- liubo,xuyanyun,huangweiqing,guoshaoying.Study on USB Behavior Recognition Method Based on Electromagnetic Fingerprint Features[J].Journal of Cyber Security,Accept [点击复制]
|电子信息息设备在进行数据传输和处理过程不可避免产生电磁辐射泄漏，泄漏信号常常包含有用信息。通过截获电磁信号并对其解析可实现信息窃取，从而带来电磁信息安全隐患。通用串行总线（Universal Serial Bus，USB）在数据传输过程中同样产生电磁泄漏，基于USB电磁泄漏的恶意攻击软件“USBee”就是利用USB闪存盘的电磁辐射窃取信息。USB闪存盘传输高速数字信号，其电磁泄漏具有辐射泄漏弱、频段分布宽、与传输数据相关性高以及频谱实时变化大等特点。“USBee”等恶意电磁攻击技术基于常规USB协议，利用USB数据读写行为产生的电磁辐射作为隐蔽信道，控制电磁辐射信号实现信息隐蔽传输，具有部署简单、隐蔽性强、检测难度大的特点，给电磁信息安全风险检测带来较大的挑战。本文突破USB电磁泄漏信号分析检测及行为映射技术，基于对USB协议和传输信号特征分析，提出一种基于电磁指纹特征的USB行为识别方法，可实现USB电磁泄漏信号及USB静默、数据读、写行为的自动检测识别。实验测试结果表明所提出的方法检测及识别正确率均高于90%，对物理隔离设备基于USB的电磁安全风险检测具有较高的实用价值。
|Study on USB Behavior Recognition Method Based on Electromagnetic Fingerprint Features
liubo, xuyanyun, huangweiqing, guoshaoying
|(Institute of Information Engineering, Chinese Academy of Sciences)
|Electromagnetic information equipment inevitably generates compromising electromagnetic radiation in the process of information transmission and processing. The compromising electromagnetic emissions often contain a lot of useful information. By intercepting electromagnetic signals and analyzing them, information will be restored, which brings potential electromagnetic information security risks. Universal Serial Bus (USB) also produces compromising emanations during data transmission. "USBee", a malicious attack software, transmits con?dential information by controlling the inevitable electromagnetic emissions from USB. USB bus transmits high-speed digital signals during data transmission. From the perspective of frequency, the electromagnetic radiation leakage signal from USB has a wide frequency range and it has a strong correlation with the transmitted data. Meanwhile, the compromising emanations from USB are weak and have a large real-time change in the frequency spectrum. Malicious electromagnetic attack technologies such as "USBee" are based on the conventional USB protocols and data reading and writing behaviors to steal information. They achieve information interception and cause information leakage by enhancing the compromising radiation or intentionally generating controlled electromagnetic emanations, which is considered as a covert channel for information transmission without the demand for Internet connectivity or physical access. They control the intensity of radiated signal to encode the information. It has the characteristics of simple deployment, strong concealment and difficulty in detection, which brings greater challenges to electromagnetic information security risk detection. This paper breaks through the technology of USB electromagnetic leakage signal analysis and detection for USB behaviors based on the compromising electromagnetic emanations from USB. By analyzing the USB protocols and USB transmission signal characteristics, the USB electromagnetic leakage signal detection and the behaviors recognition algorithm based on electromagnetic fingerprint characteristics is proposed, which can realize USB behaviors recognition including data reading, writing and silence of USB. The experimental test results show that the detection and recognition accuracy of the proposed algorithm is higher than 90%. And the proposed method has high practical value for the USB-based electromagnetic safety risk detection of air-gap equipment.
|Key words: electromagnetic emissions, information security, USB, electromagnetic fingerprint, spectrum feature