摘要
物理隔离网络的电磁攻击手段,其主要目标是建立与外部互联网的隐蔽连接通道。近年来跨越物理隔离网络的方法和工具被陆续公开,相应的分析方法和检测手段也逐步被国内外安全团队提出。掌握漏洞才能掌握网络安全的主动权,对比网络安全漏洞,电磁漏洞定义为能对设备或系统造成损害的电磁因素。以物理隔离网络为例,电磁漏洞主要指的是网络的硬件和系统缺陷,利用这些缺陷可以直接建立或通过植入恶意软件建立能突破物理隔离的电磁信号的信息收、发隐蔽通道。通过广泛的漏洞挖掘与验证,从物理信号类型、信息传递方向、信号生成与作用机理、漏洞利用方式以及漏洞检测方法上提出物理隔离网络电磁漏洞分类方法;通过综合借鉴网络安全漏洞、电磁信息安全检测、物理隔离隐蔽通道等领域的研究方法,提出电磁漏洞的研究方法;从深化主动检测、群智漏洞挖掘、网络电磁安全融合、大数据监测等角度,提出了物理隔离网络电磁漏洞库的建立方法。
The main objective of the air-gapped network electromagnetic attack means is to establish a hidden connection channel with the external Internet.In recent years,the methods and tools which connect air-gapped network to Internet have been disclosed,and the corresponding analysis methods and detection methods have gradually been proposed by security teams at home and abroad.Comparing with network security vulnerabilities,electromagnetic vulnerabilities are defined as electromagnetic factors that can cause effect or damage to devices or systems.Taking physically isolated network as an example,electromagnetic vulnerabilities mainly refer to the hardware and system defects of the network.Using these defects,a covert channel through the implantation of malware can be established directly,which can break through physical isolation by sending and receiving electromagnetic signals.Through extensive vulnerability mining and verification,the classification method of electromagnetic vulnerabilities in air-gapped network is proposed from the aspects of physical signal type,information transmission direction,signal generation mechanism,vulnerability utilization mode and vulnerability detection method.The comprehensive reference of network security vulnerabilities,electromagnetic information security detection and air-gapped covert communication is provided.From the perspectives of deepening active detection,group intelligence vulnerability mining,network electromagnetic security integration,and big data monitoring,the establishment method of electromagnetic vulnerability database for air-gapped network is proposed.
作者
刘文斌
丁建锋
寇云峰
王梦寒
宋滔
Liu Wenbin;Ding Jianfeng;Kou Yunfeng;Wang Menghan;Song Tao(Chengdu Xinxinshenfeng Electronic Technology Co,Ltd,Chengdu 611731,China;China Cyber Security Co,Ltd,Chengdu 610041,China)
出处
《强激光与粒子束》
EI
CAS
CSCD
北大核心
2019年第10期85-89,共5页
High Power Laser and Particle Beams
基金
四川省青年科技创新研究团队专项计划项目(2016TD0029)
关键词
物理隔离网络
信息安全
电磁泄漏
主动检测
漏洞库
air-gapped network
information security
electromagnetic leakage
active detection
vulnerability database
