Research On IoT Based Air-gapped Covert Channels

With the development of network and information technology,the information se-curity of computer and network has attracted much attention.As a reality,network covert space has already constituted a major threat to traditional information security.A covert channel in the space is an approach to circumvent security mechanism to transmit information illegally.There are there general types of covert channels:Host-based covert channels,through which the covert communications are conducted with the shared resources on a host;Network covert channels,through which the covert com-munications are fulfilled by embedding the covert messages into the protocols or the payloads;and Air-gapped covet channels,through which the covert messages can jump over the physical barriers without any network link.Unlike the first two covert chan-nels,there is no any ready-made channel can be exploited to form an air-gappped covert channel.Therefore an air-gapped covert channel is established by modulating the sig-nals emitting from the device itself to build a new channel in the physical layer in the form of acoustics,optics,heat and electromagnetism etc.Due to the influence of the power of the devices and the external noise,the rates and effective distances of the air-gapped covert channels are very limited.These threats can be effectively blocked by increasing the distance between the air-gapped device and the Internet device or adding signal sources of interference and so on.However,with the development of IoT(Internet of Things),more and more smart devices appear around the air-gapped networks.This makes the air-gapped covert channels that are previously basically controllable become dangerous again.Compared with other covert channels in logic layer using informa-tion hiding technology,the research on IoT based air-gapped covert channels is few,and many key scientific problems are in the process to be analyzed and solved.Therefore,the research of its scientific theory and technical approach is of great significance and value to the security of cyberspace.Three approaches for the creation or defense of IoT based air-gapped covert chan-nels is studied according to the different forms of sensors in the perception layer of IoT in this thesis.And a detection approach for air-gapped covert channels is studied by summarizing the existing technologies that break through an air-gapped network.The main research work and innovation of this thesis are as follows:1.A visible light signal modulation mode that can bypass the human eye detection is proposed.In order to break through an air-gapped network and to realize the covert trans-mission of sensitive data,a novel signal modulation mode is proposed,and a visible optical air-gapped covert channel based on keyboard LED is established.Because of the limitation that HD cameras can only receive low-frequency optical signals,the the-ory of human visual perception is analyzed.Then the physiological characteristics of human eyes are studied on persistence of vision,Weber-Fechner Law and flicker fusion threshold.And the feasibility of covert communication under the human visual per-ception threshold is demonstrated.A signal modulation mode called VMC is proposed in this research work.The average brightness of the keyboard LED indicator is con-trolled effectively beyond flicker fusion threshold.The transmission quality of covert message is improved.And then the problem of low-frequency acquisition equipment re-ceiving high-frequency signals is solved.Experimental results show that the invisibility of covert channels is significantly improved compared with the existing approaches.2.A construction algorithm from covert information to infrared commands for IoT devices is proposed.According to the fact that there is no user authentication in the infrared remote control protocol,An infrared command construction algorithm for related IoT devices is proposed,and an air-gapped covert channel via infrared remote control signals is es-tablished.Because the ordinary air-gapped computer equipment have not the function of sending and receiving infrared signals,the theory of infrared remote control is an-alyzed in this work.Then the process method of making equipment miniaturization is explored.And the feasibility of covert communication by using infrared remote control signals is demonstrated.In this research work,an embedded malicious hardware mod-ule is designed and manufactured to control the IoT appliances supporting the infrared remote control function around the air-gapped network.The sensitive information is converted into a sequence of infrared remote control commands through the infrared command construction algorithm.Then the covert transmission of sensitive informa-tion is realized.Experimental results show that the rate of the covert channel in the attack on the smart TV set-top box can reach 3.15 bps,and can be further optimized to 4.09 bps.3.An authentication protocol is proposed to prevent the behavior of collusion and sharing between the RFID card service providers.In this work,a new authentication protocol of multi-purpose RFID cards is pro-posed to eliminate an air-gapped covert channel on multi-purpose RPID cards.Aiming at the situation that an RFID card can be used in different security levels in "All-in-one"mode,the identity theory of RFID card is analyzed.And the possibilities and dangers of collusion by multiple service providers are demonstrated.Then the weakness that the original authentication protocol only verify reader access key is found.The access key is just shared in the collusion.By introducing trusted third party and establishing the white lists on the card,the novel authentication protocol can identify the legitimacy of the card reader's access operation,so as to ensure the information security of the RFID system under the multi-level security services.Formal security verification is carried out by ProVerif,and the results show that the new authentication protocol meets the relevant security requirements.4.A general detection approach for air-gapped covert channels is proposed.A general detection approach for air-gapped covert channels is proposed according to the common characteristics of the existing technologies that break through an air-gapped network in signal modulation.Due to the variety of covert channels that involves different fields of knowledge,the security of an air-gapped network is not guaranteed.The existing technologies that break through an air-gapped network are analyzed and summarized.A point is demonstrated that an air-gapped covert channel can be detected from three aspects:the signal transmission path,the channel source and the channel sink.A detection platform for optical,electromagnetic,acoustic and thermal covert channels is designed to investigate the device abilities of receiving or sending signals in the range to be tested.And the suspected or abnormal signals can be filtered out.Fur-thermore,the covert channel and related malicious software or hardware can be found.Then the security threat of known types of covert channel to an air-gapped network will be reduced.