This document discusses airgaps and various attack vectors that can be used to breach airgaps. It defines an airgap as physically isolating critical systems from external networks to protect them. It then describes several covert channels that have been used in case studies to exfiltrate data from airgapped systems, including acoustic, electromagnetic, light, thermal and magnetic channels. Two case studies are presented, one using RF signals from an HDMI cable and another using power analysis to determine cryptographic algorithms. The document concludes with recommendations for mitigation techniques like masking signals, Faraday cages, shielding and random clock cycles.
6. 6
Military computer systems and networks
Government computer systems and networks
Financial computer systems and networks
Industrial control systems
Life-critical systems
Major Applications
10. 10
1. Oldest form
2. USB Flash drives
3. Most common and well known example is Stuxnet
EXFILTRATION THROUGH PHYSICAL MEDIA
11. • ACOUSTIC: The term means hearing.
• Noise emitted by computers (Printers, cooling fans, capacitors at
keyboard, etc.)
ACOUSTIC COVERT CHANNEL
12. 12
ELECTROMAGNETIC COVERT
CHANNEL
Airhopper : uses FM signals to bridge the air gap
Voltage study, in poweremitter by Bo Zhao et al, shows that
data exfiltration is possible through switching power supply.
14. THERMAL COVERT CHANNEL
14
1. All electronic devices generate excess heat and require thermal management to improve reliability and
prevent premature failure.
2. Computers are no exception. This is usually done with fans and we’ve already seen how they can be
abused to provide an exfiltration channel.
3. Changes in temperature are shown to be an effective, albeit painfully slow, data channel.
27. 27
Mitigation Techniques
• Masking of signal
• Faradays cage like setup
• Shielding mechanisms
• Random delays in clock cycles
while performing cryptographic
operations