415 research outputs found
Information Leakage from Optical Emanations
A previously unknown form of compromising emanations has been discovered. LED
status indicators on data communication equipment, under certain conditions,
are shown to carry a modulated optical signal that is significantly correlated
with information being processed by the device. Physical access is not
required; the attacker gains access to all data going through the device,
including plaintext in the case of data encryption systems. Experiments show
that it is possible to intercept data under realistic conditions at a
considerable distance. Many different sorts of devices, including modems and
Internet Protocol routers, were found to be vulnerable. A taxonomy of
compromising optical emanations is developed, and design changes are described
that will successfully block this kind of "Optical TEMPEST" attack.Comment: 26 pages, 11 figure
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
In this paper we show how attackers can covertly leak data (e.g., encryption
keys, passwords and files) from highly secure or air-gapped networks via the
row of status LEDs that exists in networking equipment such as LAN switches and
routers. Although it is known that some network equipment emanates optical
signals correlated with the information being processed by the device
('side-channel'), intentionally controlling the status LEDs to carry any type
of data ('covert-channel') has never studied before. A malicious code is
executed on the LAN switch or router, allowing full control of the status LEDs.
Sensitive data can be encoded and modulated over the blinking of the LEDs. The
generated signals can then be recorded by various types of remote cameras and
optical sensors. We provide the technical background on the internal
architecture of switches and routers (at both the hardware and software level)
which enables this type of attack. We also present amplitude and frequency
based modulation and encoding schemas, along with a simple transmission
protocol. We implement a prototype of an exfiltration malware and discuss its
design and implementation. We evaluate this method with a few routers and
different types of LEDs. In addition, we tested various receivers including
remote cameras, security cameras, smartphone cameras, and optical sensors, and
also discuss different detection and prevention countermeasures. Our experiment
shows that sensitive data can be covertly leaked via the status LEDs of
switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per
LED
A Taxonomy for Attack Patterns on Information Flows in Component-Based Operating Systems
We present a taxonomy and an algebra for attack patterns on component-based
operating systems. In a multilevel security scenario, where isolation of
partitions containing data at different security classifications is the primary
security goal and security breaches are mainly defined as undesired disclosure
or modification of classified data, strict control of information flows is the
ultimate goal. In order to prevent undesired information flows, we provide a
classification of information flow types in a component-based operating system
and, by this, possible patterns to attack the system. The systematic
consideration of informations flows reveals a specific type of operating system
covert channel, the covert physical channel, which connects two former isolated
partitions by emitting physical signals into the computer's environment and
receiving them at another interface.Comment: 9 page
BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations
It has been assumed that the physical separation (air-gap) of computers
provides a reliable level of security, such that should two adjacent computers
become compromised, the covert exchange of data between them would be
impossible. In this paper, we demonstrate BitWhisper, a method of bridging the
air-gap between adjacent compromised computers by using their heat emissions
and built-in thermal sensors to create a covert communication channel. Our
method is unique in two respects: it supports bidirectional communication, and
it requires no additional dedicated peripheral hardware. We provide
experimental results based on implementation of BitWhisper prototype, and
examine the channel properties and limitations. Our experiments included
different layouts, with computers positioned at varying distances from one
another, and several sensor types and CPU configurations (e.g., Virtual
Machines). We also discuss signal modulation and communication protocols,
showing how BitWhisper can be used for the exchange of data between two
computers in a close proximity (at distance of 0-40cm) at an effective rate of
1-8 bits per hour, a rate which makes it possible to infiltrate brief commands
and exfiltrate small amount of data (e.g., passwords) over the covert channel
- …