摘要
基于传导性电磁泄漏波仿真了针对物理隔离工业控制系统的入侵过程,检验了物理隔离系统的防护能力。研究表明,在工业控制系统电路中常见的300 kHz到50 MHz电磁波段中,通信木马发送端在不引起隔离区AI模拟量采集模块的采集值明显改变的时候隐蔽性最好;入侵电磁波信号使用15 MHz频率发起攻击时通信木马接收端接收效果最好;当被攻击的物理隔离系统的防护能力平均达到-30 dBmV时,以潜伏通信为目的而不以破坏干扰为目的的硬件木马较难通过传导性电磁泄漏波的方式发挥通信作用。
Based on conductive electromagnetic leakage wave attacks,this paper simulates the intrusion process against a physically isolated industrial control system and tests the protection capability of the physically isolated system.Research shows that in the electromagnetic band from 300 kHz to 50 MHz,which is common in industrial control system circuits,the communication Trojan sending end has the best concealment when the acquisition value of AI analog acquisition module in the isolation area is not caused to change obviously;When the intrusion electromagnetic wave signal uses 15 MHz to launch an attack,the receiving end of the communication Trojan has the best receiving effect;When the protection capability of the attacked physical isolation system reaches-30 dBmV on average,hardware Trojans aiming at latent communication but not destroying interference are difficult to play a communication role through conductive electromagnetic leakage waves.
作者
姚沛嵩
刘测产
潘晓
徐东升
刘洁
周程辉
YAO Peisong;LIU Cechan;PAN Xiao;XU Dongsheng;LIU Jie;ZHOU Chenghui(Unit 63796 of PLA,Xichang Sichuan 615000,China)
出处
《通信技术》
2023年第8期1014-1024,共11页
Communications Technology
关键词
TEMPEST
电磁泄漏
物理隔离
工业控制系统
入侵
TEMPEST
electromagnetic leakage
physical isolation
industrial control system
intrusion
