摘要
电子设备在工作过程中会产生电磁泄漏。基于电源线的传导电磁泄漏及其传输距离远的特征,极易与公共环境交叉,带来巨大的电磁信息泄漏隐患。电源传导电磁泄漏信号中,除包含开关频率等设备基本信息外,还包含设备的行为、工作状态等信息。一旦设备被恶意程序或软件入侵,电源传导电磁泄漏将成为一条隐蔽性极高的通道,从而对外泄漏设备的敏感信息。在电源传导电磁信息泄漏可行性验证的基础上,预估电源传导电磁信息泄漏的物理模型,并通过试验进行传导电磁信息泄漏及强度的验证。基于传导电磁信息泄漏模型,对计算机为代表的电子设备进行传导电磁信息泄漏漏洞评估,同时提出电源传导电磁信息泄漏检测与防护的基本思路,这对电子设备传导电磁信息安全意义重大。
Due to the characteristics of electromagnetic leakage and far transmission distance of the power line,it is easy to cross the public environment and bring about huge hidden danger of electromagnetic information leakage.The electromagnetic leakage signal transmitted by the power liney contains not only the basic information of the device such as the switching frequency,but also the information on the device's behavior and working status.Once the device is intruded by malicious programs or software,the electromagnetic leakage from the power line will become a highly concealed channel,thus leaking sensitive information from the device.Based on the feasibility verification of the leakage of electromagnetic information transmitted by the power supply,the physical model of electromagnetic information leakage conducted by the power line is estimated,and the leakage of conducted electromagnetic information and the verification of its strength are verified through tests.Based on the conducted electromagnetic information leakage model,the electromagnetic leakage vulnerability assessment of electronic devices represented by computers is conducted,and the basic ideas for the detection and protection of leakage of power-conducted electromagnetic information are also proposed.This is of great significance for the safety of electromagnetic information transmitted by electronic devices.
作者
程磊
罗儒俊
寇云峰
廖翔宇
邓招
邓曦
CHENG Lei;LUO Ru-jun;KOU Yun-feng;LIAO Xiang-yu;DENG Zhao;DENG Xi(China Cyber Security Co.,Ltd.,Chengdu Sichuan 610041,China)
出处
《通信技术》
2018年第4期941-946,共6页
Communications Technology
基金
四川省科技支撑计划项目(No.2016GZ0039)
四川省青年科技创新研究团队专项计划项目(No.2016TD0029)~~
关键词
传导泄漏
电源线
泄漏检测
信息安全
conductive leakage
power line
leakage detection
information security