Air gap (networking)

Last updated
An air gapped network (right) with no connection to a nearby internet-connected network (left) Air gap network.png
An air gapped network (right) with no connection to a nearby internet-connected network (left)

An air gap, air wall, air gapping [1] or disconnected network is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. [2] It means a computer or network has no network interface controllers connected to other networks, [3] [4] with a physical or conceptual air gap, analogous to the air gap used in plumbing to maintain water quality.

Contents

Use in classified settings

An air-gapped computer or network is one that has no network interfaces, either wired or wireless, connected to outside networks. [3] [4] Many computers, even when they are not plugged into a wired network, have a wireless network interface controller (WiFi) and are connected to nearby wireless networks to access the Internet and update software. This represents a security vulnerability, so air-gapped computers have their wireless interface controller either permanently disabled or physically removed. To move data between the outside world and the air-gapped system, it is necessary to write data to a physical medium such as a thumbdrive, and physically move it between computers. Physical access has to be controlled (man identity and storage media itself). It is easier to control than a direct full network interface, which can be attacked from the exterior insecure system and, if malware infects the secure system, can be used to export secure data. That's why some new hardware technologies are also available like unidirectional data diodes or bidirectional diodes (also called electronic airgaps), that physically separate the network and transportation layers and copy and filter the application data.

In environments where networks or devices are rated to handle different levels of classified information, the two disconnected devices or networks are referred to as low side and high side, low being unclassified and high referring to classified, or classified at a higher level. This is also occasionally referred to as red (classified) and black (unclassified). Access policies are often based on the Bell–LaPadula confidentiality model, where data can be moved low-to-high with minimal security measures, while high-to-low requires much more stringent procedures to ensure protection of the data at a higher level of classification. In some cases (for instance industrial critical systems), the policy is different: data can be moved from high-to-low with minimal security measures, but low-to-high requires a high level of procedures to ensure integrity of the industrial safety system.

The concept represents nearly the maximum protection one network can have from another (save turning the device off). One way to transfer data between the outside world and the air-gapped system is to copy data on a removable storage medium such as a removable disk or USB flash drive and physically carry the storage to the other system. This access still has to be carefully controlled since USB drive may have vulnerabilities (see below). The upside to this is that such a network can generally be regarded as a closed system (in terms of information, signals, and emissions security), unable to be accessed from the outside world. The downside is that transferring information (from the outside world) to be analyzed by computers on the secure network is extraordinarily labor-intensive, often involving human security analysis of prospective programs or data to be entered onto air-gapped networks and possibly even human manual re-entry of the data following security analysis. [5] That's why another way to transfer data, used in appropriate situations like critical industries, is to use data diodes and electronic airgaps, that assure a physical cut of the network by a specific hardware.

Sophisticated computer viruses for use in cyberwarfare, such as Stuxnet [6] and Agent.BTZ have been designed to infect air-gapped systems by exploiting security holes related to the handling of removable media. The possibility of using acoustic communication has also been demonstrated by researchers. [7] Researchers have also demonstrated the feasibility of data exfiltration using FM frequency signals. [8] [9]

Examples

Examples of the types of networks or systems that may be air gapped include:

Many of these systems have since added features that connect them during limited periods of time to the organisation's internet (for the need of surveillance or updates) or the public internet, and are no longer effectively and permanently air gapped, including thermostats with internet connections and automobiles with Bluetooth, Wi-Fi and cellular phone connectivity.

Limitations

Limitations imposed on devices used in these environments may include a ban on wireless connections to or from the secure network, or similar restrictions on EM leakage from the secure network through the use of TEMPEST or a Faraday cage.

Despite a lack of direct connection to other systems, air-gapped networks have been shown to be vulnerable to attack in various circumstances.

Scientists in 2013 demonstrated the viability of air gap malware designed to defeat air gap isolation using acoustic signaling.[ citation needed ] Shortly after that, network security researcher Dragos Ruiu's BadBIOS received press attention. [14]

In 2014, researchers introduced AirHopper, a bifurcated attack pattern showing the feasibility of data exfiltration from an isolated computer to a nearby mobile phone, using FM frequency signals. [8] [9]

In 2015, BitWhisper, a covert signaling channel between air-gapped computers using thermal manipulations was introduced. BitWhisper supports bidirectional communication and requires no additional dedicated peripheral hardware. [15] [16]

Later in 2015, researchers introduced GSMem, a method for exfiltrating data from air-gapped computers over cellular frequencies. The transmission - generated by a standard internal bus - renders the computer into a small cellular transmitter antenna. [17] [18]

ProjectSauron malware discovered in 2016 demonstrates how an infected USB device can be used to remotely leak data off of an air-gapped computer. The malware remained undetected for 5 years and relied on hidden partitions on a USB drive not visible to Windows as a transport channel between the air-gapped computer and a computer connected to the internet, presumably as a way to share files between the two systems. [19]

NFCdrip was the name given to the discovery of stealthy data exfiltration through NFC (Near-field communication) radio abuse and signal detection in 2018. Although NFC enables devices to establish effective communication by bringing them within a few centimeters of each other, [20] researchers showed that it can be abused to transmit information at a much longer range than expected - up to 100 meters. [21]

In general, malware can exploit various hardware combinations to leak sensitive information from air-gapped systems using "air-gap covert channels". [22] These hardware combinations use a number of different media to bridge the air-gap, including: acoustic, light, seismic, magnetic, thermal, and radio-frequency. [23] [24] [25]

Software updates

From a security perspective, the main drawback of an air gapped network is the inability of software to automatically self update. Users and system administrators must instead download and install updates manually. If a strict update routine is not followed, this results in out-of-date software running on the network, which may contain known security vulnerabilities. If an adversary manages to gain access to the air gapped network (for instance by contacting a disgruntled employee or using social engineering) they may be able to quickly spread within the air gapped network using such vulnerabilities with a possibly higher success rate than on the public Internet.

System administrators may manage software updates in an air gapped network using dedicated solutions such as Windows Server Update Services or network logon scripts. Such mechanisms would allow all computers on the air gapped network to automatically install updates after the system administrator downloads the updates from the Internet once. The problem is not completely eliminated though, especially if users have administrative privileges on their local workstations and are therefore able to install software which is not centrally managed. The presence of IoT devices requiring firmware updates can also complicate matters, since often such updates cannot be centrally managed.

See also

Related Research Articles

<span class="mw-page-title-main">Computer worm</span> Self-replicating malware program

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

SCADA is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also covers sensors and other devices, such as programmable logic controllers, which interface with process plant or machinery.

<span class="mw-page-title-main">Tempest (codename)</span> Espionage using electromagnetic leakage

TEMPEST is a U.S. National Security Agency specification and a NATO certification referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations. TEMPEST covers both methods to spy upon others and how to shield equipment against such spying. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC).

An over-the-air update, also known as over-the-air programming, is an update to an embedded system that is delivered through a wireless network, such as Wi-Fi or a cellular network. These embedded systems include mobile phones, tablets, set-top boxes, cars and telecommunications equipment. OTA updates for cars and internet of things devices can also be called firmware over-the-air (FOTA). Various components may be updated OTA, including the device's operating system, applications, configuration settings, or parameters like encryption keys.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

In computing, a wireless intrusion prevention system (WIPS) is a network device that monitors the radio spectrum for the presence of unauthorized access points (intrusion detection), and can automatically take countermeasures (intrusion prevention).

A data breach, also known as data leakage, is "the unauthorized exposure, disclosure, or loss of personal information". Since the advent of data breach notification laws in 2005, reported data breaches have grown dramatically.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

TURBINE is the codename of an automated system which enables the United States National Security Agency (NSA) automated management and control of a large surveillance network.

Air-gap malware is malware that is designed to defeat the air-gap isolation of secure computer systems using various air-gap covert channels.

The following outline is provided as an overview of and topical guide to computer security:

Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, Internet-of-things devices, and other wireless devices to corporate networks creates attack paths for security threats. Endpoint security attempts to ensure that such devices follow a definite level of compliance to standards.

Automotive hacking is the exploitation of vulnerabilities within the software, hardware, and communication systems of automobiles.

<span class="mw-page-title-main">Yuval Elovici</span>

Yuval Elovici is a computer scientist. He is a professor in the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev (BGU), where he is the incumbent of the Davide and Irene Sala Chair in Homeland Security Research. He is the director of the Cyber Security Research Center at BGU and the founder and director of the Telekom Innovation Laboratories at Ben-Gurion University. In addition to his roles at BGU, he also serves as the lab director of Singapore University of Technology and Design’s (SUTD) ST Electronics-SUTD Cyber Security Laboratory, as well as the research director of iTrust. In 2014 he co-founded Morphisec, a start-up company, that develops cyber security mechanisms related to moving target defense.

A security switch is a hardware device designed to protect computers, laptops, smartphones and similar devices from unauthorized access or operation, distinct from a virtual security switch which offers software protection. Security switches should be operated by an authorized user only; for this reason, it should be isolated from other devices, in order to prevent unauthorized access, and it should not be possible to bypass it, in order to prevent malicious manipulation.

Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.

The Internet of Military Things (IoMT) is a class of Internet of things for combat operations and warfare. It is a complex network of interconnected entities, or "things", in the military domain that continually communicate with each other to coordinate, learn, and interact with the physical environment to accomplish a broad range of activities in a more efficient and informed manner. The concept of IoMT is largely driven by the idea that future military battles will be dominated by machine intelligence and cyber warfare and will likely take place in urban environments. By creating a miniature ecosystem of smart technology capable of distilling sensory information and autonomously governing multiple tasks at once, the IoMT is conceptually designed to offload much of the physical and mental burden that warfighters encounter in a combat setting.

References

  1. "What is air gapping (air gap attack)?". WhatIs.com. Retrieved 2020-12-16.
  2. Internet Security Glossary, Version 2. RFC   4949 .
  3. 1 2 Zetter, Kim (8 December 2014). "Hacker Lexicon: What is an air gap?". Wired. Conde Nast. Retrieved 21 January 2019.
  4. 1 2 Bryant, William D. (2015). International Conflict and Cyberspace Superiority: Theory and Practice. Routledge. p. 107. ISBN   978-1317420385.
  5. Lemos, Robert (2001-02-01). "NSA attempting to design crack-proof computer". ZDNet News. CBS Interactive, Inc. Retrieved 2012-10-12. For example, top-secret data might be kept on a different computer than data classified merely as sensitive material. Sometimes, for a worker to access information, up to six different computers can be on a single desk. That type of security is called, in typical intelligence community jargon, an air gap.
  6. "Stuxnet delivered to Iranian nuclear plant on thumb drive". CNET. 12 April 2012.
  7. Putz, Florentin; Álvarez, Flor; Classen, Jiska (2020-07-08). "Acoustic integrity codes". Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. Linz Austria: ACM. pp. 31–41. arXiv: 2005.08572 . doi:10.1145/3395351.3399420. ISBN   978-1-4503-8006-5. S2CID   218673467.
  8. 1 2 Guri, Mordechai; Kedma, Gabi; Kachlon, Assaf; Elovici, Yuval (November 2014). "AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio Frequencies". arXiv: 1411.0237 [cs.CR].
  9. 1 2 Guri, Mordechai; Kedma, Gabi; Kachlon, Assaf; Elovici, Yuval (November 2014). "How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone - AirHopper". BGU Cyber Security Labs.
  10. Rist, Oliver (2006-05-29). "Hack Tales: Air-gap networking for the price of a pair of sneakers". Infoworld. IDG Network. Retrieved 2009-01-16. In high-security situations, various forms of data often must be kept off production networks, due to possible contamination from nonsecure resources — such as, say, the Internet. So IT admins must build enclosed systems to house that data — stand-alone servers, for example, or small networks of servers that aren't connected to anything but one another. There's nothing but air between these and other networks, hence the term air gap, and transferring data between them is done the old-fashioned way: moving disks back and forth by hand, via 'sneakernet'.
  11. "Weber vs SEC" (PDF). insurancenewsnet.com. 2012-11-15. p. 35. Archived from the original (PDF) on 2013-12-03. Retrieved 2012-12-06. Stock exchange internal network computer systems are so sensitive that they are "air gapped" and not attached to the internet, in order to protect them from attack, intrusion, or other malicious acts by third party adversaries.
  12. "Weber vs SEC". Industrial internal network computer systems are so sensitive that they are "air gapped" and neither attached to the internet nor insecurely connects to the corporate network, in order to protect them from attack, intrusion, or other malicious acts by third party adversaries.
  13. Zetter, Kim (2008-01-04). "FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack". Wired Magazine. CondéNet, Inc. Archived from the original on 23 December 2008. Retrieved 2009-01-16. (...Boeing...) wouldn't go into detail about how (...it...) is tackling the issue but says it is employing a combination of solutions that involves some physical separation of the networks, known as air gaps, and software firewalls.
  14. Leyden, John (5 Dec 2013). "Hear that? It's the sound of BadBIOS wannabe chatting over air gaps" . Retrieved 30 December 2014.
  15. Guri, Mordechai; Monitz, Matan; Mirski, Yisroel; Elovici, Yuval (April 2015). "BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations". arXiv: 1503.07919 [cs.CR].
  16. Guri, Mordechai; Monitz, Matan; Mirski, Yisroel; Elovici, Yuval (March 2015). "BitWhisper: The Heat is on the Air-Gap". BGU Cyber Security Labs.
  17. Guri, Mordechai; Kachlon, Assaf; Hasson, Ofer; Kedma, Gabi; Mirsky, Yisroel; Elovici, Yuval (August 2015). "GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies". 24th USENIX Security Symposium (USENIX Security 15): 849–864. ISBN   9781931971232.
  18. Guri, Mordechai; Kachlon, Assaf; Hasson, Ofer; Kedma, Gabi; Mirsky, Yisroel; Monitz, Matan; Elovici, Yuval (July 2015). "GSMem Breaking The Air-Gap". Cyber Security Labs @ Ben Gurion University. Archived from the original on 2021-12-19.
  19. Chris Baraniuk (2016-08-09). "'Project Sauron' malware hidden for five years". BBC.
  20. Cameron Faulkner. "What is NFC? Everything you need to know". Techradar.com. Retrieved 30 November 2015.
  21. "NFCdrip: NFC Data Exfiltration Research". Checkmarx. Retrieved 19 December 2018.
  22. Carrara, Brent (September 2016). “Air-Gap Covert Channels.” Ph. D. Thesis. University of Ottawa.
  23. Carrara, Brent; Adams, Carlisle (2016). "A Survey and Taxonomy Aimed at the Detection and Measurement of Covert Channels". Proceedings of the 4th ACM Workshop on Information Hiding and Multimedia Security - IH&MMSec '16. pp. 115–126. doi:10.1145/2909827.2930800. ISBN   9781450342902. S2CID   34896818.
  24. Carrara, Brent; Adams, Carlisle (2016-06-01). "Out-of-Band Covert Channels—A Survey". ACM Computing Surveys. 49 (2): 1–36. doi:10.1145/2938370. ISSN   0360-0300. S2CID   13902799.
  25. Cimpanu, Catalin. "Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems". ZDNet.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.