Various threat models to circumvent air-gapped systems for preventing network attack

Eunchong Lee; Hyunsoo Kim; Ji Won Yoon

doi:10.1007/978-3-319-31875-2_16

Various threat models to circumvent air-gapped systems for preventing network attack

Eunchong Lee, Hyunsoo Kim, Ji Won Yoon

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

11 Citations (Scopus)

Abstract

In order to prevent incidents related with information leakage, many enterprises and organizations have installed an air-gapped system. The system is used for separating their own network from a public network such as the Internet. However, researchers have demonstrated possibilities that the air-gapped system can be inactivated by attackers, especially about their advanced attacks with various covert channels. In this paper, we analyzed how much the information could be leaked via the covert channel. We conducted experiments about data communication between a speaker and a microphone which are regarded as a conventional acoustic covert channel. At the same time, we also had expanded the attack scenario into an environment without any microphone. That is, we tested whether the critical information could be leaked and transferred via two loud-speakers as a limited environment where the air-gapped system. Finally, it is shown that the speaker based covert network can be effectively expanded to centrally controlled embedded loudspeakers which have not been considered in a conventional acoustic covert channel.

Original language	English
Title of host publication	Information Security Applications - 16th International Workshop, WISA 2015, Revised Selected Papers
Editors	Dooho Choi, Ho-Won Kim
Publisher	Springer Verlag
Pages	187-199
Number of pages	13
ISBN (Print)	9783319318745
DOIs	https://doi.org/10.1007/978-3-319-31875-2_16
Publication status	Published - 2016
Event	16th International Workshop on Information Security Applications, WISA 2015 - Jeju Island, Korea, Republic of Duration: 2015 Aug 20 → 2015 Aug 22

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9503
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	16th International Workshop on Information Security Applications, WISA 2015
Country/Territory	Korea, Republic of
City	Jeju Island
Period	15/8/20 → 15/8/22

Bibliographical note

Funding Information:
This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT and Future Planning (NRF-2013R1A1A1012797)

Publisher Copyright:
© Springer International Publishing Switzerland 2016.

Keywords

Acoustic covert channel communication
Air-gap malware
Malware communication

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-31875-2_16

Cite this

Lee, E., Kim, H., & Yoon, J. W. (2016). Various threat models to circumvent air-gapped systems for preventing network attack. In D. Choi, & H-W. Kim (Eds.), Information Security Applications - 16th International Workshop, WISA 2015, Revised Selected Papers (pp. 187-199). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9503). Springer Verlag. https://doi.org/10.1007/978-3-319-31875-2_16

Various threat models to circumvent air-gapped systems for preventing network attack. / Lee, Eunchong; Kim, Hyunsoo; Yoon, Ji Won.
Information Security Applications - 16th International Workshop, WISA 2015, Revised Selected Papers. ed. / Dooho Choi; Ho-Won Kim. Springer Verlag, 2016. p. 187-199 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9503).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, E, Kim, H & Yoon, JW 2016, Various threat models to circumvent air-gapped systems for preventing network attack. in D Choi & H-W Kim (eds), Information Security Applications - 16th International Workshop, WISA 2015, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9503, Springer Verlag, pp. 187-199, 16th International Workshop on Information Security Applications, WISA 2015, Jeju Island, Korea, Republic of, 15/8/20. https://doi.org/10.1007/978-3-319-31875-2_16

Lee E, Kim H, Yoon JW. Various threat models to circumvent air-gapped systems for preventing network attack. In Choi D, Kim H-W, editors, Information Security Applications - 16th International Workshop, WISA 2015, Revised Selected Papers. Springer Verlag. 2016. p. 187-199. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-31875-2_16

Lee, Eunchong ; Kim, Hyunsoo ; Yoon, Ji Won. / Various threat models to circumvent air-gapped systems for preventing network attack. Information Security Applications - 16th International Workshop, WISA 2015, Revised Selected Papers. editor / Dooho Choi ; Ho-Won Kim. Springer Verlag, 2016. pp. 187-199 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{b0ea7d9e310c4f669fa94d39634988c5,

title = "Various threat models to circumvent air-gapped systems for preventing network attack",

abstract = "In order to prevent incidents related with information leakage, many enterprises and organizations have installed an air-gapped system. The system is used for separating their own network from a public network such as the Internet. However, researchers have demonstrated possibilities that the air-gapped system can be inactivated by attackers, especially about their advanced attacks with various covert channels. In this paper, we analyzed how much the information could be leaked via the covert channel. We conducted experiments about data communication between a speaker and a microphone which are regarded as a conventional acoustic covert channel. At the same time, we also had expanded the attack scenario into an environment without any microphone. That is, we tested whether the critical information could be leaked and transferred via two loud-speakers as a limited environment where the air-gapped system. Finally, it is shown that the speaker based covert network can be effectively expanded to centrally controlled embedded loudspeakers which have not been considered in a conventional acoustic covert channel.",

keywords = "Acoustic covert channel communication, Air-gap malware, Malware communication",

author = "Eunchong Lee and Hyunsoo Kim and Yoon, {Ji Won}",

note = "Funding Information: This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT and Future Planning (NRF-2013R1A1A1012797) Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2016.; 16th International Workshop on Information Security Applications, WISA 2015 ; Conference date: 20-08-2015 Through 22-08-2015",

year = "2016",

doi = "10.1007/978-3-319-31875-2_16",

language = "English",

isbn = "9783319318745",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "187--199",

editor = "Dooho Choi and Ho-Won Kim",

booktitle = "Information Security Applications - 16th International Workshop, WISA 2015, Revised Selected Papers",

}

TY - GEN

T1 - Various threat models to circumvent air-gapped systems for preventing network attack

AU - Lee, Eunchong

AU - Kim, Hyunsoo

AU - Yoon, Ji Won

N1 - Funding Information: This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT and Future Planning (NRF-2013R1A1A1012797) Publisher Copyright: © Springer International Publishing Switzerland 2016.

PY - 2016

Y1 - 2016

N2 - In order to prevent incidents related with information leakage, many enterprises and organizations have installed an air-gapped system. The system is used for separating their own network from a public network such as the Internet. However, researchers have demonstrated possibilities that the air-gapped system can be inactivated by attackers, especially about their advanced attacks with various covert channels. In this paper, we analyzed how much the information could be leaked via the covert channel. We conducted experiments about data communication between a speaker and a microphone which are regarded as a conventional acoustic covert channel. At the same time, we also had expanded the attack scenario into an environment without any microphone. That is, we tested whether the critical information could be leaked and transferred via two loud-speakers as a limited environment where the air-gapped system. Finally, it is shown that the speaker based covert network can be effectively expanded to centrally controlled embedded loudspeakers which have not been considered in a conventional acoustic covert channel.

AB - In order to prevent incidents related with information leakage, many enterprises and organizations have installed an air-gapped system. The system is used for separating their own network from a public network such as the Internet. However, researchers have demonstrated possibilities that the air-gapped system can be inactivated by attackers, especially about their advanced attacks with various covert channels. In this paper, we analyzed how much the information could be leaked via the covert channel. We conducted experiments about data communication between a speaker and a microphone which are regarded as a conventional acoustic covert channel. At the same time, we also had expanded the attack scenario into an environment without any microphone. That is, we tested whether the critical information could be leaked and transferred via two loud-speakers as a limited environment where the air-gapped system. Finally, it is shown that the speaker based covert network can be effectively expanded to centrally controlled embedded loudspeakers which have not been considered in a conventional acoustic covert channel.

KW - Acoustic covert channel communication

KW - Air-gap malware

KW - Malware communication

UR - http://www.scopus.com/inward/record.url?scp=84962326792&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-31875-2_16

DO - 10.1007/978-3-319-31875-2_16

M3 - Conference contribution

AN - SCOPUS:84962326792

SN - 9783319318745

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 187

EP - 199

BT - Information Security Applications - 16th International Workshop, WISA 2015, Revised Selected Papers

A2 - Choi, Dooho

A2 - Kim, Ho-Won

PB - Springer Verlag

T2 - 16th International Workshop on Information Security Applications, WISA 2015

Y2 - 20 August 2015 through 22 August 2015

ER -

Various threat models to circumvent air-gapped systems for preventing network attack

Abstract

Publication series

Other

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this