物理隔离网络电磁漏洞研究

物理隔离网络的电磁攻击手段, 其主要目标是建立与外部互联网的隐蔽连接通道。近年来跨越物理隔离网络的方法和工具被陆续公开, 相应的分析方法和检测手段也逐步被国内外安全团队提出。掌握漏洞才能掌握网络安全的主动权, 对比网络安全漏洞, 电磁漏洞定义为能对设备或系统造成损害的电磁因素。以物理隔离网络为例, 电磁漏洞主要指的是网络的硬件和系统缺陷, 利用这些缺陷可以直接建立或通过植入恶意软件建立能突破物理隔离的电磁信号的信息收、发隐蔽通道。通过广泛的漏洞挖掘与验证, 从物理信号类型、信息传递方向、信号生成与作用机理、漏洞利用方式以及漏洞检测方法上提出物理隔离网络电磁漏洞分类方法; 通过综合借鉴网络安全漏洞、电磁信息安全检测、物理隔离隐蔽通道等领域的研究方法, 提出电磁漏洞的研究方法; 从深化主动检测、群智漏洞挖掘、网络电磁安全融合、大数据监测等角度, 提出了物理隔离网络电磁漏洞库的建立方法。

Abstract

The main objective of the air-gapped network electromagnetic attack means is to establish a hidden connection channel with the external Internet. In recent years, the methods and tools which connect air-gapped network to Internet have been disclosed, and the corresponding analysis methods and detection methods have gradually been proposed by security teams at home and abroad. Comparing with network security vulnerabilities, electromagnetic vulnerabilities are defined as electromagnetic factors that can cause effect or damage to devices or systems. Taking physically isolated network as an example, electromagnetic vulnerabilities mainly refer to the hardware and system defects of the network. Using these defects, a covert channel through the implantation of malware can be established directly, which can break through physical isolation by sending and receiving electromagnetic signals. Through extensive vulnerability mining and verification, the classification method of electromagnetic vulnerabilities in air-gapped network is proposed from the aspects of physical signal type, information transmission direction, signal generation mechanism, vulnerability utilization mode and vulnerability detection method. The comprehensive reference of network security vulnerabilities, electromagnetic information security detection and air-gapped covert communication is provided. From the perspectives of deepening active detection, group intelligence vulnerability mining, network electromagnetic security integration, and big data monitoring, the establishment method of electromagnetic vulnerability database for air-gapped network is proposed.

参考文献

[1] Ramsay C.TEMPEST attacks against AES［EB/OL］. https: //www.fox-it.com/en/insights/blogs/blog/tempest-attacks-aes/.

[2] Genkin D, Pachmanov L, Pipman I, et al. Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation［C］//The WorkShop on Cryptographic Hardware and Embedded Systems(CHES)2015 in September 2015.

[3] Carrara B. Air-gap covert channels［EB/OL］. https: //ruor.uottawa.ca/bitstream/10393/35103/1/Carrara_Brent_2016_thesis.pdf.

[4] Guri M, Zadov B, Bykhovsky D, et al. PowerHammer: Exfiltrating data from air-gapped computers through power lines［EB/OL］. https: //airxiv.org/pdf/1804.04014.pdf.

[5] Cui A. Funtenna［EB/OL］. https: //www.funtenna.org/CuiBH2015.pdf.

[6] Entriken W. System bus radio［EB/OL］.https: //github.com/fulldecent/system-bus-radio.

[7] David A,George L. Exfiltrating reconnaissance data from air-gapped ICS/SCADA netowrks［EB/OL］. http: //www.blackhat.com/eu-17/briefings.html.

[8] Teitler L. Let’s play NSA! The hackers open-sourcing top secret spy tools［EB/OL］. http: //motherboard.vice.com/en_us/aritcle/bmjpj3/michael-ossmann-and-the-nsa-playset.

[9] 刘文斌,丁建锋,寇云峰,等.软件定义电磁泄漏技术与应用分析［J］.通信技术, 2017, 50(9): 2094-2099.(Liu Wenbin, Ding Jianfeng, Kou Yunfeng, et al. Software-defined electromagnetic leakage technology and its application. Communications Technology, 2017, 50(9): 2094-2099)

[10] 丁建锋,刘文斌,丁磊,等.基于主动检测的电子设备电磁信息泄漏新型威胁分析［J］.通信技术, 2018, 51(4): 936-940.(Ding Jianfeng, Liu Wenbin, Ding Lei, et al. New threat analysis of electromagnetic information leakage in electronic equipment based on active detection. Communications Technology, 2018, 51(4): 936-940)

[11] 程磊,罗儒俊,寇云峰,等.基于电源线的传导电磁信息泄漏模型与验证［J］.通信技术, 2018, 51(4): 941-946.(Cheng Lei, Luo Rujun, Kou Yunfeng, et al. Verification of conductive electromagnetic information leakage model based on power line. Communications Technology, 2018, 51(4): 941-946)

[12] 丁建锋,刘文斌,廖翔宇,等.基于电子设备电磁敏感特性的信息注入模型与验证［J］.通信技术, 2017, 50(11): 2589-2593.(Ding Jianfeng, Liu Wenbin, Liao Xiangyu, et al .Verification of information-injection model based on electromagnetic susceptibility characteristic of electronic equipment. Communications Technology, 2017, 50(11): 2589-2593)

[13] 齐国雷,寇云峰,胡浩,等.基于隐蔽声通道的物理隔离计算机信息泄漏研究［J］.通信技术, 2018, 51(3): 700-704.(Qi Guolei, Kou Yunfeng, Hu Hao, et al. Information leakage based on acoustic convert channel for air-gapped computers. Communications Technology, 2018, 51(3): 700-704)

[14] 胡浩,罗儒俊,齐国雷,等.基于LED显示屏的隐蔽光传输通道［J］.通信技术, 2018, 51(7): 1689-1693.(Hu Hao, Luo Rujun, Qi Guolei, et al. Covert-optical transmission channel based on LED display. Communications Technology, 2018, 51(7): 1689-1693)

[15] 张琪,刘文斌,丁建锋,等.基于隐蔽光通道的物理隔离网络信息注入新型威胁分析［J］.通信技术, 2018, 51(12): 2960-2964.(Zhang Qi, Liu Wenbin, Ding Jianfeng, et al. New threat analysis of information injection in air-gapped network based on light covert channel. Communications Technology, 2018, 51(12): 2094-2099)

[16] 张琪,刘文斌,丁建锋,等.基于建立隐蔽热通道桥接物理隔离网络的新型威胁分析［J］.通信技术, 2019, 52(1): 173-178.(Zhang Qi, Liu Wenbin, Ding Jianfeng, et al. New threat analysis based on hot covert channel to bridge air-gapped network. Communications Technology, 2019, 52(1): 173-178)

[17] 饶志宏,方恩博.软件与系统漏洞分析与发现技术研究构想和成果展望［J］.工程科学与技术, 2018, 50(1): 9-21.(Rao Zhihong, Fang Enbo. Research plan and achievements prospects for the analysis and discovery technology of vulnerabilities in software and system. Advanced Engineering Sciences, 2018, 50(1): 9-21)

刘文斌, 丁建锋, 寇云峰, 王梦寒, 宋滔. 物理隔离网络电磁漏洞研究[J]. 强激光与粒子束, 2019, 31(10): 103215. Liu Wenbin, Ding Jianfeng, Kou Yunfeng, Wang Menghan, Song Tao. Research on electromagnetic vulnerability of air-gapped network[J]. High Power Laser and Particle Beams, 2019, 31(10): 103215.

物理隔离网络电磁漏洞研究

关于本站 Cookie 的使用提示

全站搜索

物理隔离网络电磁漏洞研究

相关论文

相关资讯

关于本站 Cookie 的使用提示

全站搜索