TEMPEST Font Protects Text Data against RF Electromagnetic Attack

: Nowadays an electromagnetic penetration process of electronic devices has a big significance. Processed information in electronic form could be protected in different ways. Very often used methods limit the levels of valuable emissions. But such methods could not always be implemented in commercial devices. A new solution (soft tempest) is proposed. The solution is based on TEMPEST font. The font does not possess distinctive features. This phenomenon causes that at an output of Side Channel Attack the possibilities of recognition of each character which appears on the reconstructed image for sources in the form of graphic lines (VGA and DVI) are limited. In this way the TEMPEST font protects processed data against electromagnetic penetration not only for VGA and DVI standards. The data are protected during printing them on laser printers too.


INTRODUCTION
Protection of information against electromagnetic penetration process is a very important challenge. To protect information various methods and solutions are used. Most popular solution is a restricted access to space where classified information is processed [1,2]. However, electronic devices are sources of electromagnetic emissions. These emissions could be correlated with processed information. Then the data could be received in a non-invasive way. The non-invasive data acquisition is imperceptible for owner of such data [3][4][5][6].
The most spectacular phenomenon consists in the opportunity of displaying acquired data in a form that is comprehensible for a person. This in particular concerns sources of emissions in the shape of graphic lines, e.g. VGA or DVI standards [7][8][9][10][11][12] and laser systems of typical laser printers [13][14][15][16]. Because the non-invasive data acquisition is very dangerous, the sources of electromagnetic emissions correlated with processed graphic information are the subject of analyses and tests. There are searched the best and the most effective methods which could protect processed information against electromagnetic penetration. A shielding is a very popular method which limits levels of electromagnetic disturbances from IT devices [2,17]. Other method consists in filtering electric video signals Fig. 1, [18,19]. Markus Kuhn proposed a solution consisting of a filtering system applied on video standard of desk computer. Markus Kuhn's approach limits over 20%, 30%, 40% and 50% of signal spectrum. This produces the desired effect.
However, the limitation of signal spectrum causes that reconstructed characters on an "eavesdropped" screen are illegible Fig. 1. Legibility level of information is very low. In this case a very important problem has to be mentioned. The filtering of video signal is not a solution which could be applied to different graphic sources of sensitive emissions. It is effective in case of analog standard. The problem is connected with the resolution of working of the monitor. If the resolution is changed the parameters of video signal are changed too. The phenomenon causes that one filter is not effective in all ranges of working resolution of monitor. DVI standard as a digital standard is sensitive to changing of electric parameters of video signal. The changes of the parameters cause disturbances of displayed picture on the screen. To protect DVI standard a method based on colors of a text and a background could be used [7,17].
The shape of video signal can be formed by appropriate shape of computer font. Such approach is proposed by Sang Mun. His idea is connected with new fonts which have additional graphic elements (e.g. noise, flowers, Fig. 2a and Fig. 2b). The Arial font is the basis for the set of fonts. However Sang Mun's fonts are easily identified in the electromagnetic eavesdropping process (next chapter of the paper). But characters of these fonts are not recognized by Optical Character Recognition (OCR) programs ( Fig. 2c and Fig. 2d).
To prove usefulness of the new solution in the form of TEMPEST font a lot of tests were carried out. The level of protection of information against electromagnetic penetration was verified. A method of correlation between letters at Side Channel Attack (SCA) output was used.
There are commercial fonts, which could have similar features as TEMPEST font. Such font is Null Pointer font Fig. 3, [20]. Null Pointer font is a typical computer font which has the characteristics of TEMPEST font. Each character of this font is built only from horizontal and vertical lines. But widths of these lines are various. The phenomenon allows easily identifying each character of the font included in reconstructed image. In the paper a new method is presented to protect the processed text information against electromagnetic penetration. The method uses soft solution based on TEMPEST font [21]. New idea is effective for different graphic sources of sensitive emissions, e.g. DVI and VGA video standards, different types of laser printers [16].

A COMPUTER TEMPEST FONT
The design of safe font takes into account the features of the SCA for electromagnetic emissions. The SCA has the features of a high-pass filter: where: x'(t)-signal x(t) at the output of the SCA, x(t)-the reveal emission signal at the input of the SCA, s(t) -natural noise and disturbances inside of the SCA. Therefore, in reconstructed images only vertical and diagonal edges of graphic shapes (in particular of letters) are visible. These lines correspond to impulses (a rising edge of impulse, a trailing edge of impulse) which decide about displaying of graphic shapes. Taking into account these features the TEMPEST font was proposed. The font was called Safe Symmetrical font Fig. 4. It is one of three collections of TEMPEST fonts (Symmetrical, Asymmetrical and Simple fonts). The names of these fonts are connected with the shapes of letters. For example letters of Safe Symmetrical font are built from vertical lines of the same thickness but different than horizontal lines. For the Asymmetrical Safe font the thicknesses of vertical lines are different. Additionally letters of Simple Safe font are built from vertical and horizontal lines of the same thickness. The fonts are characterized by different levels of legibility and they could be used interchangeably. I carried out a questionary concerning legibility of safe fonts and traditional fonts. The new fonts did not get very bad notes. Additionally the protection level against electromagnetic eavesdropping is compared.  The construction of Safe Symmetrical font is connected with maximizing the similarity of intercharacters. It is possible because letters of the font do not have distinctive features. In such case given character could be recognized as other character. Such phenomenon can occur in case of every source of valuable emission which is correlated with processed graphic information, e.g. VGA analog standard, DVI digital standard, laser printers.
Every letter and digit of the font only includes various widths of vertical and horizontal lines. Some basic characteristics of two-element writing have been retained: -a narrower horizontal line is found in upper and lower parts of letter (for several letters the narrower line exists in the middle part of letter), -a wide vertical line is found on the left and right sides of a character, -none of the characters bear any decorative elements Fig. 5.
For the tests of valuable emissions connected with safe font the TEMPEST Test System DSI-1550A was used. The receiver has a video output interface. The interface makes possible record of the valuable emissions. This is, however, a signal module. Therefore the reconstructed images include only vertical and diagonal edges of letters according to [2]: The purpose of the design of individual letters was maximization of similarity between the letters. Simultaneously the letters should be distinguishable to guarantee smooth reading. Additionally widths of the letters of safe font should be comparable with widths of letters of traditional fonts. Then the statistical parameters numbers of letters and spaces per sheet of paper will be met.
The tests were carried out in ideal measurement conditions (for the tests the semi-anechoic chamber was used, Fig. 6).

INTER-CHARACTER CORRELATION OF COMPUTER FONTS 3.1 The Input of the Side Channel Attack
The inter-character correlation for individual letters was calculated for respective fragments of the analyzed image. Each fragment including one letter was compared with a pattern which included searched letter according to: where: and  The number of the values of inter-character correlation R Z for appropriate ranges of similarity on the input of the SCA Relation (3) was used both for the inter-character correlation calculated at SCA input and output. High R Z values make distinctive features of given characters partly disappear at SCA input. Consequently, it becomes impossible to visually recognize letters at SCA output and R Z values do not allow to correctly mark a letter in a location where it is found. In such case the phenomenon is defined by high values of Character Error Rate.
The values of the inter-character correlation (3) are shown in Fig. 7. The similarity between characters of safe font is higher than other fonts. Therefore the safe font could be used to protection classified information against the non-invasive acquisition. Graphic forms of the values of correlation coefficient R for selected characters of analyzed fonts are shown in Fig. 8.  The selected characters created a matrix Fig. 9. The distribution of the selected characters in the matrix was random. We can notice that the values of maxima of correlation coefficient R Z for discordance of characters (discordance of pattern image and analyzed fragment of reconstructed image) are a little smaller than the values of correlation coefficient R Z for conformity of characters. Of course it is true only for safe font. For other fonts the differences are bigger. The situation makes possible to recognize almost each character of these fonts in a reconstructed image.

The Output of the Side Channel Attack
The usefulness of the safe font in counteracting the eavesdropping process was tested using visual method. In this case the visual method was selected because graphic lines of video standards and laser printer were sources of valuable emissions. Moreover the visual method was supported by coefficient of inter-character correlation and values of CER [22]. The values of the inter-character correlation were calculated according to (3). Obtained results are shown in Tab. 1, Tab. 2 and Tab. 3 and in Fig.  10. The values of inter-character correlation are higher for TEMPEST font than for traditional fonts. The second and the third range of inter-character correlation include most values for TEMPEST font in contrast to traditional fonts, Sang Mun fonts and Null Pointer font. Technical Gazette 27, 4(2020), 1058-1065 The letters of TEMPEST font are characterized by lower level of similarity. The phenomenon has an influence on errors number in attempts of finding a correct letter in a reconstructed image.
On the basis of values of inter-character correlation of traditional and Sung Mun fonts these fonts could not be considered as TEMPEST fonts. These fonts have additional graphic shapes which make easier the recognition of characters. The same phenomenon applies to Null Pointer font. The characters of this font are built from vertical and horizontal lines but widths of these lines are different.

CHARACTER ERROR RATE (CER)
Next tests were carried out for the traditional fonts and Symmetrical Safe fonts. It was dictated that the Sang Mun fonts cannot be used as safe fonts. Low similarity between characters of these fonts eliminates the solution as effective in electromagnetic protection of information.
The eavesdropping process is based on the reconstructed images. Therefore visual method is the main method which is used to search information on these images [23][24][25]. However, the visual analysis is computeraided. In this case the correlation method based on CER is useful. The parameter determines the error values in the process of data acquisition which was used to the classifying of Arial, Times New Roman and Safe Symmetrical fonts from the viewpoint of protection of information.
For the purpose of analysis the following was taken: nthe number of all wanted letters which the reconstructed image includes, d-the number of letters which were incorrectly recognized, b-the number of letters which were rightly recognized, a-the number of letters which were unrecognized but which were wanted (a = n -b), m-the number of all letters which the reconstructed image included. Then: Tab. 4 includes the values of errors for tested fonts.  For the purpose of analysis, n = 31, which produces m = 651. Characters have been located randomly in 31 matrices, each sized 21 × 31. Fig. 11 includes fragments of the reconstructed images. Certainly the quality of the pictures is not good [25][26][27][28]. It is caused by very weak signals and disturbances inside SCA [29]. However in such conditions characters of Arial and Times New Roman fonts still are recognized [29][30][31].

CONCLUSIONS
In the paper a new computer font (TEMPEST font) was presented to protect processed information against the electromagnetic penetration. TEMPEST font was devoid of distinctive features in contrast to traditional fonts (Arial and Times New Roman). The new method was tested with other very popular computer fonts. There were also analyzed Mun's font, Null Pointer font, filtering of video signal and a method of colours (background and alphabet characters).
In the analyses the reconstructed images from very weak signals were used. The images included text data written by traditional fonts and TEMPEST font. To recognize the characters of these fonts the visual method was used. The analyses were supported by values of inter-character correlation and values of errors (CER). These parameters achieved big values for new font compared to traditional fonts.
Because the Symmetrical Safe font does not have distinctive features its characters were not recognized. This makes restoring text data impossible. Values of errors confirm usefulness of the Safe Symmetrical font in counteracting the electromagnetic infiltration process.
The filtering method of video signal is not useful in case of analogue VGA standard [3,32,33,34,35]. This standard is not sensitive to changes of signal shapes in contrast to DVI standard. The filtering of digital video signal could result in display of false pixels and even the screen could be switched off. Comparable effects might take place in the case of laser printers.