Masking is a scheme in which the intermediate variable is not dependent on an easily accessible subset of secret key. This results in making it impossible to deduce the secret key with partial information gathered through electromagnetic leakage.
Sources
M.-L. Akkar and C. Giraud. An implementation of des and aes, secure against some attacks. In CHES ’01: Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems, pages 309–318, London, UK, 2001. Springer-Verlag.
J.-S. Coron and L. Goubin. On boolean and arithmetic masking against differential power analysis. In CHES ’00: Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems, pages 231–237, London, UK, 2000. Springer-Verlag.
L. Goubin. A sound method for switching between boolean and arithmetic masking. In CHES ’01: Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems, pages 3–15, London, UK, 2001. Springer-Verlag.
Information is extracted not by reading files or decrypting frames but by observing physical or protocol byproducts of computation, power draw, electromagnetic emissions, timing, thermal signatures, or traffic patterns. Repeated measurements create distinctive fingerprints correlated with internal states (key use, table loads, parser branches, buffer occupancy). Matching those fingerprints to models or templates yields sensitive facts without direct access to the protected data. In space systems, vantage points span proximity assets (for EM/thermal), ground testing and ATLO (for direct probing), compromised on-board modules that can sample rails or sensors, and remote observation of link-layer timing behaviors.
Switching activity in chips, buses, and clocks radiates EM energy that can be captured and analyzed to reveal internal computation. Near-field probes (in test) or proximity receivers (on-orbit assets) can observe harmonics and modulation tied to cipher rounds, key schedules, or protocol framing, sometimes with finer granularity than power analysis. Coupling paths include packages, harnesses, SDR front ends, and poorly shielded enclosures. By training on known operations and comparing spectra or time-domain signatures, an adversary can recover keys or reconstruct processed data without touching logical interfaces.
The [spacecraft] shall protect system components, associated data communications, and communication buses in accordance with: (i) national emissions and TEMPEST policies and procedures, and (ii) the security category or sensitivity of the transmitted information, and shall demonstrate compliance via pre‑launch TEMPEST‑like evaluation for co‑located payload configurations.{SV-CF-2,SV-MA-2}{PE-14,PE-19,PE-19(1),RA-5(4),SA-8(18),SA-8(19),SC-8(1)}
The measures taken to protect against compromising emanations must be in accordance with DODD S-5200.19, or superseding requirements. The concerns addressed by this control during operation are emanations leakage between multiple payloads within a single space platform, and between payloads and the bus.
SPR-38
The [spacecraft] shall be designed so that it protects itself from information leakage due to electromagnetic signals emanations.{SV-CF-2,SV-MA-2}{PE-19,PE-19(1),RA-5(4),SA-8(19)}
This requirement applies if system components are being designed to address EMSEC and the measures taken to protect against compromising emanations must be in accordance with DODD S-5200.19, or superseding requirements.
SPR-115
The [organization] shall describe (a) the separation between RED and BLACK cables, (b) the filtering on RED power lines, (c) the grounding criteria for the RED safety grounds, (d) and the approach for dielectric separators on any potential fortuitous conductors, and shall provide quantitative separation distances, filter specifications, grounding resistance criteria, and dielectric separator material properties.{SV-CF-2,SV-MA-2}{PE-19,PE-19(1)}
Physical separation of classified (RED) and unclassified (BLACK) signal paths prevents compromising emanations. Defined separation distances, filtering, and grounding reduce leakage risk. Quantitative criteria ensure repeatable and verifiable implementation. This protects against unintended signal coupling and data leakage.