Abstract
In this article, we provide an implementation, evaluation, and analysis of PowerHammer - an attack that uses power lines to exfiltrate data from air-gapped computers. A malicious code running on a compromised computer intentionally controls the utilization of the CPU cores. The CPU utilization is electromagnetically conducted and propagated through the power lines in the form of a parasitic signal that is modulated, encoded, and transmitted on top of the current flow fluctuations. This electromagnetic phenomenon is known as 'conducted emission'. In this attack, the attacker taps the indoor electrical power wiring that is connected to the electrical outlet of the compromised computer. The conducted electromagnetic emission of the compromised computer is analyzed and the exfiltrated data is decoded. The proposed attack is then experimentally evaluated and characterized. The communication performance is discussed and a set of defensive countermeasures is presented. A crucial aspect of the proposed covert communication scheme is that it fully conforms to civilian and military conductive emission standards.
Original language | English |
---|---|
Article number | 8894040 |
Pages (from-to) | 1879-1890 |
Number of pages | 12 |
Journal | IEEE Transactions on Information Forensics and Security |
Volume | 15 |
DOIs | |
State | Published - 1 Jan 2020 |
Keywords
- Network security
- air gap
- covert channel
- exfiltration
- power line communication
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications