Various threat models to circumvent air-gapped systems for preventing network attack

Eunchong Lee, Hyunsoo Kim, Ji Won Yoon

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Citations (Scopus)

Abstract

In order to prevent incidents related with information leakage, many enterprises and organizations have installed an air-gapped system. The system is used for separating their own network from a public network such as the Internet. However, researchers have demonstrated possibilities that the air-gapped system can be inactivated by attackers, especially about their advanced attacks with various covert channels. In this paper, we analyzed how much the information could be leaked via the covert channel. We conducted experiments about data communication between a speaker and a microphone which are regarded as a conventional acoustic covert channel. At the same time, we also had expanded the attack scenario into an environment without any microphone. That is, we tested whether the critical information could be leaked and transferred via two loud-speakers as a limited environment where the air-gapped system. Finally, it is shown that the speaker based covert network can be effectively expanded to centrally controlled embedded loudspeakers which have not been considered in a conventional acoustic covert channel.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Verlag
Pages187-199
Number of pages13
Volume9503
ISBN (Print)9783319318745
DOIs
Publication statusPublished - 2016
Event16th International Workshop on Information Security Applications, WISA 2015 - Jeju Island, Korea, Republic of
Duration: 2015 Aug 202015 Aug 22

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9503
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other16th International Workshop on Information Security Applications, WISA 2015
CountryKorea, Republic of
CityJeju Island
Period15/8/2015/8/22

Fingerprint

Covert Channel
Attack
Microphones
Air
Acoustics
Loudspeakers
Data Communication
Leakage
Model
Internet
Communication
Scenarios
Industry
Experiments
Experiment

Keywords

  • Acoustic covert channel communication
  • Air-gap malware
  • Malware communication

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Lee, E., Kim, H., & Yoon, J. W. (2016). Various threat models to circumvent air-gapped systems for preventing network attack. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9503, pp. 187-199). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9503). Springer Verlag. https://doi.org/10.1007/978-3-319-31875-2_16

Various threat models to circumvent air-gapped systems for preventing network attack. / Lee, Eunchong; Kim, Hyunsoo; Yoon, Ji Won.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 9503 Springer Verlag, 2016. p. 187-199 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9503).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lee, E, Kim, H & Yoon, JW 2016, Various threat models to circumvent air-gapped systems for preventing network attack. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 9503, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9503, Springer Verlag, pp. 187-199, 16th International Workshop on Information Security Applications, WISA 2015, Jeju Island, Korea, Republic of, 15/8/20. https://doi.org/10.1007/978-3-319-31875-2_16
Lee E, Kim H, Yoon JW. Various threat models to circumvent air-gapped systems for preventing network attack. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 9503. Springer Verlag. 2016. p. 187-199. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-31875-2_16
Lee, Eunchong ; Kim, Hyunsoo ; Yoon, Ji Won. / Various threat models to circumvent air-gapped systems for preventing network attack. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 9503 Springer Verlag, 2016. pp. 187-199 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{b0ea7d9e310c4f669fa94d39634988c5,
title = "Various threat models to circumvent air-gapped systems for preventing network attack",
abstract = "In order to prevent incidents related with information leakage, many enterprises and organizations have installed an air-gapped system. The system is used for separating their own network from a public network such as the Internet. However, researchers have demonstrated possibilities that the air-gapped system can be inactivated by attackers, especially about their advanced attacks with various covert channels. In this paper, we analyzed how much the information could be leaked via the covert channel. We conducted experiments about data communication between a speaker and a microphone which are regarded as a conventional acoustic covert channel. At the same time, we also had expanded the attack scenario into an environment without any microphone. That is, we tested whether the critical information could be leaked and transferred via two loud-speakers as a limited environment where the air-gapped system. Finally, it is shown that the speaker based covert network can be effectively expanded to centrally controlled embedded loudspeakers which have not been considered in a conventional acoustic covert channel.",
keywords = "Acoustic covert channel communication, Air-gap malware, Malware communication",
author = "Eunchong Lee and Hyunsoo Kim and Yoon, {Ji Won}",
year = "2016",
doi = "10.1007/978-3-319-31875-2_16",
language = "English",
isbn = "9783319318745",
volume = "9503",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "187--199",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Various threat models to circumvent air-gapped systems for preventing network attack

AU - Lee, Eunchong

AU - Kim, Hyunsoo

AU - Yoon, Ji Won

PY - 2016

Y1 - 2016

N2 - In order to prevent incidents related with information leakage, many enterprises and organizations have installed an air-gapped system. The system is used for separating their own network from a public network such as the Internet. However, researchers have demonstrated possibilities that the air-gapped system can be inactivated by attackers, especially about their advanced attacks with various covert channels. In this paper, we analyzed how much the information could be leaked via the covert channel. We conducted experiments about data communication between a speaker and a microphone which are regarded as a conventional acoustic covert channel. At the same time, we also had expanded the attack scenario into an environment without any microphone. That is, we tested whether the critical information could be leaked and transferred via two loud-speakers as a limited environment where the air-gapped system. Finally, it is shown that the speaker based covert network can be effectively expanded to centrally controlled embedded loudspeakers which have not been considered in a conventional acoustic covert channel.

AB - In order to prevent incidents related with information leakage, many enterprises and organizations have installed an air-gapped system. The system is used for separating their own network from a public network such as the Internet. However, researchers have demonstrated possibilities that the air-gapped system can be inactivated by attackers, especially about their advanced attacks with various covert channels. In this paper, we analyzed how much the information could be leaked via the covert channel. We conducted experiments about data communication between a speaker and a microphone which are regarded as a conventional acoustic covert channel. At the same time, we also had expanded the attack scenario into an environment without any microphone. That is, we tested whether the critical information could be leaked and transferred via two loud-speakers as a limited environment where the air-gapped system. Finally, it is shown that the speaker based covert network can be effectively expanded to centrally controlled embedded loudspeakers which have not been considered in a conventional acoustic covert channel.

KW - Acoustic covert channel communication

KW - Air-gap malware

KW - Malware communication

UR - http://www.scopus.com/inward/record.url?scp=84962326792&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84962326792&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-31875-2_16

DO - 10.1007/978-3-319-31875-2_16

M3 - Conference contribution

AN - SCOPUS:84962326792

SN - 9783319318745

VL - 9503

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 187

EP - 199

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

PB - Springer Verlag

ER -