TEMPEST Attacks and Cybersecurity

Öz

Broad usage of Information and Communication Technologies (ICT) and the Internet have made cybersecurity a vital issue. One of the less known threat for cybersecurity is TEMPEST (Transient Electromagnetic Pulse Emanation Standard) which has become more apparent today. TEMPEST is an information security term that refers to the examination and control of unwanted electromagnetic energy emissions caused by electrical and electronic devices. As a result of TEMPEST attacks, confidential information such as state secrets, personal information such as bank passwords, and more information can be passed on to the attackers. Unlike other known cyber-attack methods, TEMPEST attack methods are kept secret and those who are exposed to TEMPEST attacks are not aware of these attacks. The concept of TEMPEST is a less known cybersecurity component which can cause much greater damage if the necessary cybersecurity measures are not taken. The purpose of this study is to present a review of TEMPEST attacks and countermeasures. The study also highlights the importance of using national cybersecurity products that passed the national TEMPEST cybersecurity testing certification.

Anahtar Kelimeler

• Cybersecurity,TEMPEST,Electromagnetic Emission

Kaynakça

1. Resmi Gazete, 4 Haziran 2010. Resmî Gazete, Sayı: 27601, Millî Savunma Bakanlığı Savunma Sanayi Güvenliği Yönetmeliği.
2. S. Bilgin, Ö. Sarıtaş, G. Okyay, H.G. Örtlek, "Askeri ve Kamu Kuruluşlarına ait Binaların Tempest Güvenliği için Farklı Yapıda Dokuma Kumaşların Geliştirilmesi", Tekstil ve Mühendis, 2013, p.81.
3. Z. Hongxin, H. Yuewang, W. Jianxin, L. Yinghua, Z. Jinling,. Recognition of electro-magnetic leakage information from com- puter radiation with svm, computers & security 28 (1-2), 2009.
4. NSTISSI No. 7000, 29 Nov 1993, "TEMPEST Countermeasures for Facilities.", 1993.
5. B. Jacobs, W. Pieters, "Electronic Voting in the Netherlands: from early Adoption to early Abolishment", Published in: Foundations of Security Analysis and Design V: FOSAD 2007/2008/2009
6. Tutorial Lectures. Springer LNCS 5705, p. 121-144, 2009.
7. G. Bayraktar, “Harbin. Beşinci. Boyutunun. Yeni. Gereksinimi: Siber İstihbarat”, Güvenlik Stratejileri Dergisi,120-135,. 2014.
8. F. Cohen, "Information System Attacks: A Preliminary Classification Scheme," Computers & Security, Vol.16, No.1, 1997, pp.127--153.

9. S. Philippsohn, “Trends in Cybercrime - an overview of current financial crimes on the Internet,” Computers &. Security, vol. 20, no. 1, pp. 53-69, 2001.
10. T.C. Ulaştırma Denizcilik ve Haberleşme Bakanlığı, “2016-2019 Ulusal Siber Güvenlik Stratejisi”, 2016.
11. H. Çifci, "Her Yönüyle Siber Savaş", Ankara: Tübitak Popüler Bilim Kitapları, 2013. p.154.
12. M. Meral. "Siber savunma: Ülkeler ve Stratejiler", 3. Uluslararası Katılımlı Bilgi Güvenliği ve Kriptoloji Konferansı, Aralık 2008.
13. F. Aslay, "Siber Saldırı Yöntemleri ve Türkiye’nin Siber Güvenlik Mevcut Durum Analizi", IJMSIT (International Journal of Multidisciplinary Studies and Innovative Technologies), vol.1, pp.24-28, 2017.
14. M.E. Erendor, “Risk Toplumu ve Refleksif Modernleşme Çerçevesinde Siber Terörizm: Tanımlama ve Tipoloji Sorunu”, Cyberpolitik Journal, 1(1), 2016, pp.114-134.
15. Ross J. Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems", 2nd Edition. ISBN: 978-0-470-06852-6. Apr 2008.
16. P. Shotbolt, "Several compromising-emanations based interception techniques and their implications", June 2003.
17. D. Garlick, "TEMPEST and Electromagnetic Emanations Security: Is Not Only A Government Standard", GIAC Security Essentials Certification (GSEC) Practical Assignment Option One: Case Study in Information Security, January 27, 2005.
18. T. Finne, "The information security chain in a company", Computers & Security, 15, 4, 297–316, 1996.
19. W.V. Eck, "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?", 1985.
20. J. Karlsson, “TEMPEST Attacks”, Master Thesis in Computer Science, Thesis no: MCS-2003:13. June 2003.
21. The Federal Information Processing Standard (FIPS) Publication 140-2 (FIPS PUB 140-2), "Security Requirements for Cryptographic Modules", 1994.
22. F. Mohajer, “Cybersecurity Cyber-Attack Series Side Channel – TEMPEST Attacks”, 2016.
23. H. Altıner, H. ALTINER, E. Şaykol, E. ŞAYKOL, "Veri Güvenliğinde TEMPEST Saldırı Türleri Üzerine Tarihsel Bir İnceleme", Beykent Üniversitesi Fen ve Mühendislik Bilimleri Dergisi, 6 (2), 2015, pp.121-152.
24. M.G. Kuhn, Markus G. and R.J. Anderson, "Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations.", Berlin Heidelberg, 1998.