摘要
为了防止来自网络的攻击行为,通常将计算机设施从公共网络和其他可访问网络中分离。然而,攻击者仍然想方设法通过收买内部人员或操控供应厂商来感染这些网络。因此,提出了一个新的对抗模型,展示了在物理隔离网络中可以建立隐蔽热通道来实现通信。换句话说,验证了如何利用受感染的空调系统(连接互联网)将命令发送到处于物理隔离网络中的被感染的计算机。同时,提出了一种适合热通道通信的线路编码方法和通信协议,并且通过实验验证了这种隐蔽热通道的可行性,计算了通道的带宽。最后,针对通过建立隐蔽热通道开展入侵行为的威胁,提出了相关应对措施。
In order to prevent attacks from the network, computer facilities are typically separated from the public network and other accessible networks. However, attackers still try to infect these networks by bribing insiders or manipulating suppliers. Therefore, a new confrontation model is proposed, which shows that a hot covert channel can be established in the air-gapped network to realize communication. In other words, it was verified how to use an infected air conditioning system(connected to the Internet) to send commands to an infected computer in air-gapped network. At the same time, a line coding method and communication protocol suitable for hot-channel communication are proposed. The feasibility of this hidden hot channel is verified by experiments, and the bandwidth of the channel is calculated. Finally, relevant countermeasures are proposed for the threat of intrusion through the establishment of hidden hotspots.
作者
张琪
刘文斌
丁建锋
王哲
廖翔宇
宋滔
ZHANG Qi;LIU Wen-bin;DING Jian-feng;WANG Zhe;LIAO Xiang-yu;SONG Tao(China Cyber Security Co.,Ltd.,Chengdu Sichuan 610041,China)
出处
《通信技术》
2019年第1期173-178,共6页
Communications Technology
关键词
物理隔离网络
隐蔽热通道
编码方法
通信协议
入侵行为
air-gapped network
hot covert channel
coding method
communication protocol
intrusion