Data sniffing over air gaps 200524113012
•
0 likes•102 views
This document discusses airgaps and various attack vectors that can be used to breach airgaps. It defines an airgap as physically isolating critical systems from external networks to protect them. It then describes several covert channels that have been used in case studies to exfiltrate data from airgapped systems, including acoustic, electromagnetic, light, thermal and magnetic channels. Two case studies are presented, one using RF signals from an HDMI cable and another using power analysis to determine cryptographic algorithms. The document concludes with recommendations for mitigation techniques like masking signals, Faraday cages, shielding and random clock cycles.
Report
Share
Data sniffing over air gaps 200524113012
- 1. Data Sniffing Over Airgaps AVNI SINGH
- 2. AGENDA 2 What is Airgap? Need for Airgap Attack Vectors Case Studies Mitigation
- 5. 5 Remember this scene of the movie:- Mission Impossible
- 6. 6 Military computer systems and networks Government computer systems and networks Financial computer systems and networks Industrial control systems Life-critical systems Major Applications
- 8. 8
- 9. 9 Airgap Attack Vectors Physical Media Acoustic Electromagnetic Light Thermal Magnetic
- 10. 10 1. Oldest form 2. USB Flash drives 3. Most common and well known example is Stuxnet EXFILTRATION THROUGH PHYSICAL MEDIA
- 11. • ACOUSTIC: The term means hearing. • Noise emitted by computers (Printers, cooling fans, capacitors at keyboard, etc.) ACOUSTIC COVERT CHANNEL
- 12. 12 ELECTROMAGNETIC COVERT CHANNEL Airhopper : uses FM signals to bridge the air gap Voltage study, in poweremitter by Bo Zhao et al, shows that data exfiltration is possible through switching power supply.
- 14. THERMAL COVERT CHANNEL 14 1. All electronic devices generate excess heat and require thermal management to improve reliability and prevent premature failure. 2. Computers are no exception. This is usually done with fans and we’ve already seen how they can be abused to provide an exfiltration channel. 3. Changes in temperature are shown to be an effective, albeit painfully slow, data channel.
- 15. 15 CASE STUDY 1 Sniffing data of an HDMI cable through RF leaks
- 16. 16 Hardware • Antenna: HackRF One/Yard Stick One/ RTL SDR Tools required Software • SDR# • TempestSDR
- 17. 17 Setting up HackRF one by installing relevant drivers
- 18. 18 Setting up the config file of SDR# to make it work with HackRF One
- 19. 19 Hit Play and collect noises from surroundings
- 20. 20 Waterfall of noises gathered
- 21. 21 Setup TempestSDR to work with HackRF
- 22. 22Calibrate TempestSDR to work with HackRF
- 24. 24 CASE STUDY 2 Sniffing energy levels to guess cryptographic algorithms
- 25. 25 Which cryptographic algorithm is it?
- 26. 26 Which cryptographic algorithm is it?
- 27. 27 Mitigation Techniques • Masking of signal • Faradays cage like setup • Shielding mechanisms • Random delays in clock cycles while performing cryptographic operations
- 28. 28 THANKS! Any questions? You can ping me at @avnisingh_s or my Linkedin profile
- 29. References and Credits https://www.thesslstore.com/blog/air-gapped-computer/ https://hackaday.com/2017/02/02/hacking-the-aether/ https://i.blackhat.com/us-18/Wed-August-8/us-18-Guri-AirGap.pdf Anush Swaminathan Stephan Picek : Case study 2 https://images.app.goo.gl/Hok2887McsZSew1a8 https://images.app.goo.gl/85uHypj1ne6zaAxy6 29