Soft Tempest – Frequently Asked Questions

Markus Kuhn

In the paper

Markus G. Kuhn, Ross J. Anderson: Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations, in David Aucsmith (Ed.): Information Hiding, Second International Workshop, IH’98, Portland, Oregon, USA, April 15–17, 1998, Proceedings, LNCS 1525, Springer-Verlag, pp. 124–142, ISBN 3-540-65386-4.

we first proposed software measures that can help to reduce or increase radio-frequency information leakage (compromising emanations) from computers, in particular analog video displays (CRTs). The most important example outlined in the paper is the use of character fonts in which the glyphs have been slightly low-pass filtered in a horizontal direction.

This initial study was more recently updated by

Markus G. Kuhn: Compromising emanations: eavesdropping risks of computer displays. Technical Report UCAM-CL-TR-577, University of Cambridge, Computer Laboratory, December 2003.

Section 3.6 (pp. 60–65) in this report describes an experiment that demonstrates the effect of low-pass filtered fonts. These measurements used a significantly better wideband Tempest receiver and antenna, along with a high-end digital storage oscilloscope, to capture the signal. This newer experiment much better represents the capabilities of a professional eavesdropper. The report also gives more detailed guidelines for implementing the technique. It proposes exact convolution coefficients for a finite-impulse-response filter and it recommends to combine the font filtering with randomising the least-significant bits of the frame buffer as each character is displayed. The latter helps to jam emanations from the digital part of the video card (e.g., the video RAM data bus lines), which may also be present.

The conclusion of the above report is that, with the proposed filter parameters, the signal-to-noise ratio seen by a video eavesdropper can be reduced by over 10 dB without affecting readability on a good CRT unduly. This reduces the distance within which eavesdropping is feasible by a factor of three, and equivalently reduces the area in which an eavesdropper can hide by a factor of ten. It will not compare with the in-the-region-of 60 dB attenuation provided by AMSG 720B certified military Tempest hardware that protects against an eavesdropper right on the other side of a plasterboard wall, but it is better than nothing.

Q: Where can I download low-pass filtered Soft Tempest fonts

Unfortunately, the existing font display mechanics in operating systems does not make it possible to implement this protection technique simply by installing a new font file.

For this reason, I am not providing any filtered font files.

Soft Tempest fonts represent characters with grayscale pixel images. The FON, BDF, and PCF pixel-font formats used in Microsoft Windows and X11, on the other hand, are only designed to represent characters as 1 bit/pixel images. They are unable to represent the smoothed vertical edges that attenuate the electromagnetic pulses generated each time the electron beam is switched on or off. More modern formats, such as Type1, TrueType (TTF), and OpenType, contain resolution-independent geometric outlines. While these outline fonts can be displayed using an anti-aliasing algorithm that smoothes diagonal lines, they still represent entirely black on white images and provide no means to encode arbitrary gray-scale images. As Figure 3.18 in Technical Report UCAM-CL-TR-577 (p. 63) shows, an anti-aliased outline font will still contain a substantial number of vertical high-contrast edges, even if one deactivates the "hinting" algorithm that aligns the outline points with the pixel raster.

Even if a font format that can handle grayscale glyph images (e.g., PostScript Type 3) were widely supported for on-screen display, this would still not solve the problem of how to add individual random LSB noise to each recurrence of a character on the screen.

Q: So how can filtered fonts be used in practice

Some developers of security applications have implemented their own display routines, which bypass the standard text display mechanisms of the operating system entirely.

Q: Would it be possible to write a plugin for standard GUI libraries that supports filtered fonts

This depends on what sort of hooks the GUI architecture provides for doing that. More recent X11 applications have abandoned the old X-server supported 1 bit/pixel font support. They now use antialiased outline fonts that are rendered on the client side and then transfered as grayscale images to the X server. The client-side rendering is done in the FreeType library. It should not be too difficult to add an optional post-processing step to FreeType that implements the algorithm suggested in section 3.6 of Technical Report UCAM-CL-TR-577. This would consist of

It is important to understand that the last step must be carried out after any font caching mechanism, to make sure that each recurrence of a letter on the screen has completely independently randomised least-significant bits.

I know too little about the internal architecture of the text-rendering subsystem in Microsoft Windows to comment on how feasible a software plugin would be there.

Q: Can I use filtered fonts also on flat-panel displays

My experience so far has been that with LCDs, the video cable is the most significant source of radiated information leakage. Where an analogue video cable (with 15-pin VGA connector) is used, low-pass filtered fonts have the same benefits as with CRTs. Where a purely digital video cable is used (DVI-D, laptop-internal displays with FPD/LVDS links, etc.) only the last step, namely randomizing the least-significant bits, should be implemented.

Where the video signal is entirely encoded in digital form, the low-pass filtered step will not have the desired effect. In fact, it can actually increase the differences between the signal generated by individual characters, and thereby make automatic radio character recognition more reliable.

Compromising emanations of digital video cables and suitable software countermeasures are discussed in more detail in:

Markus G. Kuhn: Electromagnetic Eavesdropping Risks of Flat-Panel Displays, 4th Workshop on Privacy Enhancing Technologies, 26–28 May 2004, Toronto, Canada, Proceedings, LNCS 3424, pp. 88–105, Springer-Verlag.

created 2005-03-09 – last modified 2005-03-09 – http://www.cl.cam.ac.uk/~mgk25/emsec/