Air-Fuzz: Feasibility Analysis of Fuzzing-Based Side-Channel Information Leakage Attack in Air-Gapped Networks

Air-Fuzz: Feasibility Analysis of Fuzzing-Based Side-Channel Information Leakage Attack in Air-Gapped Networks

연구 분야: Analysis

학회: International Conference on Information Security Applications

As the number of cyberattacks via networks increases, air-gapped networks that are physically isolated from the Internet are recommended to protect systems and industrial facilities. However, previous research has highlighted the possibility of data exfiltration attacks in air-gapped environments by exploiting computer systems or peripheral devices. Consequently, research to identify potential attack types and vectors in air-gapped environments is required. This study proposes an attack model that uses fuzzing on Internet of Things connectivity devices to exfiltrate data within an air-gapped environment through side-channel signal patterns. We conducted an experiment to verify the feasibility of the attack model in a noisy channel and compared its performance with that of conventional attack models affected by interference and noise. By injecting Gaussian noise into wireless signals encoded with data, we compared the Bit Error Rate (BER) of the proposed attack model with that of conventional models. The BER of the proposed attack model was improved by approximately 59.43% compared with that of conventional attack models.