Mordechai Guri
Skip Abstract Section
Abstract
The challenge of combatting malware designed to breach air-gap isolation in order to leak data.
- Air Gap Computer Network Security; http://abclegaldocs.com/blog-Colorado-Notary/air-gap-computer-network-security/.Google Scholar
- Anderson, R.J. Emission security. Security Engineering, 2nd Ed. Wiley Publishing, 2008, 523--546.Google Scholar
- Bartolini, D.B., Miedl, P. and Thiele, L. On the capacity of thermal covert channels in multicores. EuroSys, 2016. Google ScholarDigital Library
- Black-Hat. Emanate like a boss: Generalized covert data exfiltration with Funtenna. (2015); https://www.blackhat.com/us15/briefings.html#emanate-like-a-boss-generalized-covert-data-exfiltration-with-funtenna.Google Scholar
- Bornstein, M.H. and Lamb, M.E. Cognitive Development: An Advanced Textbook. Psychology Press, 2011.Google ScholarCross Ref
- Callan, R., Zajic, A. and Prvulovic, M. A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events. In Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE, 2014, 242--254. Google ScholarDigital Library
- Carrara, B. And Adams, C. Out-of-band covert channels---A survey. ACM Computing Surveys 49, 2, (2016). Google ScholarDigital Library
- Deshotels, L. Inaudible sound as a covert channel in mobile devices. In Proceedings of the USENIX Workshop for Offensive Technologies, 2014. Google ScholarDigital Library
- Do, Q., Martini, B. and Choo, K-K.R. Exfiltrating data from Android devices. Computers & Security 48 (2015), 74--91. Google ScholarDigital Library
- Do, Q., Martini, B. and Choo, K-K.R. A data exfiltration and remote exploitation attack on consumer 3D printers. IEEE Trans. Information Forensics and Security 11, 10 (2016), 2174--2186.Google ScholarCross Ref
- D'Orazio, C.J., Choo, K-K.R. and Yang, L.T. Data exfiltration from Internet of Things devices: iOS devices as case studies. IEEE Internet of Things J. 99, 2327--4662.Google Scholar
- Federation of American Scientists. Joint Worldwide Intelligence Communications System, 1999; http://fas.org/irp/program/disseminate/jwics.htm.Google Scholar
- Goodin, D. Meet 'badBIOS,' the mysterious Mac and PC malware that jumps airgaps. 2013; http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/.Google Scholar
- Goodin, D. How 'omnipotent' hackers tied to NSA hid for 14 years---and were found at last. 2015; https://arstechnica.com/information-technology/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/.Google Scholar
- Guri, M., Hasson, O., Kedma, G. and Elovici, Y. An optical covert-channel to leak data through an air-gap. In Proceedings of the 14th Annual Conference on Privacy, Security and Trust (Auckland, 2016).Google ScholarCross Ref
- Guri, M., Kachlon, A., Hasson, O., Kedma, G., Mirsky, Y. and Elovici, Y. GSMem: Data exfiltration from air-gapped computers over GSM frequencies. In Proceedings of the USENIX Security Symposium, (Washington, D.C., 2015). Google ScholarDigital Library
- Guri, M., Kedma, G., Kachlon, A. and Elovici, Y. AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies. In Proceedings of the 9th International Conference on in Malicious and Unwanted Software: The Americas. IEEE, 2014, 58--67.Google Scholar
- Guri, M. Monitz, M. and Elovici, Y. USBee: Air-gap covert-channel via electromagnetic emission from USB. In Proceedings of the 14th Annual Conference on Privacy, Security and Trust, (Auckland, 2016).Google ScholarCross Ref
- Guri, M. Monitz, M. and Elovici, Y. Bridging the air gap between isolated networks and mobile phones in a practical cyber-attack. ACM Trans. Intelligent Systems and Technology 8, 4 (2017), 50. Google ScholarDigital Library
- Guri, M. Monitz, Mirski, M. and Elovici, Y. BitWhisper: Covert signaling channel between air-gapped computers using thermal manipulations. In Proceedings of the 28th IEEE Computer Security Foundations Symposium, (Verona, 2015). Google ScholarDigital Library
- Guri, M., Solewicz, Y., Daidakulov, A. and Elovici, Y. Fansmitter: Acoustic data exfiltration from (speakerless) air-gapped computers. 2016, arXiv:1606.05915.Google Scholar
- Guri, M., Solewicz, Y., Daidakulov, A. and Elovici, Y. Acoustic data exfiltration from speakerless air-gapped computers via covert hard-drive noise ('DiskFiltration'). In Proceedings of the European Symposium on Research in Computer Security, (Oslo, 2017).Google ScholarCross Ref
- Guri, M., Zadov, B. and Elovici, Y. LED-it-GO: Leaking (a lot of) data from air-gapped computers via the (small) hard drive LED. In Proceedings of the 14th International Conference on Detection of Intrusions and Malware and Vulnerability Assessment, (Bonn, 2017).Google ScholarCross Ref
- Hanspach, M. and Goetz, M. On covert acoustical mesh networks in air. 2014; arXiv:1406.1213, 2014.Google Scholar
- Kuhn, M. Optical time-domain eavesdropping risks of CRT displays. In Proceedings of the IEEE Symposium on Security and Privacy, 2002. Google ScholarDigital Library
- Kuhn, M.G. and Anderson, R.J. Soft TEMPEST: Hidden data transmission using electromagnetic emanations. Information Hiding, Springer-Verlag, 1998, 124--142.Google Scholar
- Lee, E., Kim, H. and Yoon, J.W. Attack, various threat models to circumvent air-gapped systems for preventing network. Information Security Applications 9503 (2015), 187--199. Google ScholarDigital Library
- Loughry, J. and Umphress, D.A. Information leakage from optical emanations. ACM Trans. Information and System Security (2002), 262--289. Google ScholarDigital Library
- Madhavapeddy, A., Sharp, R., Scott, D. and Tse, A. Audio networking: The forgotten wireless technology. IEEE Pervasive Computing 4, 3 (2005), 55--60. Google ScholarDigital Library
- McAfee. Defending critical infrastructure without air gaps and stopgap security, 2015; https://blogs.mcafee.com/executive-perspectives/defending-critical-infrastructure-without-air-gaps-stopgap-security/.Google Scholar
- McNamara, J. The complete, unofficial TEMPEST information page, 1999; http://www.jammed.com/~jwa/tempest.html.Google Scholar
- Mirsky, Y., Guri, M. and Elovic, Y. HVACKer: Bridging the air-gap by manipulating the environment temperature. deepsec, 2015.Google Scholar
- National Computer Security Center. NCSC-TG-004 Glossary of Computer Security Terms, 1988; http://fas.org/irp/nsa/rainbow/tg004.htm.Google Scholar
- NSA/CSS. NSA/CSS Regulation 90--6: Technical Security Program. Fort George G. Meade, MD. Partially declassified transcript, 1999; http://cryptome.org/nsa-reg90-6.htm.Google Scholar
- O'Malley, S.J. and Choo, K-K.R. Bridging the air gap: Inaudible data exfiltration by insiders. In Proceedings of the Americas Conference on Information Systems, 2014.Google Scholar
- SC Magazine. Light-based printer attack overcomes air-gapped computer security, 2014; http://www.scmagazineuk.com/light-based-printer-attack-overcomes-air-gapped-computer-security/article/377837/.Google Scholar
- Schneier, B. Schneier on Security: COTTONMOUTH-III: NSA exploit of the day; https://www.schneier.com/blog/archives/2014/03/cottonmouth-iii.html.Google Scholar
- Securelist. Agent.btz: A Source of inspiration? 2014; https://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/.Google Scholar
- Sepetnitsky, V., Guri, M. and Elovici, Y. Exfiltration of information from air-gapped machines using monitor's LED indicator. In Proceedings of the Intelligence and Security Informatics Conference, (The Hague, The Netherlands, 2014). Google ScholarDigital Library
- Symantec. Mind the gap: Are air-gapped systems safe from breaches? 2014; http://www.symantec.com/connect/blogs/mind-gap-are-air-gapped-systems-safe-breaches.Google Scholar
- Tempest for Eliza; http://www.erikyyy.de/tempest/.Google Scholar
- van Eck, W. Electromagnetic radiation from video display units, 1985; https://cryptome.org/emr.pdf. Google ScholarDigital Library
- The Washington Post. Powerful NSA hacking tools have been revealed online; https://www.washingtonpost.com/world/national-security/powerful-nsa-hacking-tools-have-been-revealed-online/2016/08/16/bce4f974-63c7-11e6-96c0-37533479f3f5_story.html.Google Scholar
- Zander, S., Armitage, G. and Branch, P. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys & Tutorials 9, 3 (2007), 44--57. Google ScholarDigital Library
Index Terms
- Bridgeware: the air-gap malware
Recommendations
WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systemsThe fast spreading worm is becoming one of the most serious threats to today's networked information systems. A fast spreading worm could infect hundreds of thousands of hosts within a few minutes. In order to stop a fast spreading worm, we need the ...
A Survey on Intrusion Detection and Prevention Systems
AbstractIn the digital world, malicious activities that violate the confidentiality, integrity, or availability of data and devices are known as intrusions. An intrusion detection system (IDS) analyses the activities of a single system or a network to ...
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conferenceAlthough network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...
Comments