CN111949988A - Active electromagnetic vulnerability detection system and method for physically isolated computer - Google Patents

Active electromagnetic vulnerability detection system and method for physically isolated computer Download PDF

Info

Publication number
CN111949988A
CN111949988A CN202010629600.XA CN202010629600A CN111949988A CN 111949988 A CN111949988 A CN 111949988A CN 202010629600 A CN202010629600 A CN 202010629600A CN 111949988 A CN111949988 A CN 111949988A
Authority
CN
China
Prior art keywords
leakage
electromagnetic
computer
signal
tested
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010629600.XA
Other languages
Chinese (zh)
Other versions
CN111949988B (en
Inventor
王梦寒
刘文斌
李雨锴
齐国雷
丁建锋
寇云峰
宋滔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electronic Technology Cyber Security Co Ltd
Original Assignee
China Electronic Technology Cyber Security Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electronic Technology Cyber Security Co Ltd filed Critical China Electronic Technology Cyber Security Co Ltd
Priority to CN202010629600.XA priority Critical patent/CN111949988B/en
Publication of CN111949988A publication Critical patent/CN111949988A/en
Application granted granted Critical
Publication of CN111949988B publication Critical patent/CN111949988B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Examining Or Testing Airtightness (AREA)

Abstract

The invention relates to the field of electromagnetic safety detection, and discloses an electromagnetic vulnerability active detection system and method aiming at a physical isolation computer, wherein the system comprises electromagnetic signal active excitation end software, a receiving device and an analysis device, wherein the electromagnetic signal active excitation end software runs on a tested computer and actively excites a regular leakage signal with signal modulation capability; the receiving equipment receives the actively excited leakage signal and sends the leakage signal to the analysis equipment; the analysis equipment realizes extraction, storage and change presentation of the leakage characteristics of the tested computer or restores the leakage information, thereby realizing more visual vulnerability presentation. The invention deals with the threat of electromagnetic leakage of the physical isolation computer from the aspects of active detection and field detection, not only ensures that the leak detection is more rigorous and reliable, but also is more flexible in the aspect of subsequent leak detection expansion, also makes up the defect of the traditional passive detection, and effectively solves the problem of quick positioning of the electromagnetic leak of the physical isolation computer equipment.

Description

Active electromagnetic vulnerability detection system and method for physically isolated computer
Technical Field
The invention relates to the technical field of electromagnetic security detection, in particular to an electromagnetic vulnerability active detection system and method for a physical isolation computer.
Background
With the rapid development of informatization, more and more information devices and more complex electromagnetic environments are provided, and particularly, computer devices are widely applied, and the problem of electromagnetic leakage is more and more prominent. Meanwhile, the novel hidden secret stealing means of the physical isolation network series of the Snooden exposure form serious threats to the computer network security, and the difficulty of electromagnetic information leakage detection is greatly increased. On the other hand, the domestic situation faces the practical situation that the mechanism of the novel hidden secret stealing means is not completely known, the existing electromagnetic information leakage information detection technology of the computer is relatively passive, and the traditional passive receiving and restoring technology based on the leakage of a computer screen and the like is difficult to adapt to the field security assessment and the like, and a breakthrough is urgently needed.
The 'physical isolation network electromagnetic vulnerability research' provides that for a physical isolation network, electromagnetic vulnerabilities mainly refer to defects of hardware and systems of the network, and by utilizing the defects, electromagnetic signal receiving and transmitting covert channels can be directly established or established by implanting malicious software, so that physical isolation is broken through. Meanwhile, the sound and light loopholes are defined as generalized electromagnetic loopholes. How to efficiently and accurately comprehensively detect whether computer equipment has electromagnetic vulnerability hidden danger which can be triggered unintentionally or utilized maliciously, further reduces the electromagnetic information leakage risk of the computer equipment, and how to improve the electromagnetic safety field detection capability of the computer equipment, realizes more comprehensive safety evaluation, and is an urgent need for computer network electromagnetic safety detection under the current situation.
Disclosure of Invention
In order to solve the problems, the invention provides an electromagnetic leak active detection system and method for a physical isolation computer, which consider the electromagnetic information security threat and leak hidden danger of the physical isolation computer, deal with the electromagnetic leakage threat of the physical isolation computer from the aspects of active detection and field detection, not only enable leak detection to be more precise and reliable, but also enable leak detection to be more flexible in the aspect of subsequent leak detection expansion, make up the defects of traditional passive detection, effectively solve the problem of rapid positioning of the electromagnetic leak of the physical isolation computer equipment, and greatly improve the electromagnetic security field detection capability and the security assessment capability of computer equipment, thereby providing an effective and reasonable guide basis for promoting the electromagnetic security detection, protection and assessment application of information equipment.
The invention relates to an electromagnetic vulnerability active detection system for a physical isolation computer, which comprises electromagnetic signal active excitation end software, a receiving device and an analysis device, wherein the electromagnetic signal active excitation end software is used for actively exciting an electromagnetic vulnerability; the electromagnetic signal active excitation terminal software runs on a tested computer, simulates various behaviors or operations, actively excites a regular leakage signal with signal modulation capability, encodes sensitive information in the tested computer into 0/1 bits, and adjusts leakage characteristics as parameter input; the simulation of various behaviors or operations mainly reads sensitive information by calling different control interfaces or data writing interfaces on a tested computer and generates sound leakage, light leakage and electromagnetic leakage with corresponding characteristics; the receiving equipment receives the actively excited leakage signal and sends the leakage signal to the analyzing equipment, and the receiving equipment comprises a computer sound card, an optical sensor and AM demodulation equipment; the analysis equipment can realize extraction, storage and change presentation of the leakage characteristics of the tested computer, or restore leakage information, and realize more visual vulnerability presentation.
Furthermore, the active detection system for electromagnetic vulnerabilities of the present invention can detect a certain vulnerability or a certain type of vulnerabilities individually, or detect all vulnerabilities by cyclic scanning:
for certain or some types of loopholes, the electromagnetic signal active excitation end software generates sound leakage, light leakage or electromagnetic leakage with corresponding characteristics by calling an interface corresponding to the loophole to be detected on a detected computer, and sends the sound leakage, the light leakage or the electromagnetic leakage to the analysis equipment through the receiving equipment, and when the analysis equipment presents changed leakage characteristics or the analysis equipment presents changed leakage characteristics and restores information, the loophole detection is completed;
for cyclic scanning and detecting all loopholes, firstly, determining a corresponding leakage path in the electromagnetic signal active excitation end software, and then determining the corresponding leakage paths in the corresponding receiving equipment and the corresponding analysis equipment; and then selecting a vulnerability detection method corresponding to the leakage path for detection, and after the vulnerability detection is completed, repeating the vulnerability detection step to select other vulnerabilities for detection until all vulnerability detections are completed.
Further, the acoustic leakage includes a fan vibration leakage, a speaker or a buzzer ultrasonic leakage;
and (3) vibration leakage of the fan: the electromagnetic signal initiatively activates end software, sensitive information in a tested computer is coded into 0/1 bits as parameter input by controlling a fan rotating speed interface control interface FANCONTROL type and calling a SetFan interface of the fan, the rotating speed of a computer radiating fan is adjusted, cavity resonance around the fan is caused by controlling the change of the rotating speed of the computer fan, sound waves with ultrasonic frequency are generated, frequency signals generated by different rotating speeds of the fan are modulated onto the ultrasonic carrier, and therefore vibration leakage of the fan is achieved;
loudspeaker or buzzer ultrasonic leakage: the electromagnetic signal active excitation terminal software is used for coding sensitive information inside a computer to be tested into 0/1 bits as parameter input by calling a waveOut/Beep/DirectSound interface function or a modulated modulation function, a bandp filtering function and a sound card output function in matlab to adjust the characteristic of computer loudspeaker sounding, coding the sensitive information inside the computer to be tested into 0/1 bits as parameter input by calling the Beep interface function to adjust the characteristic of computer buzzer sounding, generating sound waves with ultrasonic frequency by controlling the sounding of the computer loudspeaker or the buzzer, and modulating the carrier waves by signals to realize the ultrasonic leakage of the loudspeaker or the buzzer.
Further, the light leakage comprises screen light leakage and hard disk indicator light leakage;
screen light leakage: the electromagnetic signal active excitation terminal software utilizes a brightness adjusting interface CGamaRamp class and calls a SetBerghtness interface thereof to code sensitive information in the tested computer into 0/1 bits as parameter input to adjust the screen brightness or the intensity of a backlight signal, and screen light leakage is realized by controlling the weak change of the screen brightness of the tested computer;
hard disk indicator lamp leakage: the electromagnetic signal actively activates the end software, sensitive information in the computer to be tested is coded into 0/1 bits as parameter input by calling a read data interface ReadFile to adjust the frequency of the periodic flicker of the indicator light, and the leakage of the hard disk indicator light is realized by controlling the frequency change of the flicker of the hard disk indicator light of the computer to be tested.
Further, the electromagnetic leakage comprises serial port electromagnetic leakage, screen electromagnetic leakage and CPU electromagnetic leakage;
electromagnetic leakage of the serial port: the electromagnetic signal active excitation terminal software utilizes serial port communication to encode sensitive information in a tested computer into 0/1 bits through a serial port connecting line interface to be used as parameter input to adjust the characteristic of serial port electromagnetic leakage, and the serial port electromagnetic leakage is realized through serial port radiation leakage emission or through serial port line and power line conduction leakage emission;
electromagnetic leakage of the screen: the electromagnetic signal active excitation end software encodes sensitive information in a tested computer into 0/1 bits by using an SDL _ FillRect interface function and a pixelhen interface function as parameter input to dynamically adjust the electromagnetic leakage characteristic period of a computer display screen, and realizes screen electromagnetic leakage through display screen radiation leakage emission or through related VGA cable and power line conduction leakage emission;
electromagnetic leakage of the CPU: the electromagnetic signal actively activates the end software, and sensitive information in a tested computer is encoded into 0/1 bits as parameter input by calling an _ mm _ stream _ si128 interface function and a QueryPerformancefrequency interface function so as to dynamically adjust the characteristic cycle of CPU electromagnetic leakage; the method comprises the steps of calling a _ mm _ stream _ si128 interface function to perform write operation switching to generate a carrier signal, calling a QueryPerformancefrequency interface function to generate a signal frequency required by a modulation signal, and realizing CPU electromagnetic leakage through CPU bus radiation leakage emission.
The invention relates to an electromagnetic vulnerability active detection method aiming at a physical isolation computer, which actively excites a regular leakage signal with signal modulation capability, encodes sensitive information in the tested computer into 0/1 bits, and adjusts leakage characteristics as parameter input; reading sensitive information by calling different control interfaces or data writing interfaces on a tested computer, and generating sound leakage, light leakage and electromagnetic leakage with corresponding characteristics; receiving the actively excited leakage signal by using receiving equipment, wherein the receiving equipment comprises a computer sound card, an optical sensor and AM demodulation equipment; and the leakage characteristics of the computer to be detected are extracted, stored and changed, or the leakage information is restored, so that more visual vulnerability presentation is realized.
Further, for a certain vulnerability or a certain type of vulnerability detection: generating sound leakage, light leakage or electromagnetic leakage with corresponding characteristics by calling an interface corresponding to the loophole to be detected on the computer to be detected, receiving and analyzing the sound leakage, the light leakage or the electromagnetic leakage, and finishing loophole detection when the changed leakage characteristics appear or the changed leakage characteristics appear and information is restored;
and further, circularly scanning and detecting all vulnerabilities, firstly determining a leakage path, then selecting a vulnerability detection method corresponding to the leakage path for detection, and after the vulnerability detection is finished, repeating the vulnerability detection step to select other vulnerabilities for detection until all vulnerability detections are finished.
Further, the acoustic leakage includes a fan vibration leakage, a speaker or a buzzer ultrasonic leakage;
the method for generating the vibration leakage of the fan comprises the following steps: the fan rotating speed interface control interface FANCONTROL type is used for calling a SetFan interface to encode sensitive information in a tested computer into 0/1 bits as parameter input to adjust the rotating speed of a computer cooling fan, cavity resonance around the fan is caused by controlling the change of the rotating speed of the computer fan, sound waves with ultrasonic frequency are generated, frequency signals generated by different rotating speeds of the fan are modulated onto ultrasonic carriers, and therefore vibration leakage of the fan is achieved;
the method for generating the ultrasonic leakage of the loudspeaker or the buzzer comprises the following steps: calling a waveOut/Beep/direct sound interface function, or a modulated modulation function, a bandp filtering function and a sound card output function in matlab to encode sensitive information in a tested computer into 0/1 bits as parameter input to adjust the characteristic of computer loudspeaker sounding, encoding the sensitive information in the tested computer into 0/1 bits as parameter input to adjust the characteristic of computer buzzer sounding by calling the Beep interface function, generating sound waves of ultrasonic frequency by controlling the computer loudspeaker or the buzzer sounding, and modulating the carrier wave by signals to realize the ultrasonic leakage of the loudspeaker or the buzzer.
Further, the light leakage comprises screen light leakage and hard disk indicator light leakage;
the generation method of screen light leakage comprises the following steps: encoding sensitive information inside a tested computer into 0/1 bits as parameter input by utilizing a CGamaRamp type of a brightness adjusting interface and calling a SetBerghtness interface of the CGamaRamp type to adjust the screen brightness or the intensity of a backlight signal, and realizing screen light leakage by controlling the weak change of the screen brightness of the tested computer;
the method for generating the leakage of the hard disk indicator lamp comprises the following steps: sensitive information inside the computer to be tested is coded into 0/1 bits as parameter input by calling a read data interface ReadFile to adjust the frequency of the periodical flicker of the indicator light, and the leakage of the hard disk indicator light is realized by controlling the frequency change of the flicker of the hard disk indicator light of the computer to be tested.
Further, the electromagnetic leakage comprises serial port electromagnetic leakage, screen electromagnetic leakage and CPU electromagnetic leakage;
the method for generating the electromagnetic leakage of the serial port comprises the following steps: by using serial port communication, sensitive information in a tested computer is coded into 0/1 bits through a serial port connecting wire interface to be used as parameter input to adjust the characteristic of serial port electromagnetic leakage, and the serial port electromagnetic leakage is realized through serial port radiation leakage emission or through serial port wire and power line conduction leakage emission;
the method for generating the electromagnetic leakage of the screen comprises the following steps: the method comprises the steps that sensitive information in a tested computer is coded into 0/1 bits as parameter input by using an SDL _ FillRect interface function and a pixelhen interface function, so that the electromagnetic leakage characteristic period of a computer display screen is dynamically adjusted, and the electromagnetic leakage of the screen is realized through radiation leakage emission of the display screen or conduction leakage emission of a related VGA cable and a power line;
the CPU electromagnetic leakage generation method comprises the following steps: sensitive information inside a tested computer is encoded into 0/1 bits as parameter input by calling a _ mm _ stream _ si128 interface function and a QueryPerformancefrequency interface function, so that the characteristic cycle of CPU electromagnetic leakage is dynamically adjusted; the method comprises the steps of calling a _ mm _ stream _ si128 interface function to perform write operation switching to generate a carrier signal, calling a QueryPerformancefrequency interface function to generate a signal frequency required by a modulation signal, and realizing CPU electromagnetic leakage through CPU bus radiation leakage emission.
The invention has the beneficial effects that:
the method realizes comprehensive scanning of potential leakage sources and various channels which can be utilized for electromagnetic information leakage by tracking leakage signals and leakage paths excited by different interfaces, rapidly locates the loopholes, obtains the specific types of the existing/potential electromagnetic loopholes of the computer to be detected, and estimates the safety protection capability of the computer for the existence of the loopholes. The detection method comprises computer sound leakage hole detection, light leak detection and electromagnetic leak detection, and particularly relates to various leak detections such as fan vibration, a loudspeaker/buzzer, screen light, a hard disk indicator light, serial port leakage/USB-to-serial port, screen display, CPU bus radiation and the like.
The invention comprehensively considers the electromagnetic information security threat and the loophole hidden danger of the physical isolation computer, deals with the electromagnetic leakage threat of the physical isolation computer from the aspects of active detection and field detection, not only ensures that the loophole detection is more rigorous and reliable, is more flexible in the aspect of subsequent loophole detection expansion, but also makes up the defects of the traditional passive detection, effectively solves the problem of quick positioning of the electromagnetic loophole of the physical isolation computer equipment, and greatly improves the electromagnetic security field detection capability and the security assessment capability of the computer equipment, thereby providing an effective and reasonable guide basis for promoting the electromagnetic security detection, protection and assessment application of the information equipment.
Drawings
Fig. 1 is a schematic diagram of an electromagnetic vulnerability active detection system according to embodiment 1 of the present invention;
FIG. 2 is a flow chart of the active detection of computer sound leakage holes in embodiment 2 of the present invention;
FIG. 3 is a flowchart of the active detection of computer light vulnerabilities according to embodiment 3 of the present invention;
FIG. 4 is a flowchart of the active detection of electromagnetic vulnerabilities in computer according to embodiment 4 of the present invention.
Detailed Description
In order to more clearly understand the technical features, objects, and effects of the present invention, specific embodiments of the present invention will now be described. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The embodiment provides an electromagnetic vulnerability active detection system and method for a physical isolation computer, and as shown in fig. 1, the electromagnetic vulnerability active detection system comprises electromagnetic signal active excitation end software, a receiving device and an analysis device. The electromagnetic signal active excitation terminal software runs on a tested computer, simulates various behaviors or operations, actively excites regular leakage signals with signal modulation capacity, encodes sensitive information in the tested computer into 0/1 bits, and uses the 0/1 bits as parameter input to adjust leakage characteristics. The simulation of various behaviors or operations mainly comprises the steps of calling different control interfaces or data writing interfaces on a tested computer to read sensitive information and generating acoustic leakage, light leakage and electromagnetic leakage with corresponding characteristics. The receiving equipment receives the actively excited leakage signal and sends the leakage signal to the analysis equipment, and the receiving equipment comprises a computer sound card, an optical sensor and an AM demodulation equipment. The analysis equipment can realize extraction, storage and change presentation of the leakage characteristics of the tested computer, or restore leakage information, and realize more visual vulnerability presentation.
The active electromagnetic vulnerability detection system can track leakage signals and leakage paths excited by different interfaces, comprehensively scan potential leakage sources of a computer to be detected and various channels capable of being utilized for electromagnetic information leakage, quickly locate vulnerabilities, obtain specific types of existing/potential electromagnetic vulnerabilities of the computer to be detected, and estimate the security protection capability of the computer for the existence of vulnerabilities.
The active detection method for the electromagnetic loophole of the physical isolation computer comprises computer sound loophole detection, light loophole detection and electromagnetic loophole detection, and specifically relates to various loophole detections such as fan vibration, a loudspeaker/buzzer, screen light, a hard disk indicator light, serial port leakage/USB-to-serial port, screen display, CPU bus radiation and the like.
The active detection method for electromagnetic vulnerabilities of the embodiment can be used for independently detecting a certain vulnerability or a certain type of vulnerabilities, or circularly scanning and detecting all vulnerabilities, wherein:
detecting a certain vulnerability or a certain type of vulnerabilities: generating sound leakage, light leakage or electromagnetic leakage with corresponding characteristics by calling an interface corresponding to the loophole to be detected on the computer to be detected, receiving and analyzing the sound leakage, the light leakage or the electromagnetic leakage, and finishing loophole detection when the changed leakage characteristics appear or the changed leakage characteristics appear and information is restored;
and circularly scanning and detecting all vulnerabilities, firstly determining a leakage path, then selecting a vulnerability detection method corresponding to the leakage path for detection, and after the vulnerability detection is finished, repeating the vulnerability detection step to select other vulnerabilities for detection until all vulnerability detections are finished.
Example 2
This example is based on example 1:
computer sound leak hole initiative is detected, specifically includes fan vibration leak detection and speaker/buzzer supersound leak detection, and its detection step is shown as figure 2:
(1) detecting a vibration leak of a computer fan:
the leakage path is selected as fan vibration, and the content of the leakage information (English or Chinese editing can be carried out) is edited and stored. The electromagnetic signal actively excites the end software, the fan rotating speed interface control interface FANCONTROL class and calls the SetFan () interface to encode the sensitive information in the computer to be tested into 0/1 bits as parameter input to adjust the rotating speed of the computer cooling fan, the cavity resonance around the fan is caused by controlling the change of the rotating speed of the computer fan to generate sound wave with ultrasonic frequency, the frequency signals generated by different rotating speeds of the fan can be modulated on the ultrasonic carrier wave, and the vibration leakage of the fan is realized by utilizing the principle. The fan vibration leakage signal is received through the sound card and sent to the analysis equipment, the analysis equipment extracts and stores the fan vibration leakage characteristics and presents the variation of amplitude, intensity and the like of the leakage signal, or restores the leakage information carried by the rotation of the fan to present the more intuitive leak according to the detected variation of amplitude, intensity and the like of the fan rotation leakage signal, namely the detection of the computer fan vibration leak is completed. The computer fan vibration vulnerability detection method can be used for detecting computer fan vibration ultrasonic leakage level and carrying ultrasonic information leakage threat, and can also be used for detecting the safety protection capability of the computer fan vibration ultrasonic vulnerability.
(2) The method comprises the following steps of (1) ultrasonic vulnerability detection of a computer loudspeaker/buzzer:
and selecting the leakage path as ultrasonic, editing the content of the leakage information (English or Chinese editing can be performed) and storing the content. The method comprises the steps that electromagnetic signals actively excite terminal software, sensitive information inside a tested computer is coded into 0/1 bits to serve as parameter input through calling a waveOut ()/Beep ()/DirectSound () interface function or a modulated () modulation function, a bandp () filtering function and a sound () sound card output function in matlab, the sound emitting characteristic of a computer loudspeaker is adjusted through calling the Beep () interface function to code the sensitive information inside the tested computer into 0/1 bits to serve as parameter input, the sound emitting characteristic of a computer buzzer is adjusted through controlling the sound emitting of the computer loudspeaker/buzzer, sound waves of ultrasonic frequency are generated, and the carrier waves are modulated through signals to achieve the ultrasonic leakage of the loudspeaker/buzzer. The method comprises the steps that a loudspeaker/buzzer ultrasonic leakage signal is received through a sound card and sent to analysis equipment, the analysis equipment extracts and stores the loudspeaker/buzzer ultrasonic leakage characteristic and presents the amplitude, the intensity and other changes of the leakage signal, or the leakage information carried by the loudspeaker/buzzer is restored according to the detected amplitude, the intensity and other changes of the leakage signal to present a more visual leak, and therefore the computer loudspeaker/buzzer ultrasonic leak detection is completed. The computer ultrasonic vulnerability detection method can be used for detecting whether computer ultrasonic vulnerability exists or not and detecting the computer ultrasonic information leakage safety protection capability.
After the electromagnetic signal active excitation end software related to the computer sound leakage hole active detection method sends a file start mark (signal frequency: 16kHz), character contents in a leakage file are sequentially sent according to 0/1bit codes (the signal frequencies are 17kHz and 19kHz respectively), and after the file contents are sent, a file end mark (16kHz) is sent.
Example 3
This example is based on example 1:
computer light leak active detection specifically includes screen light leak detection and hard disk pilot lamp leak detection, and its detection step is shown in fig. 3:
(1) detecting the light loophole of a computer screen:
and selecting the leakage path as screen light, editing the content of the leakage information (English or Chinese editing can be performed) and storing the content. The electromagnetic signal actively activates the end software, utilizes a brightness adjusting interface CGamaRamp class and calls a SetBerghtness () interface thereof to code sensitive information inside the computer to be tested into 0/1 bits as parameter input to adjust the screen brightness, and realizes screen light leakage by controlling the weak change (the intensity of backlight signals) of the screen brightness of the computer to be tested. The method comprises the steps that an optical sensor is used for collecting a computer screen light leakage signal to be detected, the optical signal is converted into an electric signal to be sent to an analysis device, the analysis device extracts and stores screen light leakage characteristics and presents changes of amplitude, intensity and the like of the leakage signal, or restores leakage information carried by screen light to present more visual leaks according to the changes of the amplitude, the intensity and the like of the leakage signal detected at the frequency of 210Hz, and therefore computer screen light leak detection is completed. The computer screen light leak detection method can be used for detecting whether the computer screen has the light leak or not and can also be used for detecting the light information leakage safety protection capability of the computer screen.
(2) Detecting bugs of a computer hard disk indicator lamp:
and selecting the vulnerability scanning way as a hard disk indicator light, editing the content of the leakage information (English or Chinese editing can be performed) and storing the content. The electromagnetic signal actively activates the end software, sensitive information in the computer to be tested is coded into 0/1 bits as parameter input by calling a read data interface ReadFile (), the frequency of the periodical flicker of the indicator light is adjusted, and the leakage of the hard disk indicator light is realized by controlling the weak change (frequency change) of the flicker of the hard disk indicator light of the computer to be tested. The method comprises the steps that an optical sensor is used for collecting leakage signals of the computer hard disk indicator lamp to be detected, the optical signals are converted into electric signals to be sent to analysis equipment, the analysis equipment extracts and stores the leakage characteristics of the hard disk indicator lamp and displays the amplitude, the intensity and other changes of the leakage signals, or the leakage information carried by the hard disk indicator lamp is restored according to the detected changes of the amplitude, the intensity and other changes of the leakage signals to display more visual leaks, and therefore leak detection of the computer hard disk indicator lamp is completed. The computer hard disk indicator light leak detection method can be used for detecting whether the computer hard disk indicator light has a leak or not and can also be used for detecting the information leakage safety protection capability of the computer indicator light.
After an electromagnetic signal active excitation terminal software related to a computer light vulnerability active detection method sends a file start mark (10 continuous bits 1), character contents in a leaked file are sequentially sent according to 0/1bit codes (bit 1 is slightly bright correspondingly, bit 0 is slightly dark correspondingly), and after the file contents are sent, a file end mark (10 continuous bits 0) is sent.
Example 4
This example is based on example 1:
the computer electromagnetic vulnerability active detection specifically comprises serial port leakage/USB-to-serial port vulnerability detection, screen electromagnetic vulnerability detection and CPU electromagnetic vulnerability detection, and the detection steps are as shown in FIG. 4:
(1) detecting computer serial port leakage/USB-to-serial port loophole:
and selecting the leakage path as serial port/USB to serial port, editing the content of the leakage information (capable of editing English or Chinese) and storing the content. The electromagnetic signal actively activates the end software, utilizes serial port communication, and encodes sensitive information inside the computer to be tested into 0/1 bits as parameter input through a serial port connecting line interface to adjust the characteristics of serial port electromagnetic leakage. And the electromagnetic leakage of the serial port is realized through the radiation leakage emission of the serial port or the conduction leakage emission of a serial port line and a power line. And receiving by using an AM demodulation device, searching typical frequency points, searching carrier frequency of leakage information, sending the demodulated and converted signal to an analysis device, extracting and storing the leakage characteristics of the serial port/USB-to-serial port by the analysis device, and presenting the variation of amplitude, intensity and the like of the leakage signal, or reducing the leakage information carried by the serial port according to the detected variation of amplitude, intensity and the like of the leakage signal to present more intuitive loopholes, namely finishing the detection of the electromagnetic loopholes of the serial port/USB-to-serial port of the computer. The computer serial port leak/USB-to-serial port leak detection method can be used for detecting the electromagnetic leakage level and the electromagnetic information leakage threat of the computer serial port, the serial port line and the related power line, and can also be used for detecting the electromagnetic information leakage safety protection capability of the computer serial port, the related serial port line and the power line.
(2) Detecting electromagnetic loopholes on a computer screen:
and selecting the leakage path as a display screen, editing the content of the leakage information (English or Chinese editing can be performed) and storing the content. The electromagnetic signal actively activates the end software, utilizes an SDL _ FillRect () interface function and a pixelhen () interface function to encode sensitive information in a tested computer into 0/1 bits as parameter input to dynamically adjust the electromagnetic leakage characteristic period of a computer display screen, and realizes screen electromagnetic leakage through display screen radiation leakage emission or relevant VGA cable and power line conduction leakage emission. And receiving by using AM demodulation equipment, searching typical frequency points, searching carrier frequency of leakage information, sending the demodulated and converted signal to analysis equipment, extracting and storing screen leakage characteristics by the analysis equipment, presenting changes of amplitude, intensity and the like of the leakage signal, or restoring the leakage information carried by a screen to present more intuitive loopholes according to the detected changes of the amplitude, the intensity and the like of the leakage signal, namely finishing the electromagnetic loophole detection of the computer screen. The computer screen electromagnetic leak detection method can be used for detecting whether the computer display screen has electromagnetic leaks or not, and can also be used for detecting the electromagnetic information leakage safety protection capability of the computer display screen and related VGA lines and power lines.
(3) Detecting electromagnetic loopholes of a computer CPU bus:
the leakage path is selected as a CPU bus, and the content of the leakage information (English or Chinese editing can be carried out) is edited and stored. The electromagnetic signal actively activates the software, and sensitive information inside the computer to be tested is encoded into 0/1 bits as parameter input by calling interface functions such as _ mm _ stream _ si128() interface function and QueryPerformancefrequency (), so that the characteristic cycle of CPU electromagnetic leakage is dynamically adjusted. The method comprises the steps of calling an interface function of _ mm _ stream _ si128() to perform write operation switching to generate a carrier signal, calling interface functions of QueryPerformancefrequency () and the like to generate a signal frequency required by a modulation signal, and realizing CPU electromagnetic leakage through CPU bus radiation leakage emission. And receiving by using AM demodulation equipment, searching typical frequency points, searching carrier frequency of leakage information, sending the demodulated and converted signal to analysis equipment, extracting and storing leakage characteristics of the CPU bus by the analysis equipment, presenting changes such as amplitude and intensity of the leakage signal, or restoring the leakage information carried by the CPU bus to present more intuitive loopholes according to the detected changes such as the amplitude and the intensity of the leakage signal, namely finishing the electromagnetic loophole detection of the CPU bus of the computer. The computer CPU electromagnetic leak detection method can be used for detecting the electromagnetic leak level of a computer CPU bus and the threat of electromagnetic information leakage, and can also be used for detecting the electromagnetic information leakage safety protection capability of a computer mainboard or a computer complete machine.
After the electromagnetic signal active activation terminal software related to the computer electromagnetic vulnerability active detection method sends a file start mark (signal frequency: 646Hz), the character content in the leakage file is sent in sequence according to 0/1bit codes (the signal frequency is 754Hz and 861Hz respectively), and after the file content is sent, a file end mark (646Hz) is sent.
The foregoing is illustrative of the preferred embodiments of this invention, and it is to be understood that the invention is not limited to the precise form disclosed herein and that various other combinations, modifications, and environments may be resorted to, falling within the scope of the concept as disclosed herein, either as described above or as apparent to those skilled in the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. An electromagnetic vulnerability active detection system for a physical isolation computer is characterized by comprising electromagnetic signal active excitation end software, a receiving device and an analysis device;
the electromagnetic signal active excitation terminal software runs on a tested computer, simulates various behaviors or operations, actively excites a regular leakage signal with signal modulation capability, encodes sensitive information in the tested computer into 0/1 bits, and adjusts leakage characteristics as parameter input; the simulation of various behaviors or operations mainly reads sensitive information by calling different control interfaces or data writing interfaces on a tested computer and generates sound leakage, light leakage and electromagnetic leakage with corresponding characteristics;
the receiving equipment receives the actively excited leakage signal and sends the leakage signal to the analyzing equipment, and the receiving equipment comprises a computer sound card, an optical sensor and AM demodulation equipment;
the analysis equipment can realize extraction, storage and change presentation of the leakage characteristics of the tested computer, or restore leakage information, and realize more visual vulnerability presentation.
2. The active detection system for electromagnetic vulnerabilities of a physically isolated computer of claim 1, wherein one or some kind of vulnerabilities can be detected individually or all vulnerabilities can be detected by cyclic scanning:
for certain or some types of loopholes, the electromagnetic signal active excitation end software generates sound leakage, light leakage or electromagnetic leakage with corresponding characteristics by calling an interface corresponding to the loophole to be detected on a detected computer, and sends the sound leakage, the light leakage or the electromagnetic leakage to the analysis equipment through the receiving equipment, and when the analysis equipment presents changed leakage characteristics or the analysis equipment presents changed leakage characteristics and restores information, the loophole detection is completed;
for cyclic scanning and detecting all loopholes, firstly, determining a corresponding leakage path in the electromagnetic signal active excitation end software, and then determining the corresponding leakage paths in the corresponding receiving equipment and the corresponding analysis equipment; and then selecting a vulnerability detection method corresponding to the leakage path for detection, and after the vulnerability detection is completed, repeating the vulnerability detection step to select other vulnerabilities for detection until all vulnerability detections are completed.
3. The active detection system for electromagnetic holes of a physically isolated computer of claim 1, wherein the acoustic leak comprises a fan vibration leak, a speaker or buzzer ultrasonic leak;
and (3) vibration leakage of the fan: the electromagnetic signal active excitation end software encodes sensitive information in a tested computer into 0/1 bits as parameter input by controlling a fan rotating speed interface control interface FANCONTROL type and calling a SetFan interface thereof to regulate the rotating speed of a computer cooling fan, cavity resonance around the fan is caused by controlling the change of the rotating speed of the computer fan to generate sound waves with ultrasonic frequency, and frequency signals generated by different rotating speeds of the fan are modulated onto ultrasonic carrier waves, so that the vibration leakage of the fan is realized;
loudspeaker or buzzer ultrasonic leakage: the electromagnetic signal active excitation terminal software is used for coding sensitive information inside a computer to be tested into 0/1 bits as parameter input by calling a waveOut/Beep/DirectSound interface function or a modulated modulation function, a bandp filtering function and a sound card output function in matlab to adjust the characteristic of computer loudspeaker sounding, coding the sensitive information inside the computer to be tested into 0/1 bits as parameter input by calling the Beep interface function to adjust the characteristic of computer buzzer sounding, generating sound waves with ultrasonic frequency by controlling the sounding of the computer loudspeaker or the buzzer, and modulating the carrier waves by signals to realize the ultrasonic leakage of the loudspeaker or the buzzer.
4. The active detection system for electromagnetic holes of a physically isolated computer according to claim 1, wherein the light leakage comprises screen light leakage and hard disk indicator light leakage;
screen light leakage: the electromagnetic signal active excitation terminal software utilizes a brightness adjusting interface CGamaRamp class and calls a SetBerghtness interface thereof to code sensitive information in the tested computer into 0/1 bits as parameter input to adjust the screen brightness or the intensity of a backlight signal, and screen light leakage is realized by controlling the weak change of the screen brightness of the tested computer;
hard disk indicator lamp leakage: the electromagnetic signal actively activates the end software, sensitive information in the computer to be tested is coded into 0/1 bits as parameter input by calling a read data interface ReadFile to adjust the frequency of the periodic flicker of the indicator light, and the leakage of the hard disk indicator light is realized by controlling the frequency change of the flicker of the hard disk indicator light of the computer to be tested.
5. The active detection system for electromagnetic leaks of physically isolated computers according to claim 1, wherein the electromagnetic leaks include serial port electromagnetic leaks, screen electromagnetic leaks, CPU electromagnetic leaks;
electromagnetic leakage of the serial port: the electromagnetic signal active excitation terminal software utilizes serial port communication to encode sensitive information in a tested computer into 0/1 bits through a serial port connecting line interface to be used as parameter input to adjust the characteristic of serial port electromagnetic leakage, and the serial port electromagnetic leakage is realized through serial port radiation leakage emission or through serial port line and power line conduction leakage emission;
electromagnetic leakage of the screen: the electromagnetic signal active excitation end software encodes sensitive information in a tested computer into 0/1 bits by using an SDL _ FillRect interface function and a pixelhen interface function as parameter input to dynamically adjust the electromagnetic leakage characteristic period of a computer display screen, and realizes screen electromagnetic leakage through display screen radiation leakage emission or through related VGA cable and power line conduction leakage emission;
electromagnetic leakage of the CPU: the electromagnetic signal actively activates the end software, and sensitive information in a tested computer is encoded into 0/1 bits as parameter input by calling an _ mm _ stream _ si128 interface function and a QueryPerformancefrequency interface function so as to dynamically adjust the characteristic cycle of CPU electromagnetic leakage; the method comprises the steps of calling a _ mm _ stream _ si128 interface function to perform write operation switching to generate a carrier signal, calling a QueryPerformancefrequency interface function to generate a signal frequency required by a modulation signal, and realizing CPU electromagnetic leakage through CPU bus radiation leakage emission.
6. An active detection method of electromagnetic vulnerability for a physically isolated computer, comprising:
actively exciting a regular leakage signal with signal modulation capability, coding sensitive information in a tested computer into 0/1 bits, and using the coded sensitive information as parameter input to adjust leakage characteristics; reading sensitive information by calling different control interfaces or data writing interfaces on a tested computer, and generating sound leakage, light leakage and electromagnetic leakage with corresponding characteristics;
receiving the actively excited leakage signal by using receiving equipment, wherein the receiving equipment comprises a computer sound card, an optical sensor and AM demodulation equipment;
and the leakage characteristics of the computer to be detected are extracted, stored and changed, or the leakage information is restored, so that more visual vulnerability presentation is realized.
7. The active detection method of electromagnetic vulnerabilities for physically isolated computers according to claim 6, wherein for a vulnerability or vulnerabilities detection: generating sound leakage, light leakage or electromagnetic leakage with corresponding characteristics by calling an interface corresponding to the loophole to be detected on the computer to be detected, receiving and analyzing the sound leakage, the light leakage or the electromagnetic leakage, and finishing loophole detection when the changed leakage characteristics appear or the changed leakage characteristics appear and information is restored;
and circularly scanning and detecting all vulnerabilities, firstly determining a leakage path, then selecting a vulnerability detection method corresponding to the leakage path for detection, and after the vulnerability detection is finished, repeating the vulnerability detection step to select other vulnerabilities for detection until all vulnerability detections are finished.
8. The active detection method of electromagnetic holes for physically isolated computers according to claim 6, wherein the acoustic leakage comprises a fan vibration leakage, a speaker or buzzer ultrasonic leakage;
the method for generating the vibration leakage of the fan comprises the following steps: the fan rotating speed interface control interface FANCONTROL type is used for calling a SetFan interface to encode sensitive information in a tested computer into 0/1 bits as parameter input to adjust the rotating speed of a computer cooling fan, cavity resonance around the fan is caused by controlling the change of the rotating speed of the computer fan, sound waves with ultrasonic frequency are generated, frequency signals generated by different rotating speeds of the fan are modulated onto ultrasonic carriers, and therefore vibration leakage of the fan is achieved;
the method for generating the ultrasonic leakage of the loudspeaker or the buzzer comprises the following steps: calling a waveOut/Beep/direct sound interface function, or a modulated modulation function, a bandp filtering function and a sound card output function in matlab to encode sensitive information in a tested computer into 0/1 bits as parameter input to adjust the characteristic of computer loudspeaker sounding, encoding the sensitive information in the tested computer into 0/1 bits as parameter input to adjust the characteristic of computer buzzer sounding by calling the Beep interface function, generating sound waves of ultrasonic frequency by controlling the computer loudspeaker or the buzzer sounding, and modulating the carrier wave by signals to realize the ultrasonic leakage of the loudspeaker or the buzzer.
9. The active detection method of electromagnetic holes for physically isolated computers according to claim 6, wherein the light leakage includes screen light leakage and hard disk indicator light leakage;
the generation method of screen light leakage comprises the following steps: encoding sensitive information inside a tested computer into 0/1 bits as parameter input by utilizing a CGamaRamp type of a brightness adjusting interface and calling a SetBerghtness interface of the CGamaRamp type to adjust the screen brightness or the intensity of a backlight signal, and realizing screen light leakage by controlling the weak change of the screen brightness of the tested computer;
the method for generating the leakage of the hard disk indicator lamp comprises the following steps: sensitive information inside the computer to be tested is coded into 0/1 bits as parameter input by calling a read data interface ReadFile to adjust the frequency of the periodical flicker of the indicator light, and the leakage of the hard disk indicator light is realized by controlling the frequency change of the flicker of the hard disk indicator light of the computer to be tested.
10. The active detection method of electromagnetic leaks for physically isolated computers according to claim 6, wherein the electromagnetic leaks include serial port electromagnetic leaks, screen electromagnetic leaks, and CPU electromagnetic leaks;
the method for generating the electromagnetic leakage of the serial port comprises the following steps: by using serial port communication, sensitive information in a tested computer is coded into 0/1 bits through a serial port connecting wire interface to be used as parameter input to adjust the characteristic of serial port electromagnetic leakage, and the serial port electromagnetic leakage is realized through serial port radiation leakage emission or through serial port wire and power line conduction leakage emission;
the method for generating the electromagnetic leakage of the screen comprises the following steps: the method comprises the steps that sensitive information in a tested computer is coded into 0/1 bits as parameter input by using an SDL _ FillRect interface function and a pixelhen interface function, so that the electromagnetic leakage characteristic period of a computer display screen is dynamically adjusted, and the electromagnetic leakage of the screen is realized through radiation leakage emission of the display screen or conduction leakage emission of a related VGA cable and a power line;
the CPU electromagnetic leakage generation method comprises the following steps: sensitive information inside a tested computer is encoded into 0/1 bits as parameter input by calling a _ mm _ stream _ si128 interface function and a QueryPerformancefrequency interface function, so that the characteristic cycle of CPU electromagnetic leakage is dynamically adjusted; the method comprises the steps of calling a _ mm _ stream _ si128 interface function to perform write operation switching to generate a carrier signal, calling a QueryPerformancefrequency interface function to generate a signal frequency required by a modulation signal, and realizing CPU electromagnetic leakage through CPU bus radiation leakage emission.
CN202010629600.XA 2020-07-03 2020-07-03 Active electromagnetic vulnerability detection system and method for physically isolated computer Active CN111949988B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010629600.XA CN111949988B (en) 2020-07-03 2020-07-03 Active electromagnetic vulnerability detection system and method for physically isolated computer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010629600.XA CN111949988B (en) 2020-07-03 2020-07-03 Active electromagnetic vulnerability detection system and method for physically isolated computer

Publications (2)

Publication Number Publication Date
CN111949988A true CN111949988A (en) 2020-11-17
CN111949988B CN111949988B (en) 2022-04-22

Family

ID=73336944

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010629600.XA Active CN111949988B (en) 2020-07-03 2020-07-03 Active electromagnetic vulnerability detection system and method for physically isolated computer

Country Status (1)

Country Link
CN (1) CN111949988B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114117435A (en) * 2021-12-12 2022-03-01 中国电子科技集团公司第十五研究所 Isolation channel perception and vulnerability testing method

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030083831A1 (en) * 2001-11-01 2003-05-01 International Business Machines Corporation System and method for evaluating electromagnetic emanation vulnerabilities of computing systems
CN101283258A (en) * 2005-10-12 2008-10-08 空中客车德国有限公司 Leak detector
CN107293081A (en) * 2016-04-01 2017-10-24 北京中密安信息安全技术有限公司 Environmental security appraisal procedure and device
CN108267647A (en) * 2017-12-19 2018-07-10 中国电子科技网络信息安全有限公司 A kind of detection method and device of power supply conduction electromagnetic leakage protection
CN108337207A (en) * 2017-01-19 2018-07-27 中安工控(北京)科技有限公司 A kind of wooden horse threat detection method based on electromagnetic exposure
CN108680796A (en) * 2018-05-17 2018-10-19 集美大学 Electromagnetic information leakage detecting system and method for computer display
CN108830089A (en) * 2018-05-16 2018-11-16 哈尔滨工业大学 The Initiative Defence System that electromagnetic radiation information leaks in high frequency data transfer
CN110163099A (en) * 2019-04-17 2019-08-23 中国电子科技网络信息安全有限公司 A kind of abnormal behaviour identification device and method based on electromagnetic leakage signal
CN110688652A (en) * 2019-08-30 2020-01-14 中国电子科技网络信息安全有限公司 USB micro electromagnetic leakage signal source
CN110784484A (en) * 2019-11-06 2020-02-11 北京计算机技术及应用研究所 Filtering device with carrier monitoring function

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030083831A1 (en) * 2001-11-01 2003-05-01 International Business Machines Corporation System and method for evaluating electromagnetic emanation vulnerabilities of computing systems
CN101283258A (en) * 2005-10-12 2008-10-08 空中客车德国有限公司 Leak detector
CN107293081A (en) * 2016-04-01 2017-10-24 北京中密安信息安全技术有限公司 Environmental security appraisal procedure and device
CN108337207A (en) * 2017-01-19 2018-07-27 中安工控(北京)科技有限公司 A kind of wooden horse threat detection method based on electromagnetic exposure
CN108267647A (en) * 2017-12-19 2018-07-10 中国电子科技网络信息安全有限公司 A kind of detection method and device of power supply conduction electromagnetic leakage protection
CN108830089A (en) * 2018-05-16 2018-11-16 哈尔滨工业大学 The Initiative Defence System that electromagnetic radiation information leaks in high frequency data transfer
CN108680796A (en) * 2018-05-17 2018-10-19 集美大学 Electromagnetic information leakage detecting system and method for computer display
CN110163099A (en) * 2019-04-17 2019-08-23 中国电子科技网络信息安全有限公司 A kind of abnormal behaviour identification device and method based on electromagnetic leakage signal
CN110688652A (en) * 2019-08-30 2020-01-14 中国电子科技网络信息安全有限公司 USB micro electromagnetic leakage signal source
CN110784484A (en) * 2019-11-06 2020-02-11 北京计算机技术及应用研究所 Filtering device with carrier monitoring function

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
GUAN TIANMIN 等: "Electromagnetic Information Leakage Classification Detection Method for Computer Display Equipment Based on Machine Learning", 《2019 3RD INTERNATIONAL CONFERENCE ON ELECTRONIC INFORMATION TECHNOLOGY AND COMPUTER ENGINEERING (EITCE)》 *
刘文斌 等: "物理隔离网络电磁漏洞研究", 《强激光与粒子束》 *
刘耀祖: "短波中频数字化接收机设计与实现", 《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114117435A (en) * 2021-12-12 2022-03-01 中国电子科技集团公司第十五研究所 Isolation channel perception and vulnerability testing method

Also Published As

Publication number Publication date
CN111949988B (en) 2022-04-22

Similar Documents

Publication Publication Date Title
US11450324B2 (en) Method of defending against inaudible attacks on voice assistant based on machine learning
Guri et al. USBee: Air-gap covert-channel via electromagnetic emission from USB
RU2573225C2 (en) Method and system for near field communication
KR20140143839A (en) Method for malicious activity detection in a mobile station
CN104270760A (en) Method and device for identifying pseudo base station
CN111949988B (en) Active electromagnetic vulnerability detection system and method for physically isolated computer
KR20110128632A (en) Method and device for detecting malicious action of application program for smartphone
WO2022247301A1 (en) Testing method, graphical interface and related apparatus
KR102180098B1 (en) A malware detecting system performing monitoring of malware and controlling a device of user
CN114172703A (en) Malicious software identification method, device and medium
Guri Exfiltrating data from air-gapped computers via ViBrAtIoNs
CN103034810B (en) A kind of detection method, device and electronic equipment
CN103984697A (en) Barcode information processing method, device and system
CN113641988B (en) Sandbox initialization method, graphical interface and related device
Agrawal et al. Android malware detection using machine learning
Guri Gairoscope: Leaking data from air-gapped computers to nearby smartphones using speakers-to-gyro communication
Qi et al. Privacy leaks when you play games: A novel user-behavior-based covert channel on smartphones
Duan et al. Privacy threats of acoustic covert communication among smart mobile devices
KR20110129020A (en) Malicious code prevention system using code analysis technique and method for operating the system
CN103853980A (en) Safety prompting method and device
CN113515744A (en) Malicious document detection method, device and system, electronic device and storage medium
CN104252598A (en) Method and device for detecting application bugs
Hegarty et al. Deep learning for spectrum awareness and covert communications via unintended rf emanations
Hellemans et al. FOCUS: Frequency Based Detection of Covert Ultrasonic Signals
Liu et al. Optical, Acoustic and Electromagnetic Vulnerability Detection for Information Security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant