Black Box Explains... TEMPEST standard and Common Criteria (EAL4+)
Common Criteria (EAL4+) defines a common set of tests regarding the process of the design, testing, verification, and shipping of new security products. Common Criteria enables customers to assess a... more/see it nowlevel of trust in how a product has been designed, tested, built, and shipped.
TEMPEST testing, while classified, is regarded as a process that assesses the threat of data linking by various covert electromagnetic eavesdropping mechanisms. The TEMPEST designation is often required by military organizations. TEMPEST, as a security standard, pertains to technical security countermeasures, standards, and instrumentation that prevent or minimize the exploitation of vulnerable data
communications equipment by technical surveillance or
Both testing standards are important, they just test for different things.
TEMPEST-Secure KVM Switches
For 2 or 4 ports, with USB, and DVI-I or VGA the ServSwitch Secure KVM Switch with USB (page 382) provides control and separation of up to four PCs connected to secure and unsecure networks through just one keyboard, monitor, and mouse.
High port-to-port electrical isolation, which facilitates data separation (RED/BLACK).
NSA tested and TEMPEST approved for and by the U.S. Air Force.
The low radiated emissions profile meets the appropriate national requirements for conducted/radiated electromagnetic emissions.
Switches are permanently hard wired, preventing access from one CPU to the others or access from one network to others.
External tamper-evident seals make it easy to spot attempted tampering.
Channel-to-channel 60-dB crosstalk isolation protects against signal snooping, so software tools and applications cannot be used to access any connected computer from another connected computer.
Users can safely switch among as many as four computers operating at different classification levels.
Common Criteria Evaluation Assurance to Level 4+
A newly developed switch, the ServSwitch Secure with USB and DVI, or VGA, or VGA and a Card Reader (pages 384–385), is being evaluated for Common Criteria Evaluation Assurance to Level 4+ (EAL4+). Common Criteria is an international standardized process for information technology security evaluation, validation, and certification. The Common Criteria scheme is supported by the National Security Agency through the National Information Assurance Program (NIAP).
The ServSwitch Secure KVM Switch with USB surpasses the security profiles of most other KVM switches. Along with the tamper-evident seals and other security features already mentioned, ServSwitch Secure KVM Switch with USB models feature these security measures:
The flow of keyboard and mouse data is unidirectional, so it’s not possible for the computer to send data along the keyboard and mouse signaling channels.
Keyboard and mouse devices can only be enumerated at the keyboard and mouse ports. Any other USB peripherals connected to these ports will be prohibited from operating, preventing, for example, a USB thumb drive from uploading or downloading unauthorized data.
At each channel switchover, the USB host controller circuit, which controls shared peripherals, erases its entire RAM. This prevents residual data from remaining in the channel after a channel change and being transferred to another computer.
Every time the channel is changed, shared USB peripherals are powered down, reset, and re-enumerated.
Every time the channel is changed, the USB host controller is also powered down and reset, further ensuring no transfer of residual data.
Dedicated DDC bus and EDID memory emulation at each port prevent the shared monitor link from being used as a covert attack channel.
With only one selection button per channel, the ServSwitch Secure models enable direct and unambiguous channel selection.
Hotkey and mouse switching are excluded, preventing remote control of the switch.
Ports are powered through the computer’s USB ports, while the shared keyboard, mouse, and monitor are powered by the switch’s power supply. The lack of a common power supply minimizes electronic signaling.
The switches with card readers have additional features, including active authentication verification and active tamper detection. collapse
Black Box Explains…TEMPEST.
TEMPEST is an acronym for Telecommunications Electronics Material Protected from Emanating Spurious Transmissions. It pertains to technical security countermeasures, standards, and instrumentation that prevent or minimize the exploitation of vulnerable... more/see it nowdata communication equipment by technical surveillance or eavesdropping.
What puts your data communication equipment at risk?
Many things. But first and foremost, its microchip.
Any device with a microchip generates an electromagnetic field, often called a “compromising emanation” by security experts. With the proper surveillance equipment, these emanations can be intercepted and the signal reconstructed and analyzed. Unprotected equipment can, in fact, emit a signal into the air like a radio station—and nobody wants to risk his or her job and a whole lot more by broadcasting national security or trade secrets to the wrong people.
Some of the most vulnerable devices are speakerphones, printers, fax machines, scanners, external disc drives, and other high-speed, high-bandwidth peripherals. If the snoop is using a high-quality interception device, your equipment’s signals can be acquired up to several hundred feet away.
Arguably one of the most vulnerable pieces of equipment is an analog VGA monitor. If a spy were to introduce a Trojan into your system, he or she could monitor and store key presses and passwords used during the day. When the system’s not in use at night, the spy could pulse the VGA screen with grayscale images that have a strong signal at particular frequencies. VGA uses single-ended signaling that has a high common-mode emission level not protected by cable shielding, and it’s possible to monitor these signals outside the secure zone using a radio receiver. Even without a Trojan, a sophisticated receiver located nearby picks up and views what’s on the VGA monitor.
What TEMPEST is and isn’t.
It should come as no surprise that the Federal government became concerned about signal leakage. In fact, its interest goes back to the days of World War I when the Army was trying to exploit weaknesses of enemy combat phones and radio transmitters. Since then, the scope of the government’s interests has broadened beyond battlefield equipment. In the last
40 years, the National Security Agency (NSA) has taken several industry measurement standards and greatly beefed them up. These enhanced criteria are commonly referred to as the TEMPEST standards (although the NSA also calls them EMSEC standards, short for “emissions security”).
TEMPEST disciplines involve designing circuits to minimize emanations and the application of appropriate shielding, grounding, and bonding. Some methods used include radiation screening, alarms, and isolation.
A TEMPEST-approved device resembles its non-secure version with a few key differences. If it’s a network component such as a switch, it comes in a heavy metal case. It also has special shielding, a modified power supply, and perhaps a few other modifications from the standard model. If you need to open the device’s case,
a special torque wrench for use with TEMPEST-only products is required.
TEMPEST test equipment is very expensive and is sold exclusively to government agencies. Nobody can sell you commercial TEMPEST testing equipment. And if someone offers you a “TEMPEST surveillance system,” you need to be aware of two things: First, TEMPEST is counter-surveillance science and the offer is a fraud; second, the salesperson is committing a federal felony.
If you buy surveillance equipment—authentic or not—then you have also commited a felony. Construction of, possession of, attempting a sale of, or attempting a purchase of said surveillance equipment is illegal. Even if the product purchased is a hoax, the law will take your intentions into account as much as the salesperson’s. Don’t be surprised if you
both go to jail.
In the United States, you can learn about TEMPEST testing only in special schools sanctioned by, if not run by, the NSA. Courses to earn the TEMPEST Technician or TEMPEST Engineer certifications are very expensive. These classes are offered to a limited number of people who have a very high level of security clearance and who will be working on TEMPEST-approved equipment all the time.
All TEMPEST-approved communication devices have a rating based on their application and/or environment.
Type 1: This rating is for classified cryptographic equipment used for national security purposes. It’s endorsed by the NSA for securing telecommunications and automated information systems and for the protection of classified or sensitive U.S. Government information.
Type 2: This rating is for unclassified cryptographic equipment used by U.S. Government agencies, state and local governments, and sponsored U.S. Government contractors. It’s endorsed by the NSA for securing telecommunications and automated information systems and for the protection of unclassified but sensitive information, such as contract bids.
Type 3: This rating is for unclassified commercial cryptographic equipment that implements an algorithm registered with the National Institute of Standards and Technology (NIST). It’s for use in protecting sensitive information, like a corporation’s network communications. collapse