Visible to the public MagView: A Distributed Magnetic Covert Channel via Video Encoding and Decoding

TitleMagView: A Distributed Magnetic Covert Channel via Video Encoding and Decoding
Publication TypeConference Paper
Year of Publication2020
AuthorsZhang, J., Ji, X., Xu, W., Chen, Y.-C., Tang, Y., Qu, G.
Conference NameIEEE INFOCOM 2020 - IEEE Conference on Computer Communications
Date PublishedJuly 2020
ISBN Number978-1-7281-6412-0
KeywordsAir gaps, air-gap, air-gapped internal network, air-gapped networks, Central Processing Unit, composability, Computers, cover channels, covert channels, CPU utilization, Decoding, distributed magnetic covert channel, encoding, error statistics, Human Behavior, human factors, Image coding, information embedding, invasive software, magnetic cover channel, Magnetic separation, Magnetometers, Metrics, prototype MagView, pubcrawl, resilience, Resiliency, secret data, sensitive information, transmitter computer, video coding, video decoding, video encoding, video frame type, video quality degradation

Air-gapped networks achieve security by using the physical isolation to keep the computers and network from the Internet. However, magnetic covert channels based on CPU utilization have been proposed to help secret data to escape the Faraday-cage and the air-gap. Despite the success of such cover channels, they suffer from the high risk of being detected by the transmitter computer and the challenge of installing malware into such a computer. In this paper, we propose MagView, a distributed magnetic cover channel, where sensitive information is embedded in other data such as video and can be transmitted over the air-gapped internal network. When any computer uses the data such as playing the video, the sensitive information will leak through the magnetic covert channel. The "separation" of information embedding and leaking, combined with the fact that the covert channel can be created on any computer, overcomes these limitations. We demonstrate that CPU utilization for video decoding can be effectively controlled by changing the video frame type and reducing the quantization parameter without video quality degradation. We prototype MagView and achieve up to 8.9 bps throughput with BER as low as 0.0057. Experiments under different environment are conducted to show the robustness of MagView. Limitations and possible countermeasures are also discussed.

Citation Keyzhang_magview_2020