物理隔离网络电磁漏洞研究

刘文斌; 丁建锋; 寇云峰; 王梦寒; 宋滔

doi:10.11884/HPLPB201931.190132

物理隔离网络电磁漏洞研究

doi: 10.11884/HPLPB201931.190132

刘文斌^{1, 2,},
丁建锋^{1, 2},
寇云峰²,
王梦寒¹,
宋滔^{1, 2}

1.
成都新欣神风电子科技有限公司, 成都 611731
2.
中国电子科技网络信息安全有限公司, 成都 610041

基金项目:

四川省青年科技创新研究团队专项计划项目 2016TD0029

详细信息

作者简介:
刘文斌(1983—), 男, 硕士, 高级工程师, 从事电磁信息安全检测研究; 34265102@qq.com

中图分类号: TN924;TP309.2
计量
- 文章访问数: 1370
- HTML全文浏览量: 354
- PDF下载量: 76
- 被引次数: 0
出版历程
- 收稿日期: 2019-04-26
- 修回日期: 2019-08-22
- 刊出日期: 2019-10-15

Research on electromagnetic vulnerability of air-gapped network

Liu Wenbin^{1, 2
,},
Ding Jianfeng^{1, 2},
Kou Yunfeng²,
Wang Menghan¹,
Song Tao^{1, 2}

1.
Chengdu Xinxinshenfeng Electronic Technology Co, Ltd, Chengdu 611731, China
2.
China Cyber Security Co, Ltd, Chengdu 610041, China

摘要

摘要: 物理隔离网络的电磁攻击手段, 其主要目标是建立与外部互联网的隐蔽连接通道。近年来跨越物理隔离网络的方法和工具被陆续公开, 相应的分析方法和检测手段也逐步被国内外安全团队提出。掌握漏洞才能掌握网络安全的主动权, 对比网络安全漏洞, 电磁漏洞定义为能对设备或系统造成损害的电磁因素。以物理隔离网络为例, 电磁漏洞主要指的是网络的硬件和系统缺陷, 利用这些缺陷可以直接建立或通过植入恶意软件建立能突破物理隔离的电磁信号的信息收、发隐蔽通道。通过广泛的漏洞挖掘与验证, 从物理信号类型、信息传递方向、信号生成与作用机理、漏洞利用方式以及漏洞检测方法上提出物理隔离网络电磁漏洞分类方法; 通过综合借鉴网络安全漏洞、电磁信息安全检测、物理隔离隐蔽通道等领域的研究方法, 提出电磁漏洞的研究方法; 从深化主动检测、群智漏洞挖掘、网络电磁安全融合、大数据监测等角度, 提出了物理隔离网络电磁漏洞库的建立方法。
- 物理隔离网络 /
- 信息安全 /
- 电磁泄漏 /
- 主动检测 /
- 漏洞库
Abstract: The main objective of the air-gapped network electromagnetic attack means is to establish a hidden connection channel with the external Internet.In recent years, the methods and tools which connect airgapped network to Internet have been disclosed, and the corresponding analysis methods and detection methods have gradually been proposed by security teams at home and abroad.Comparing with network security vulnerabilities, electromagnetic vulnerabilities are defined as electromagnetic factors that can cause effect or damage to devices or systems.Taking physically isolated network as an example, electromagnetic vulnerabilities mainly refer to the hardware and system defects of the network.Using these defects, a covert channel through the implantation of malware can be established directly, which can break through physical isolation by sending and receiving electromagnetic signals.Through extensive vulnerability mining and verification, the classification method of electromagnetic vulnerabilities in air-gapped network is proposed from the aspects of physical signal type, information transmission direction, signal generation mechanism, vulnerability utilization mode and vulnerability detection method.The comprehensive reference of network security vulnerabilities, electromagnetic information security detection and air-gapped covert communication is provided.From the perspectives of deepening active detection, group intelligence vulnerability mining, network electromagnetic security integration, and big data monitoring, the establishment method of electromagnetic vulnerability database for air-gapped network is proposed.
- air-gapped network /
- information security /
- electromagnetic leakage /
- active detection /
- vulnerability database

HTML全文

参考文献(17)

[1]	Ramsay C. TEMPEST attacks against AES[EB/OL]. https://www.fox-it.com/en/insights/blogs/blog/tempest-attacks-aes/.
[2]	Genkin D, Pachmanov L, Pipman I, et al. Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation[C]//The WorkShop on Cryptographic Hardware and Embedded Systems(CHES)2015 in September 2015.
[3]	Carrara B. Air-gap covert channels[EB/OL]. https://ruor.uottawa.ca/bitstream/10393/35103/1/Carrara_Brent_2016_thesis.pdf.
[4]	Guri M, Zadov B, Bykhovsky D, et al. PowerHammer: Exfiltrating data from air-gapped computers through power lines[EB/OL]. https://airxiv.org/pdf/1804.04014.pdf.
[5]	Cui A. Funtenna[EB/OL]. https://www.funtenna.org/CuiBH2015.pdf.
[6]	Entriken W. System bus radio[EB/OL]. https://github.com/fulldecent/system-bus-radio.
[7]	David A, George L. Exfiltrating reconnaissance data from air-gapped ICS/SCADA netowrks[EB/OL]. http://www.blackhat.com/eu-17/briefings.html.
[8]	Teitler L. Let's play NSA! The hackers open-sourcing top secret spy tools[EB/OL]. http://motherboard.vice.com/en_us/aritcle/bmjpj3/michael-ossmann-and-the-nsa-playset.
[9]	刘文斌, 丁建锋, 寇云峰, 等. 软件定义电磁泄漏技术与应用分析[J]. 通信技术, 2017, 50(9): 2094-2099. https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201709035.htm Liu Wenbin, Ding Jianfeng, Kou Yunfeng, et al. Software-defined electromagnetic leakage technology and its application. Communications Technology, 2017, 50(9): 2094-2099 https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201709035.htm
[10]	丁建锋, 刘文斌, 丁磊, 等. 基于主动检测的电子设备电磁信息泄漏新型威胁分析[J]. 通信技术, 2018, 51(4): 936-940. https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201804035.htm Ding Jianfeng, Liu Wenbin, Ding Lei, et al. New threat analysis of electromagnetic information leakage in electronic equipment based on active detection. Communications Technology, 2018, 51(4): 936-940 https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201804035.htm
[11]	程磊, 罗儒俊, 寇云峰, 等. 基于电源线的传导电磁信息泄漏模型与验证[J]. 通信技术, 2018, 51(4): 941-946. https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201804036.htm Cheng Lei, Luo Rujun, Kou Yunfeng, et al. Verification of conductive electromagnetic information leakage model based on power line. Communications Technology, 2018, 51(4): 941-946 https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201804036.htm
[12]	丁建锋, 刘文斌, 廖翔宇, 等. 基于电子设备电磁敏感特性的信息注入模型与验证[J]. 通信技术, 2017, 50(11): 2589-2593. https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201711034.htm Ding Jianfeng, Liu Wenbin, Liao Xiangyu, et al. Verification of information-injection model based on electromagnetic susceptibility characteristic of electronic equipment. Communications Technology, 2017, 50(11): 2589-2593 https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201711034.htm
[13]	齐国雷, 寇云峰, 胡浩, 等. 基于隐蔽声通道的物理隔离计算机信息泄漏研究[J]. 通信技术, 2018, 51(3): 700-704. https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201803036.htm Qi Guolei, Kou Yunfeng, Hu Hao, et al. Information leakage based on acoustic convert channel for air-gapped computers. Communications Technology, 2018, 51(3): 700-704 https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201803036.htm
[14]	胡浩, 罗儒俊, 齐国雷, 等. 基于LED显示屏的隐蔽光传输通道[J]. 通信技术, 2018, 51(7): 1689-1693. https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201807032.htm Hu Hao, Luo Rujun, Qi Guolei, et al. Covert-optical transmission channel based on LED display. Communications Technology, 2018, 51(7): 1689-1693 https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201807032.htm
[15]	张琪, 刘文斌, 丁建锋, 等. 基于隐蔽光通道的物理隔离网络信息注入新型威胁分析[J]. 通信技术, 2018, 51(12): 2960-2964. https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201812029.htm Zhang Qi, Liu Wenbin, Ding Jianfeng, et al. New threat analysis of information injection in air-gapped network based on light covert channel. Communications Technology, 2018, 51(12): 2094-2099 https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201812029.htm
[16]	张琪, 刘文斌, 丁建锋, 等. 基于建立隐蔽热通道桥接物理隔离网络的新型威胁分析[J]. 通信技术, 2019, 52(1): 173-178. https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201901031.htm Zhang Qi, Liu Wenbin, Ding Jianfeng, et al. New threat analysis based on hot covert channel to bridge air-gapped network. Communications Technology, 2019, 52(1): 173-178 https://www.cnki.com.cn/Article/CJFDTOTAL-TXJS201901031.htm
[17]	饶志宏, 方恩博. 软件与系统漏洞分析与发现技术研究构想和成果展望[J]. 工程科学与技术, 2018, 50(1): 9-21. https://www.cnki.com.cn/Article/CJFDTOTAL-SCLH201801002.htm Rao Zhihong, Fang Enbo. Research plan and achievements prospects for the analysis and discovery technology of vulnerabilities in software and system. Advanced Engineering Sciences, 2018, 50(1): 9-21 https://www.cnki.com.cn/Article/CJFDTOTAL-SCLH201801002.htm