摘要: |
物理隔离网络对抗是一种利用预先植入的软硬件在物理隔离网络内部与外部之间建立隐蔽信道的方式。它打破了该网络提供的隔离手段,严重威胁了用户的信息安全,受到了学术界的广泛关注。与传统网络对抗不同,物理隔离网络对抗通过自行建立的隐蔽信道与外界进行通信,而不是利用公共通信网与外界进行通信。本文从物理隔离网络对抗技术的起源入手,简要地介绍了物理隔离网络对抗技术的相关背景。通过与传统网络对抗技术的对比分析,介绍了物理隔离网络对抗技术的工作原理,突出了隐蔽植入和隐蔽通信是物理隔离网络对抗技术的两大特点。根据物理隔离网络对抗技术的实施步骤,提出了一种物理隔离网络对抗技术的分析模型,该分析模型分为侦察跟踪、武器构建、隐蔽植入、行为执行、隐蔽通信、命令与控制、目标达成等七个阶段,这为发现和分析新出现的物理隔离网络对抗技术提供了借鉴作用。结合当今物理隔离网络对抗技术的研究热点和对现有研究成果的调研分析,分别介绍了电磁、声、光、热等隐蔽信道在物理隔离网络对抗技术中发挥的作用,同时指出隐蔽性和传输性能是隐蔽信道急需解决的问题。参考物理隔离网络对抗技术的特点,介绍了物理隔离网络安全标准、物理隔离网络检测防护技术、供应链安全管理等当前针对物理隔离网络对抗技术的防范措施。基于物理隔离网络对抗极其检测防护面临的诸多问题,介绍了两者未来可能的研究方向。 |
关键词: 物理隔离网络安全 隐蔽植入 隐蔽通信 隐蔽信道 |
DOI:10.19363/J.cnki.cn10-1380/tn.2023.03.08 |
投稿时间:2020-03-03修订日期:2020-03-20 |
基金项目:本课题得到国家重点研发计划项目(No.2018YFF01014303)资助。 |
|
A survey on in air-gapped network confrontation technology |
SUN Degang,XIA Yuqi,LV Zhiqiang,ZHANG Ning,and KONG Qingshan |
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China |
Abstract: |
Air-gapped network confrontation is a way to establish a covert channel between the interior and exterior of the air-gapped network by using pre-embedded software and hardware. It breaks the isolation means provided by the network, seriously threatens the information security of users, and has attracted extensive attention from the academic community. Unlike traditional network confrontation, air-gapped network confrontation communicates with the outside world through self-established covert channels, rather than using public communication networks to communicate with the outside world. This paper starts with the origin of air-gapped network confrontation technology, and briefly introduces the background of air-gapped network confrontation technology. By comparing with traditional network confrontation technology, this paper introduces the working principle of air-gapped network confrontation technology, and highlights that two characteristics of air-gapped network confrontation technology are concealed implantation and convert communication. According to the implementation steps of air-gapped network confrontation technology, an analysis model of air-gapped network confrontation technology is proposed, which includes seven stages (reconnaissance and tracking, weapon construction, concealed implantation, behavior execution, covert communication, command and control, and target achievement) and provides a reference for discovery and analysis of the new air-gapped network confrontation technology. Combined with the research hotspot of air-gapped network confrontation technology and the investigation of the existing research results, this paper introduces the role of the covert channels such as electromagnetics, acoustics, optics, and thermology in air-gapped network confrontation technology, and points out that concealment and transmission performance are two problems that need to be solved urgently. Referring to the characteristics of air-gapped network confrontation technology, this paper introduces the air-gapped network security standards, air-gapped network detection and protection technology, supply chain security management and other current preventive measures against air-gapped network confrontation technology. Based on the problems faced by air-gapped network confrontation and detection protection, the possible research directions of them in the future are introduced. |
Key words: air-gapped network security concealed implantation covert communication covert channel |