that only the pixel clock frequency and (perhaps) the carrier frequency have to be selected. This enables fast lock-on and fully automatic operation.
A practical benefit is that it may only be necessary to use a small number of lines-perhaps in the toolbar, or even off the visible edge of the screen. If a spreading sequence coded as a series of black and white pixels is too different from the normal grey toolbar expected by the user, then phase modulation can be used instead. The
amplitude of the dither pattern can be reduced smoothly for a few pixels at phase jumps to avoid visible bright or dark spots.







2.4. PROTECTION FROM TEMPEST ATTACKS:-

There are three ways to protect the computers from TEMPEST attacks, they are

1)TEMPEST testing and selection of appropriate devices
2)TEMPEST Fonts
3)TEMPEST Proof walls

Among these three protective measures the TEMPEST –Proof walls are the most effective one (It is not like the firewall and it is a physical wall which reflects the entire signals back to the room)

2.4.1. TEMPEST testing and selection:-

TEMPEST tests are performed to prove that all or a part of communications or information handling systems which are to process national security information do, in fact. Provide emission security. An equipment or system tested is called equipment under test (EUT). A EUT can be visualized as an input/output box which receives an input signal and produces an output signal. The figure shows this


Fig3:- A EUT can be visualized as an input/output

In most cases, only EUT input and/or output conductors carry the intentional RED signals; all other conductors usually carry signals devoid of classified data. Because of design weaknesses, poor component quality or location, improper wiring layout, and in adequate shielding by the chassis cabinet, some unintentional signals may be generated in an EUT and emitted through space or on external conductors. Such unintentional signals are the object of detection and measurement during TEMPEST tests, and of particular interest are those signals which may be similar to the RED signals because they are compromising emanations (CE).

Test types are of three, they are
1.Electric radiation tests are performed to detect and measure emanations escaping from an EUT in the form of E-fields
2.Magnetic radiation tests are performed to detect and measure emanations escaping from an EUT in the form of H-fields.
3.Conduction tests are performed to detect and measure emanations escaping from an EUT as voltage and current on conductors (including returns and grounds) interfacing an EUT with other equipments and power sources.



2.4.2. TEMPEST FONTS:-

TEMPEST fonts are used for protecting the computers form the eavesdropper. There is some specific software for this and these softwares will calculate the power dissisipation of the normal fonts and if it is vulnerable to the TEMPEST attack, the software will filter that software and show that font as the most convenient way

The filtered text looks rather blurred and unpleasant in this magnified representation, but surprisingly, the loss in text quality is almost unnoticeable for the user at the computer screen, as the magnified photos in the lower half of Fig. 4 show.


The limited focus of the electron beam, the limited resolution of the eye, as well as effects created by the mask and the monitor electronics filter the signal anyway.





Fig 4:-The text on the left is displayed with a conventional font, while the text on the right has been filtered to remove the top 30% of the horizontal frequency spectrum. The graphics in the upper row show the pixel luminosities, while below there are magnified screen photographs of a 21_5 mm text area. While the user can see practically no difference between the fonts, the filtered text disappears from the eavesdropping monitor while the normal text can be received clearly.

2.4.3. TEMPEST PROOF WALLS:-

TEMPEST proof walls are developed for preventing from TEMPEST attacks. These walls are specially designed for reflecting the electromagnetic waves back to the same room it self. Many of the corporate firms have the TEMPEST proof walls for protecting the databases from the hackers and spies, otherwise the secret data will be leaked and the eavesdropper will cause threat to that corporate firm.

2.5. INSIDE ECHELON

ECHELON stands for NSA’s (National Security Agency of America) secret Global Surveillance System developed for intercepting the messages over the world. As said in the Medias NSA is No Such Agency, but it is not the truth. This massive
surveillance system apparently operates without the oversight of either Congress or the courts. Shockingly, the NSA has failed to adequately disclose to Congress and the public the legal guidelines for the project. Without those legal guidelines and an explanation of what they allow and forbid, there is no way of knowing if the NSA is using Echelon to spy on Americans in violation of federal law. In April 2000, the House Intelligence Committee held a hearing to deal with credible reports that suggest Echelon is capturing satellite, microwave, cellular and fiber-optic communications worldwide. The House Intelligence Committee intended the hearing to help ensure that ECHELON does not circumvent any requirement in federal law that the government obtains a warrant from a court before it eavesdrops on a conversation to, from, or within the United States.


fig5:-Echelon stations using radomes


2.5.1. ESPIONAGE, what does it means..:-

Governments have a need for systematic collection and evaluation of information about certain situations in other states. This serves as a basis for decisions concerning the armed forces, foreign policy and so on. They therefore maintain foreign intelligence services, part of whose task is to systematically assess information available from public sources. The rapporteur has been informed that on averages this

account for at least 80% of the work of the intelligence services. However, particularly significant information in the fields concerned is kept secret from governments or
businesses and is therefore not publicly accessible. Anyone who nonetheless wishes to obtain it has to steal it. Espionage is simply the organised theft of information.

2.5.2. Espionage targets

The classic targets of espionage are military secrets, other government secrets or information concerning the stability of or dangers to governments. These may for example comprise new weapons systems, military strategies or information about the stationing of troops. No less important is information about forthcoming decisions in the fields of foreign policy, monetary decisions or inside information about tensions within a government. In addition there is also interest in economically significant information. This may include not only information about sectors of the economy but also details of new technologies or foreign transactions.

2.5.3. Espionage methods

Espionage involves gaining access to information which the holder would rather protect from being accessed by outsiders. This means that the protection needs to be overcome and penetrated. This is the case with both political and industrial espionage. Thus the same problems arise with espionage in both fields, and the same techniques are accordingly used in both of them. Logically speaking there is no difference; only the level of protection is generally lower in the economic sphere, which sometimes makes it easier to carry out industrial espionage. In particular,

businessmen tend to be less aware of risks when using interceptible communication media than does the state when employing them in fields where security is a concern.

2.5.3.1. Processing of electromagnetic signals

The form of espionage by technical means with which the public are most familiar is that which uses satellite photography. In addition, however, electromagnetic signals of any kind are intercepted and analysed (.signals intelligence, SIGINT). In the military field, certain electromagnetic signals, e.g. those from radar stations, may provide valuable information about the organisation of enemy air defences (.electronic intelligence, ELINT). In addition, electromagnetic radiation which could reveal details of the position of troops, aircraft, ships or submarines is a valuable source of information for an intelligence service. Monitoring other states, spy satellites which take photographs, and recording and decoding signals from such satellites, is also useful. The signals are recorded by ground stations, from low-orbit satellites or from quasi-geostationary SIGINT satellites. This aspect of intelligence operations using electromagnetic means consumes a large part of services. Interception capacity, however, this is not the only use made of technology.

2.5.3.2. Processing of intercepted communications

The foreign intelligence services of many states intercept the military and diplomatic communications of other states. Many of these services also monitor the civil communications of other states if they have access to them. In some states, services are also authorised to monitor incoming or outgoing communications in their own country. In democracies, intelligence services, monitoring of the communications of the country’s own citizens is subject to certain triggering conditions and controls. However, domestic law in general only protects nationals within the territory of their own country and other residents of the country concerned

2.5.3.3. The interception on the spot

On the spot, any form of communication can be intercepted if the eavesdropper is prepared to break the law and the target does not take protective measures.

Conversations in rooms can be intercepted by means of planted microphones (bugs) or laser equipment which picks up vibrations in window panes.
Screens emit radiation which can be picked up at a distance of up to 30 metres, revealing the information on the screen.
Telephone, fax, and e-mail messages can be intercepted if the eavesdropper taps into a cable leaving the relevant building.
Although the infrastructure required is costly and complex, communications from a mobile phone can be intercepted if the interception station is situated in the same radio cell (diameter 300 m in urban areas, 30 km in the countryside).
Closed-circuit communications can be intercepted within the USW-radio range.

2.5.3.4. The worldwide interception system

Nowadays various media are available for all forms of intercontinental communication (voice, fax and data). The scope for a worldwide interception system is restricted by two factors:
Restricted access to the communication medium
The need to filter out the relevant communication from a huge mass of communications taking place at the same time.

2.5.3.5. Access to communication media

Cable communications:- All forms of communication (voice, fax, e-mail, data) are transmitted by cable. Access to the cable is a prerequisite for the interception of communications of this kind. Access is certainly possible if the terminal of a cable connection is situated on the territory of a state which allows interception. In technical terms, therefore, within an individual state all communications carried by cable can be intercepted, provided this is permissible under the law. However, foreign intelligence services generally have no legal access to cables situated on the territory of other states. At best, they can gain illegal access to a specific cable, although the risk of detection is high.

From the telegraph age onwards, intercontinental cable connections have been achieved by means of underwater cables. Access to these cables is always possible at those points where they emerge from the water. Electric cables may also be tapped between the terminals of a connection, by means of induction (i.e. electromagnetically, by attaching a coil to the cable), without creating a direct, conductive connection. Underwater electric cables can also be tapped in this way from submarines, albeit at very high cost.

In the case of the older-generation fibreoptic cables used today, inductive tapping is only possible at the regenerators. These regenerators transform the optical signal into an electrical signal, strengthen it and then transform it back into an optical signal. However, this raises the issue of how the enormous volumes of data carried on a cable of this kind can be transmitted from the point of interception to the point of evaluation without the laying of a separate fibreoptic cable.

The conditions apply to communications transmitted over the Internet via cable. The situation can be summarised as follows:

Internet communications are carried out using data packets and different packets addressed to the same recipient may take different routes through the network.
In the internet communication the routes followed by individual data packets were completely unpredictable and arbitrary. At that time, the most important international connection was the 'science backbone' between Europe and America.
The commercialisation of the Internet and the establishment of Internet providers also resulted in a commercialisation of the network. Internet providers operated or rented their own networks. They therefore made increasing efforts to keep communications within their own network in order to avoid paying user fees to other operators. Today, the route taken through the network by a data packet is therefore not solely determined by the capacity available on the network, but also hinges on costs considerations.

2.5.3.6. Scope for interception from aircraft and ships:-

It has long been known that special AWACS aircraft are used for the purpose of locating other aircraft over long distances. The radar equipment in these aircraft works in conjunction with a detection system, designed to identify specific objectives, which can locate forms of electronic radiation, classify them and correlate them with radar sightings .They have no separate SIGINT capability. In contrast, the slow-flying EP-3 spy plane used by the US Navy has the capability to intercept microwave, USW and short-wave transmissions. The signals are analysed directly on board and the aircraft is used solely for military purposes. In addition, surface ships, and in coastal regions, submarines are used to intercept military radio transmissions.

2.5.3.7. The scope for interception by spy satellites (The Backbone of Echelon):-

Provided they are not focused through the use of appropriate antennae, radio waves radiate in all directions, i.e. also into space. Low-orbit Signals Intelligence

Satellites can only lock on to the target transmitter for a few minutes in each orbit. In densely populated, highly industrialised areas interception is hampered to such a degree by the high density of transmitters using similar frequencies that it is virtually impossible to filter out individual signals19. The satellites cannot be used for the continuous monitoring of civilian radio communications.

Alongside these satellites, the USA operates so-called quasi-geostationary SIGINT satellites stationed in a high earth orbit (42 000 km)20. Unlike the geostationary telecommunications satellites, these satellites have an inclination of between 3 and 10o, an apogee of between 39 000 and 42 000 km, and a perigee of between 30 000 and 33 000 km. The satellites are thus not motionless in orbit, but move in a complex elliptical orbit, which enables them to cover a larger area of the earth in the course of one day and to locate sources of radio transmissions. This fact, and the other non-classified characteristics of the satellites, point to their use for purely military purposes. The signals received are transmitted to the receiving station by means of a strongly-focused, 24GHz downlink.

2.5.3.8. The automatic analysis of intercepted communications (The Backbone of Echelon):-

When foreign communications are intercepted, no single telephone connection is monitored on a targeted basis. Instead, some or all of the communications transmitted via the satellite or cable in question are tapped and filtered by computers employing keywords ñ analysis of every single communication would be completely impossible.

It is easy to filter communications transmitted along a given connection. Specific faxes and e-mails can also be singled out through the use of keywords. If the system has been trained to recognise a particular voice, communications involving that voice can be singled out. However, according to the information available to the rapporteur the automatic recognition to a sufficient degree of accuracy of words spoken by any voice is not yet possible. Moreover, the scope for filtering out is restricted by

other factors: the ultimate capacity of the computers, the language problem and, above all, the limited number of analysts who can read and assess filtered messages

When assessing the capabilities of filter systems, consideration must also be given to the fact that in the case of an interception system working on the basis of the vacuum-cleaner principle, those technical capabilities are spread across a range of topics. Some of the keywords relate to military security, some to drug trafficking and other forms of international crime, some to the trade in dual-use goods and some to compliance with embargoes. Some of the keywords also relate to economic activities. Any move to narrow down the range of keywords to economically interesting areas would simply run counter to the demands made on intelligence services by governments; what is more, even the end of the Cold War was not enough to prompt such a step.

The Echelon System developed by NSA and it allies’ uses this type of filtering of the messages by use of Directories and Keywords. Thus the system filters the messages using the modern techniques for searching by use of the sophisticated searching algorithms. In this method the NSA uses sophisticated Speech Recognition Softwares and the OCR softwares for searching or sniffing through the packets. The searching through the packets is done by the specific keyword and Directories. These keyword and Directories are the power of an Echelon System. It is told that an echelon system can intercept about billions of messages every hour. This makes the echelon system as the largest spying network of the world using the largest computing power that the human kind ever experienced. The Power of the Echelon System is Dictionaries containing Keywords.

2.6. Keywords:-

When sniffing through the packets and sending the information to the destination of agencies the computers in the part of Echelon system uses some “Sensitive Words” to find out the messages which carries the sensitive information. These words are known as the Keywords. The computers automatically search through

millions of intercepted messages for the ones containing the pre-programmed keywords and then ship the selected messages off to the computers of the requesting agency.

Processing millions of messages every hour, the ECHELON systems churn away 24 hours a day, 7 days a week, looking for targeted keyword series, phone and fax numbers, and specified voiceprints. It is important to note that very few messages and phone calls are actually transcribed and recorded by the system. The vast majority are filtered out after they are read or listened to by the system. Only those messages that produce keyword “hits” are tagged for future analysis. Again, it is not just the ability to collect the electronic signals that gives ECHELON its power; it is the tools and technology that are able to whittle down the messages to only those that are important to the intelligence agencies.

The Echelon System compares the intercepted messages with the keywords and when a “Hit” occurs the system will forward the messages to the corresponding agencies.

2.7. The ECHELON Dictionaries:-
The extraordinary ability of ECHELON to intercept most of the communications traffic in the world is breathtaking in its scope. And yet the power of ECHELON resides in its ability to decrypt, filter, examine and codify these messages into selective categories for further analysis by intelligence agents from the various UKUSA agencies. As the electronic signals are brought into the station, they are fed through the massive computer systems, such as Menwith Hill’s SILKWORTH, where voice recognition, optical character recognition (OCR) and data information engines get to work on the messages.
The database containing the keywords may be huge, these huge database is called as the Dictionaries. Each station maintains a list of keywords (the “Dictionary”) designated by each of the participating intelligence agencies. A Dictionary Manager from each of the respective agencies is responsible for adding,

deleting or changing the keyword search criteria for their dictionaries at each of the stations.  Each of these station dictionaries is given codeword, such as COWBOY for the Yakima facility and FLINTLOCK for the Waihopai facility. These code words play a crucial identification role for the analysts who eventually look at the intercepted messages.
By the rise of post-modern warfare – terrorism – gave the establishment all the justification it needed to develop even greater ability to spy on our enemies, The satellites that fly thousands of miles overhead and yet can spy out the most minute details on the ground; the secret submarines that troll the ocean floors that are able to tap into undersea communications cables.
2.8. The Problems of Echelon:-
Even the technology made us to access the sophisticated spying methods and prevention of terrorist activities up to certain extend. The Echelon system has its drawbacks.
The Echelon system will not provide any privacy for our own people in home and abroad. Every thing is monitored by the Big- Brother. It will not provide any security of the data of the corporate firms. It will result in the complete destruction of the industries and it will lead to the 19th century colonialism. It will cause a threat to our modern culture.
Every military secret is public to NSA and it’s allies, even though if we are hiding that from their eyes. They will hear and see with a sixth-sense…yes….. the computers. It will lead to the mass destruction of human kind. Even a single war can cause the complete destruction of the man-kind.
As stated above the Echelon systems can be developed to protect us from the terrorist attacks, but we have to ensure that these systems are protected from intrusion and weather it occurs the result will be hazardous. If the terrorists got the
Sensitive information about the military secrets and the intelligence secrets, the terrorists can cause a world war.







CHAPTER 3
CONCLUSION
3.1. CONCLUSION
The interception of communication is the main function done by the intelligence agencies all over the world. The intelligence agencies are searching for the sophisticated methods for surveillance and spying from its own people and from its enemies. Here the scientists in the NSA developed the modern techniques for finding the interception of messages. And they developed a network known as the Echelon System. It made them to leap ahead of the hackers in one step.

The main topics discussed here is Tempest and Echelon. Tempest is the technology for spying from electronic equipments with out any physical contact. It is the wonderful technology which people ever experienced. It enables us to replicate the data on electronic equipment from a couple of kilometres away. We can replicate the computer monitor and Hard disk (or even Memory) of computer system by this way.

Echelon is the vast network formed by NSA and its allies all over the world to intercept the messages sent through any transmission media. It plays a major role in the intelligence related work of the NSA and its allies. It uses the largest computing power of distributed systems. It uses search algorithms and sophisticated soft wares like speech recognition and OCR software….

Even though we discussed about the advantages of the Echelon and Tempest there is some major disadvantages for these systems. These systems are “GOD-LIKE” and nothing can be hidden from the Echelon system. But the Echelon

system will not provide any secrecy for the common people. It will only preserve the states policies .This will cause the leaking of the sensitive data of the industries and it will cause harm to that companies. And again the Tempest equipments are available in


USA and is prohibited of exporting from there, and thus if some terrorists got these Tempest equipments then it will cause harm to our industries and society. But many of
the corporate firms are protecting their companies from the Tempest attacks by use of software and equipments to prevent the Tempest attacks.

3.2. FUTURE SCOPE

Discussing about the future scope of Tempest and Echelon, we can say that these can be used to empower our intelligence agencies to do their job better than before. Unfortunately our India does not have a Tempest equipment developed yet. But we have to take care of the foreign intelligence agencies stealing our military data and the diplomatic data. We have to take the counter measures to protect our secret data from them. And we are not a part of Echelon network developed by NSA, so we have to develop one such for empowering our intelligence agencies and military agencies.


REFERENCES

EUROPEAN PARLIAMENT Session document 11 July 2001
http://acluechelon/index.htm
http://wirednews/ehelon.html
http://cl.cam.ac.uk
http://cryptomenacsim-5000.htm
http://lib.utexas.edu
http://mit.edu
Post: #4
Submitted by:
Himanshi Sharma

[attachment=10065]
Introduction
 The notion of spying is a very sensitive topic after the September 11 attack of Terrorists in New York.
 The National security Agency Of USA developed a secret project to spy on people .
 The project trace their messages to find out the terrorist activities across the globe .
 The project is named as Echelon.
 The allies of USA in this project are UK, Australia, New Zealand and Canada.
 Developed with the highest computing power of computers connected through the satellites all over the world.
 NSA left the wonderful method of Tempest and Carnivores behind.
What is Tempest?
 Stands for “Transient Electro-Magnetic Pulse Emanation Standard”.
 Intercept electromagnetic waves over the air.
 It even sniffs signals emanating from computer screens (range of few Kilometers).
 Captures signals through walls.
 Short name referring to investigations and studies of compromising emanations (CE).
 CE are un intentiorial intelligence-bearing signals which, if intercepted and analyzed, disclose the national security information transmitted, received, handled.
What is inside Tempest?
 CE consist of electrical or acoustical energy unintentionally emitted by a source.
 The emanations occur as – Electro magnetic fields set free by elements of the plain text processing equipment or its associated conductors.
 Propagation of sound waves from mechanical or electro mechanical devices.
 Text-related signals through
(a) common circuit elements such as grounds and power supplies.
(b) inductive and capacitive coupling.
Sources of Templest Signals
 Functional Sources: Design for specific purpose of generating electromagnetic energy.. Examples are switching transistors, oscillators, Signal generators, synchronizers, line drivers, and line relays.
 Incidental Sources: Which are not designed for the specific purpose of generating electromagnetic energy.Examples are electro mechanical switches and brush-type motors.
Types of Tempest Signals
 RED Base band Signals- Can be introduced into electrical conductors connected to circuits .
It can be introduced into an escape medium by capacitive or inductive coupling. especially by radiation with RED baseband signals of higher frequencies or data rates.
 Modulated Spurious Carriers - Generated as the modulation of a carrier by RED data. The carrier is usually amplitude or angle-modulated by the basic RED data signal.
 Impulsive Emanations -- Impulsive emanations are quite common in Equipment and are caused by very fast mark-to-space and space-to-mark transitions of digital signal.
Technology behind Tempest
 Tempest is the technology, which can reproduce what you are seeing in your monitor, what you are typing in your keyboard from a couple of kilometres away.
 It traces all electromagnetic radiation from the victim’s monitor, keyboard, even pc memory and hard disk, and then it reproduces the signals.
 By using this technology it is possible to intrude in to a person’s computer from a couple of kilometres away, even it is a computer which is not “Networked” .
 Enables the intruder to hack without any connection to the victim’s computer.
Tempest attacks
 Short wave attacks: Attack software can read the parameters of signals directly from the video controller chip, or find them in configuration files.
 Broadband Transmission attacks: A professional eavesdropper is more likely to select a method that affects only a small part of the screen layout and that is optimized for maximum range and robust reception with sophisticated equipment.
PROTECTION FROM TEMPEST ATTACKS
 TEMPEST testing and selection : Provide emission security. Unintentional signals and RED signals may be generated in an EUT are the object of detection and measurement during TEMPEST tests.
 TEMPEST FONTS: TEMPEST fonts are used for protecting the computers form the eavesdropper.
 TEMPEST PROOF WALLS: TEMPEST proof walls are developed for preventing from TEMPEST attacks. These walls are designed for reflecting the electromagnetic waves back to the same room it self.
What is Echelon?
 Technology for sniffing through the messages sent over a network or any transmission media, even it is wireless messages.
 Developed by National Security Agency of USA.
 A secret project to spy on people by tracing their messages.
 To find out the terrorist activities across the globe.
 Developed with the highest computing power connected through the satellites all over the world.
 Maintained by five countries: the US, England, Canada, Australia, and New Zealand.
Design Of Echelon
 Position intercept stations all over the world to capture all satellite, microwave, cellular and fiber-optic communications.
 Process this information through the massive computer capabilities of the NSA.
 Use advanced voice recognition and optical character recognition(OCR) programs
 Look for code words or phrases (known as the ECHELON “Dictionary”).
Echelon Device
ESPIONAGE???

 Espionage is simply the organised theft of information.
 Espionage targets :Involves targets such as military secrets, other government secrets or information concerning the stability of or dangers to governments.
 Espionage methods :Involves gaining access to information which the holder would rather protect from being accessed by outsiders. This is the case with both political and industrial espionage.
Problems of Echelon
 Even the technology made us to access the spying methods and prevention of terrorist activities up to certain extend. The Echelon system has its drawbacks.
 The Echelon system will not provide any privacy for our own people in home and abroad. Every thing is monitored by the Big- Brother. It will not provide any security of the data of the corporate firms. It will cause a threat to our modern culture.
 Every military secret is public to NSA and it’s allies, even though if we are hiding that from their eyes. It will lead to the mass destruction of human kind. Even a single war can cause the complete destruction of the man-kind.
 If the terrorists got the sensitive information about the military secrets and the intelligence secrets, the terrorists can cause a world war.
Future Scope
 About the future scope of Tempest and Echelon, these can be used to empower our intelligence agencies to do their job better than before.
 Unfortunately our India does not have a Tempest equipment developed yet. But we have to take care of the foreign intelligence agencies stealing our military data and the diplomatic data.
 We have to take the counter measures to protect our secret data from them.
 And we are not a part of Echelon network developed by NSA, so we have to develop one such for empowering our intelligence agencies and military agencies.
Post: #5
PRESENTED BY
SNEHA KASHYAP

[attachment=11445]
INTRODUCTION
ECHELON

Developed by National Security Agency of USA.
- A secret project to spy on people by tracing their message.
- To find out the terrorist activities across the globe.
- Developed with the highest computing power connected through the
satellites all over the world.
- Sniffing of messages over a network or any transmission media , even
wireless.
- Design:
* position intercept stations all over the world to capture all satellite,
microwaves , cellular and fiber-optic communications.
* process this information through the massive computer capabilities
of the NSA
* use advanced voice recognition and optical character recognition
(OCR) programs and look for code words or phrases known as
“echelon dictionary”
TEMPEST
- Stands for “Transient Electro-Magnetic Pulse Emanation Standard”.
- Main Theory
* any electronic or electrical device emits electromagnetic
radiations of specific key when it is operated.
- Intercept electro-magnetic waves over the air.
- It even sniffs signals emanating from computer screens(range of few
kilometers).
- Captures signal through walls.
- VDUs emit radiations when scanning up on vertical or horizontal range beyond the screen
Need for an interception system
 To keep track of spies and terrorists for preserving the security of the country.
 Also being used for purposes well outside its original mission.
 For political spying and industrial espionage.
INSIDE TEMPEST:
 TEMPEST is a short name referring to investigations and studies
of compromising emanation(CE).
 Compromising emanations(CE) are defined as unintentional intelligence bearing signals.
 CE consists of electrical and acoustical energy unintentionally emitted by a source.
 The emanations occur as: - text-related signals through
a)common circuit element such as ground and power supplies.
b)inductive and capacitive coupling. - propagation of sound waves from mechanical and electromechanical sound waves.
Sources of TEMPEST signals
a)Functional sources:
-switching transistors, oscillators, signal generators synchronizers, line drivers and line relays.
b)Incidental sources:
-electromechanical switches and brush type motors
Post: #6
Rainbow 
Respected authority,
i want full report of tempest and echelon


REPORT OF TEMPEST AND ECHELON
Post: #7
you can refer these page details of"tempest and echelon full report " below link

http://seminarprojectst-tempest-and-echelon-full-report
 

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  imouse full report computer science technology 3 3,710 17-06-2016 12:16 PM
Last Post: ashwiniashok
  computer networks full report seminar topics 7 5,005 25-05-2016 02:07 PM
Last Post: dhanyavp
  Implementation of RSA Algorithm Using Client-Server full report seminar topics 6 5,076 10-05-2016 12:21 PM
Last Post: dhanyavp
  Optical Computer Full Seminar Report Download computer science crazy 43 34,480 29-04-2016 09:16 AM
Last Post: dhanyavp
  ethical hacking full report computer science technology 41 47,049 18-03-2016 04:51 PM
Last Post: seminar report asees
  broadband mobile full report project topics 7 2,186 27-02-2016 12:32 PM
Last Post: Prupleannuani
  steganography full report project report tiger 15 19,600 11-02-2016 02:02 PM
Last Post: seminar report asees
  Digital Signature Full Seminar Report Download computer science crazy 20 14,214 16-09-2015 02:51 PM
Last Post: seminar report asees
  Mobile Train Radio Communication ( Download Full Seminar Report ) computer science crazy 10 12,348 01-05-2015 03:36 PM
Last Post: seminar report asees
  service oriented architecture full report project report tiger 12 6,569 27-04-2015 01:48 PM
Last Post: seminar report asees