Research article Special Issues

Exfiltrating data from an air-gapped system through a screen-camera covert channel

  • Received: 30 March 2019 Accepted: 29 July 2019 Published: 16 August 2019
  • In recent years, many methods of exfiltrating information from air-gapped systems, including electromagnetic, thermal, acoustic and optical covert channels, have been proposed. However, as a typical optical channel, the screen-camera method has rarely been considered; it is less covert because it is visible to humans. In this paper, inspired by the rapid upgrades of cameras and monitors, we propose an air-gapped screen-camera covert channel with decreased perceptibility that is suitable for complex content. Our method exploits the characteristics of the human vision system (HVS) and embeds quick response (QR) codes containing sensitive data in the displayed frames. This slight modification of the frames cannot be sensed by the HVS but can be recorded by the cameras. Then, using certain image processing techniques, we reconstruct the QR codes to some degree and extract the secret data with a certain level of robustness due to the error correction capacity of QR codes. In the scenario to which our method applies, we assume that a program has been installed in the target system and has the authority to modify the frames without affecting the normal operations of valid users. Cameras, such as web cameras, surveillance cameras and smartphone cameras, can be receivers in our method. We illustrate the applicability of our method to frames with complex content using several different cover images. Experiments involving different angles between the screen and the camera were conducted to highlight the feasibility of our method with angles of 0°,15° and 30° .

    Citation: Longlong Li, Yuliang Lu, Xuehu Yan, Dingwei Tan. Exfiltrating data from an air-gapped system through a screen-camera covert channel[J]. Mathematical Biosciences and Engineering, 2019, 16(6): 7458-7476. doi: 10.3934/mbe.2019374

    Related Papers:

    [1] Longxing Qi, Shoujing Tian, Jing-an Cui, Tianping Wang . Multiple infection leads to backward bifurcation for a schistosomiasis model. Mathematical Biosciences and Engineering, 2019, 16(2): 701-712. doi: 10.3934/mbe.2019033
    [2] Yingke Li, Zhidong Teng, Shigui Ruan, Mingtao Li, Xiaomei Feng . A mathematical model for the seasonal transmission of schistosomiasis in the lake and marshland regions of China. Mathematical Biosciences and Engineering, 2017, 14(5&6): 1279-1299. doi: 10.3934/mbe.2017066
    [3] Chunhua Shan, Hongjun Gao, Huaiping Zhu . Dynamics of a delay Schistosomiasis model in snail infections. Mathematical Biosciences and Engineering, 2011, 8(4): 1099-1115. doi: 10.3934/mbe.2011.8.1099
    [4] Conrad Ratchford, Jin Wang . Multi-scale modeling of cholera dynamics in a spatially heterogeneous environment. Mathematical Biosciences and Engineering, 2020, 17(2): 948-974. doi: 10.3934/mbe.2020051
    [5] Kazeem Oare Okosun, Robert Smith? . Optimal control analysis of malaria-schistosomiasis co-infection dynamics. Mathematical Biosciences and Engineering, 2017, 14(2): 377-405. doi: 10.3934/mbe.2017024
    [6] Wahyudin Nur, Trisilowati, Agus Suryanto, Wuryansari Muharini Kusumawinahyu . Schistosomiasis model with treatment, habitat modification and biological control. Mathematical Biosciences and Engineering, 2022, 19(12): 13799-13828. doi: 10.3934/mbe.2022643
    [7] Maghnia Hamou Maamar, Matthias Ehrhardt, Louiza Tabharit . A nonstandard finite difference scheme for a time-fractional model of Zika virus transmission. Mathematical Biosciences and Engineering, 2024, 21(1): 924-962. doi: 10.3934/mbe.2024039
    [8] Long-xing Qi, Yanwu Tang, Shou-jing Tian . Parameter estimation of modeling schistosomiasis transmission for four provinces in China. Mathematical Biosciences and Engineering, 2019, 16(2): 1005-1020. doi: 10.3934/mbe.2019047
    [9] Yuyi Xue, Yanni Xiao . Analysis of a multiscale HIV-1 model coupling within-host viral dynamics and between-host transmission dynamics. Mathematical Biosciences and Engineering, 2020, 17(6): 6720-6736. doi: 10.3934/mbe.2020350
    [10] Xinli Hu, Wenjie Qin, Marco Tosato . Complexity dynamics and simulations in a discrete switching ecosystem induced by an intermittent threshold control strategy. Mathematical Biosciences and Engineering, 2020, 17(3): 2164-2178. doi: 10.3934/mbe.2020115
  • In recent years, many methods of exfiltrating information from air-gapped systems, including electromagnetic, thermal, acoustic and optical covert channels, have been proposed. However, as a typical optical channel, the screen-camera method has rarely been considered; it is less covert because it is visible to humans. In this paper, inspired by the rapid upgrades of cameras and monitors, we propose an air-gapped screen-camera covert channel with decreased perceptibility that is suitable for complex content. Our method exploits the characteristics of the human vision system (HVS) and embeds quick response (QR) codes containing sensitive data in the displayed frames. This slight modification of the frames cannot be sensed by the HVS but can be recorded by the cameras. Then, using certain image processing techniques, we reconstruct the QR codes to some degree and extract the secret data with a certain level of robustness due to the error correction capacity of QR codes. In the scenario to which our method applies, we assume that a program has been installed in the target system and has the authority to modify the frames without affecting the normal operations of valid users. Cameras, such as web cameras, surveillance cameras and smartphone cameras, can be receivers in our method. We illustrate the applicability of our method to frames with complex content using several different cover images. Experiments involving different angles between the screen and the camera were conducted to highlight the feasibility of our method with angles of 0°,15° and 30° .




    [1] M. G. Kuhn and R. J. Anderson, Soft tempest: Hidden data transmission using electromagnetic emanations, International Workshop on Information Hiding, 1998, 124–142. Available from: https://link.springer.com/chapter/10.1007/3-540-49380-8 10.
    [2] M. Guri, G. Kedma, A. Kachlon, et al., Air hopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies, Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software: The Americas (MALWARE), 2014, 58–67. Available from: https://ieeexplore.ieee.org/abstract/document/6999418/.
    [3] M. Guri, A. Kachlon, O. Hasson, et al., GSMem: Data exfiltration from air-gapped computers over GSM frequencies, 24th USENIX Security Symposium (USENIX Security 15), 2015, 849–864. Available from: https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/guri.
    [4] M. Guri, M. Monitz and Y. Elovici, USBee: Air-gap covert-channel via electromagnetic emission from USB, 2016 14th Annual Conference on Privacy, Security and Trust (PST), 2016, 264–268. Available from: https://ieeexplore.ieee.org/abstract/document/7906972.
    [5] S. O'Malley and K.-K. Choo, Bridging the air gap: Inaudible data exfiltration by insiders, 20th Americas Conference on Information Systems (AMCIS 2014), 2014. Available from: https://papers.ssrn.com/sol3/papers.cfm?abstract id=2431593.
    [6] E. Lee, H. Kim and W. Y. Ji, Various threat models to circumvent air-gapped systems for preventing network attack, International workshop on information security applications, 2015. Available from: https://link.springer.com/chapter/10.1007/978-3-319-31875-2 16citeas.
    [7] M. Guri, Y. Solewicz, A. Daidakulov, et al., Fansmitter: Acoustic data exfiltration from (speakerless) air-gapped computers, arXiv preprint arXiv, (2016).
    [8] M. Guri, Y. A. Solewicz, A. Daidakulov, et al., Diskfiltration: Data exfiltration from speakerless air-gapped computers via covert hard drive noise, 98–115. arXiv preprint arXiv: 1608.03431, (2016).
    [9] M. Guri, M. Monitz, Y. Mirski, et al., Bitwhisper: Covert signaling channel between air- gapped computers using thermal manipulations, 2015 IEEE 28th Computer Security Foundations Symposium, 2015. Available from: https://ieeexplore.ieee.org/abstract/document/7243739.
    [10] Y. Mirsky, M. Guri and Y. Elovici, Hvacker: Bridging the air-gap by manipulating the environment temperature, Magdeburger J. zur Sicherheitsforschung, 14 (2017), 815–829.
    [11] V. Sepetnitsky, M. Guri and Y. Elovici, Exfiltration of information from air-gapped machines using monitor's LED indicator, 2014 IEEE Joint Intelligence and Security Informatics Conference,IEEE, 2014, 264–267. Available from: https://ieeexplore.ieee.org/abstract/document/6975588.
    [12] A. Lopes and D. Aranha, Platform-agnostic low-intrusion optical data exfiltration, 3rd International Conference on Information Systems Security and Privacy (ICISSP 2017), 2017, 474–480. Available from: http://dx.doi.org/10.5220/0006211504740480.
    [13] M. Guri, B. Zadov and Y. Elovici, LED-it-GO: Leaking (a lot of) data from air-gapped computers via the (small) hard drive LED, International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 2017, 161–184. Available from: http://arxiv.org/abs/1702.06715.
    [14] M. Guri, B. Zadov, A. Daidakulov, et al., xLED: Covert data exfiltration from air-gapped networks via router leds, arXiv preprint arXiv, (2017).
    [15] Z. Zheng, W. Zhang, Z. Yang et al., Exfiltration of data from air-gapped networks via unmodulated led status indicators, arXiv preprint arXiv, (2017).
    [16] M. Guri, D. Bykhovsky and Y. Elovici, Air-jumper: Covert air-gap exfiltration/infiltration via security cameras & infrared (IR), Comput. Secur., 82 (2019), 15–29.
    [17] K. Jo, M. Gupta and S. K. Nayar, DisCo: Display-Camera Communication Using Rolling Shutter Sensors, ACM Trans. Graphics., 35 (2016), 1–13.
    [18] H. Hao, L. Rujun, Q. Guolei et al., Covert-optical transmission channel based on LED display, Commun. Technol., 51 (2018), 1689–1693.
    [19] M. Guri, O. Hasson, G. Kedma, et al., An optical covert-channel to leak data through an air-gap 2016 14th Annual Conference on Privacy, Security and Trust (PST), IEEE, 2016. Available from: https://ieeexplore.ieee.org/document/7906933.
    [20] Kolb Helga, Much of the construction of an image takes place in the retina itself through the use of specialized neural circuits, in How the Retina Works, American Scientist, (2003), 28–35.
    [21] J. L. Ecker, G. S. Lall, S. Haq, et al., Melanopsin cells are the principal conduits for rod cone input to non-image-forming vision, Nature, 7191 (2008), 102–106.
    [22] G. Buchsbaum, An Analytical Derivation of Visual Nonlinearity IEEE Trans. Biomed. Eng.,5(1980), 237–242.
    [23] D. Mandal, K. Panetta and S. Agaian, Human visual system inspired object detection and recognition, 2012 IEEE International Conference on Technologies for Practical Robot Applications (TePRA), IEEE, 2012, 145–150. Available from:http://dx.doi.org/10.1109/TePRA.2012.6215669.
    [24] E. Simonson and J. Brozek, Flicker fusion frequency; background and applications, Physiol. Rev., 32 (1952), 349–378.
    [25] S. D. Perli, N. Ahmed and D. Katabi, PixNet: Interference-free wireless links using LCD-camera pairs, 16th Annual Conference on Mobile Computing and Networking, MobiCom 2010 (2010), 1952, 137–148. Available from: http://dx.doi.org 10.1145/1859995.1860012.
    [26] T. Hao, R. Zhou and G. Xing, COBRA: Color barcode streaming for smartphone systems, Proceedings of the 10th international conference on Mobile systems, applications, and services, ACM, 2012, 85–98. Available from: http://dx.doi.org/10.1145/2307636.2307645.
    [27] W. Hu, Lightsync: Unsynchronized visual communication over screen-camera links, Proceedings of the 19th annual international conference on Mobile computing & networking, ACM, 2013, 15–26. Available from: http://dx.doi.org/10.1145/2500423.2500437.
    [28] T. Li, C. An, X. Xiao, et al., Real-time screen-camera communication behind any scene Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services, ACM, 2015, 197–211. Available from: http://dx.doi.org/10.1145/2742647.2742667.
    [29] A. Wang, C. Peng, O. Zhang, et al., InFrame: Multiflexing full-frame visible communication channel for humans and devices, Proceedings of the 13th ACM Workshop on Hot Topics in Networks, ACM, 2014. Available from: http://dx.doi.org/10.1145/2670518.2673867.
    [30] A. Wang, Z. Li, C. Peng, et al., Inframe++: Achieve simultaneous screen-human viewing and hidden screen-camera communication, Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services, ACM, 2015, 181-195. Available from: http://dx.doi.org/10.1145/2742647.2742652.
    [31] A. Costin, Security of cctv and video surveillance systems: Threats, vulnerabilities, attacks, and mitigations, Proceedings of the 6th international workshop on trustworthy embedded devices, ACM, 2016.Available from: https://dl.acm.org/citation.cfm?id=2995290.
  • This article has been cited by:

    1. Chunxiao Ding, Yun Sun, Yuanguo Zhu, A schistosomiasis compartment model with incubation and its optimal control, 2017, 40, 01704214, 5079, 10.1002/mma.4372
    2. Chunxiao Ding, Nana Tao, Yun Sun, Yuanguo Zhu, The effect of time delays on transmission dynamics of schistosomiasis, 2016, 91, 09600779, 360, 10.1016/j.chaos.2016.06.017
    3. Chunxiao Ding, Wenjian Liu, Yun Sun, Yuanguo Zhu, A delayed Schistosomiasis transmission model and its dynamics, 2019, 118, 09600779, 18, 10.1016/j.chaos.2018.11.005
    4. Tailei Zhang, Xiao-Qiang Zhao, Mathematical Modeling for Schistosomiasis with Seasonal Influence: A Case Study in Hubei, China, 2020, 19, 1536-0040, 1438, 10.1137/19M1280259
    5. M. A. Aziz-Alaoui, Jean M.-S. Lubuma, Berge Tsanou, Prevalence-based modeling approach of schistosomiasis: global stability analysis and integrated control assessment, 2021, 40, 2238-3603, 10.1007/s40314-021-01414-9
    6. François M. Castonguay, Susanne H. Sokolow, Giulio A. De Leo, James N. Sanchirico, Cost-effectiveness of combining drug and environmental treatments for environmentally transmitted diseases, 2020, 287, 0962-8452, 20200966, 10.1098/rspb.2020.0966
    7. Chunxiao Ding, Yun Sun, Yuanguo Zhu, A NN-Based Hybrid Intelligent Algorithm for a Discrete Nonlinear Uncertain Optimal Control Problem, 2017, 45, 1370-4621, 457, 10.1007/s11063-016-9536-8
    8. Xi-Chao Duan, I Hyo Jung, Xue-Zhi Li, Maia Martcheva, Dynamics and optimal control of an age-structured SIRVS epidemic model, 2020, 43, 01704214, 4239, 10.1002/mma.6190
    9. Zhipeng Qiu, Xuerui Wei, Chunhua Shan, Huaiping Zhu, Monotone dynamics and global behaviors of a West Nile virus model with mosquito demographics, 2020, 80, 0303-6812, 809, 10.1007/s00285-019-01442-4
    10. Tao Feng, Zhipeng Qiu, Yi Song, Global analysis of a vector-host epidemic model in stochastic environments, 2019, 356, 00160032, 2885, 10.1016/j.jfranklin.2019.01.033
    11. Yujiang Liu, Shujing Gao, Zhenzhen Liao, Di Chen, Dynamical behavior of a stage-structured Huanglongbing model with time delays and optimal control, 2022, 156, 09600779, 111830, 10.1016/j.chaos.2022.111830
    12. S. KADALEKA, S. ABELMAN, P. M. MWAMTOBE, J. M. TCHUENCHE, OPTIMAL CONTROL ANALYSIS OF A HUMAN–BOVINE SCHISTOSOMIASIS MODEL, 2021, 29, 0218-3390, 1, 10.1142/S0218339021500017
    13. Linghui Yu, Zhipeng Qiu, Ting Guo, Modeling the effect of activation of CD4+ T cells on HIV dynamics, 2022, 27, 1531-3492, 4491, 10.3934/dcdsb.2021238
    14. Chinwendu E. Madubueze, Z. Chazuka, I. O. Onwubuya, F. Fatmawati, C. W. Chukwu, On the mathematical modeling of schistosomiasis transmission dynamics with heterogeneous intermediate host, 2022, 8, 2297-4687, 10.3389/fams.2022.1020161
    15. Lei Shi, Longxing Qi, Dynamic analysis and optimal control of a class of SISP respiratory diseases, 2022, 16, 1751-3758, 64, 10.1080/17513758.2022.2027529
    16. Wei Wang, Robert Bergquist, Charles H. King, Kun Yang, Joanne P. Webster, Elimination of schistosomiasis in China: Current status and future prospects, 2021, 15, 1935-2735, e0009578, 10.1371/journal.pntd.0009578
    17. Liming Cai, Peixia Yue, Mini Ghosh, Xuezhi Li, Assessing the impact of agrochemicals on schistosomiasis transmission: A mathematical study, 2021, 14, 1793-5245, 10.1142/S1793524521500492
    18. Solomon Kadaleka, Shirley Abelman, Jean M. Tchuenche, A Human-Bovine Schistosomiasis Mathematical Model with Treatment and Mollusciciding, 2021, 69, 0001-5342, 511, 10.1007/s10441-021-09416-0
    19. Tailei Zhang, Xiao-Qiang Zhao, A multi-host schistosomiasis model with seasonality and time-dependent delays, 2023, 28, 1531-3492, 2927, 10.3934/dcdsb.2022198
    20. Xinjie Hao, Lin Hu, Linfei Nie, Stability and Global Hopf Bifurcation Analysis of a Schistosomiasis Transmission Model with Multi-Delays, 2025, 35, 0218-1274, 10.1142/S0218127425500397
    21. Lele Fan, Zhipeng Qiu, Qi Deng, Ting Guo, Libin Rong, Modeling SARS-CoV-2 Infection Dynamics: Insights into Viral Clearance and Immune Synergy, 2025, 87, 0092-8240, 10.1007/s11538-025-01442-0
    22. Yan Zhao, Qi Deng, Zhipeng Qiu, Ting Guo, Shigui Ruan, Modeling the Interaction of Cytotoxic T-Lymphocytes and Oncolytic Viruses in a Tumor Microenvironment, 2025, 85, 0036-1399, 983, 10.1137/23M1613608
    23. Chang-Yuan Cheng, Feng-Bin Wang, A nonlocal reaction-diffusion system modeling the Schistosomiasis transmission with multiple hosts and periodic delays, 2025, 91, 0303-6812, 10.1007/s00285-025-02238-5
  • Reader Comments
  • © 2019 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

Metrics

Article views(5175) PDF downloads(463) Cited by(1)

Article outline

Figures and Tables

Figures(9)  /  Tables(4)

Other Articles By Authors

/

DownLoad:  Full-Size Img  PowerPoint
Return
Return

Catalog