Research article Special Issues

Exfiltrating data from an air-gapped system through a screen-camera covert channel

  • In recent years, many methods of exfiltrating information from air-gapped systems, including electromagnetic, thermal, acoustic and optical covert channels, have been proposed. However, as a typical optical channel, the screen-camera method has rarely been considered; it is less covert because it is visible to humans. In this paper, inspired by the rapid upgrades of cameras and monitors, we propose an air-gapped screen-camera covert channel with decreased perceptibility that is suitable for complex content. Our method exploits the characteristics of the human vision system (HVS) and embeds quick response (QR) codes containing sensitive data in the displayed frames. This slight modification of the frames cannot be sensed by the HVS but can be recorded by the cameras. Then, using certain image processing techniques, we reconstruct the QR codes to some degree and extract the secret data with a certain level of robustness due to the error correction capacity of QR codes. In the scenario to which our method applies, we assume that a program has been installed in the target system and has the authority to modify the frames without affecting the normal operations of valid users. Cameras, such as web cameras, surveillance cameras and smartphone cameras, can be receivers in our method. We illustrate the applicability of our method to frames with complex content using several different cover images. Experiments involving different angles between the screen and the camera were conducted to highlight the feasibility of our method with angles of 0°,15° and 30° .

    Citation: Longlong Li, Yuliang Lu, Xuehu Yan, Dingwei Tan. Exfiltrating data from an air-gapped system through a screen-camera covert channel[J]. Mathematical Biosciences and Engineering, 2019, 16(6): 7458-7476. doi: 10.3934/mbe.2019374

    Related Papers:

    [1] Antonio Gagliano, Salvatore Giuffrida, Francesco Nocera, Maurizio Detommaso . Energy efficient measure to upgrade a multistory residential in a nZEB. AIMS Energy, 2017, 5(4): 601-624. doi: 10.3934/energy.2017.4.601
    [2] Afamia Elnakat, Juan D. Gomez, Martha Wright . A measure to manage approach to characterizing the energy impact of residential building stocks. AIMS Energy, 2016, 4(4): 574-588. doi: 10.3934/energy.2016.4.574
    [3] Hamza El Hafdaoui, Ahmed Khallaayoun, Kamar Ouazzani . Activity and efficiency of the building sector in Morocco: A review of status and measures in Ifrane. AIMS Energy, 2023, 11(3): 454-485. doi: 10.3934/energy.2023024
    [4] Hossam A. Gabbar, Ahmed Eldessouky, Jason Runge . Evaluation of renewable energy deployment scenarios for building energy management. AIMS Energy, 2016, 4(5): 742-761. doi: 10.3934/energy.2016.5.742
    [5] Sergio Copiello . Building energy efficiency: New challenges for incentive policies and sustainable business models. AIMS Energy, 2024, 12(2): 481-483. doi: 10.3934/energy.2024022
    [6] Theocharis Tsoutsos, Stavroula Tournaki, Maria Frangou, Marianna Tsitoura . Creating paradigms for nearly zero energy hotels in South Europe. AIMS Energy, 2018, 6(1): 1-18. doi: 10.3934/energy.2018.1.1
    [7] Fiona Bénard-Sora, Jean-Philippe Praene, Yatina Calixte . Assess the local electricity consumption: the case of Reunion island through a GIS based method. AIMS Energy, 2018, 6(3): 436-452. doi: 10.3934/energy.2018.3.436
    [8] Abanda F.Henry, Nkeng G.Elambo, Tah J.H.M., Ohandja E.N.Fabrice, Manjia M.Blanche . Embodied Energy and CO2 Analyses of Mud-brick and Cement-block Houses. AIMS Energy, 2014, 2(1): 18-40. doi: 10.3934/energy.2014.1.18
    [9] Zhongjiao Ma, Zichun Yan, Mingfei He, Haikuan Zhao, Jialin Song . A review of the influencing factors of building energy consumption and the prediction and optimization of energy consumption. AIMS Energy, 2025, 13(1): 35-85. doi: 10.3934/energy.2025003
    [10] Lamya Lairgi, Rachid Lagtayi, Yassir Lairgi, Abdelmajid Daya, Rabie Elotmani, Ahmed Khouya, Mohammed Touzani . Optimization of tertiary building passive parameters by forecasting energy consumption based on artificial intelligence models and using ANOVA variance analysis method. AIMS Energy, 2023, 11(5): 795-809. doi: 10.3934/energy.2023039
  • In recent years, many methods of exfiltrating information from air-gapped systems, including electromagnetic, thermal, acoustic and optical covert channels, have been proposed. However, as a typical optical channel, the screen-camera method has rarely been considered; it is less covert because it is visible to humans. In this paper, inspired by the rapid upgrades of cameras and monitors, we propose an air-gapped screen-camera covert channel with decreased perceptibility that is suitable for complex content. Our method exploits the characteristics of the human vision system (HVS) and embeds quick response (QR) codes containing sensitive data in the displayed frames. This slight modification of the frames cannot be sensed by the HVS but can be recorded by the cameras. Then, using certain image processing techniques, we reconstruct the QR codes to some degree and extract the secret data with a certain level of robustness due to the error correction capacity of QR codes. In the scenario to which our method applies, we assume that a program has been installed in the target system and has the authority to modify the frames without affecting the normal operations of valid users. Cameras, such as web cameras, surveillance cameras and smartphone cameras, can be receivers in our method. We illustrate the applicability of our method to frames with complex content using several different cover images. Experiments involving different angles between the screen and the camera were conducted to highlight the feasibility of our method with angles of 0°,15° and 30° .


    As far as the built environment is concerned, improving performance implies reasoning on multiple levels and taking action on a variety of elements in a building or a building unit. The expression building performance is a broad concept with no univocal definition in the literature, possibly because constructions are durable goods and complex systems. Forasmuch as building performance is difficult to define, it is also hard to evaluate. Early examples of building performance evaluation were developed in the US between the late sixties and the mid-seventies, leading authors to use the expression post-occupancy evaluation for the methodologies meant to evaluate building performance after their construction and occupation. More recently, the academic and professional debate has further evolved, expanding the research interest in performance evaluation to the whole building life-cycle [1,2].

    A broad research strand has long since focused on building performance from the perspective of energy saving and efficiency [3,4,5], especially concerning energy consumption from non-renewable sources, not least because of the implications in the matter of greenhouse gas emissions [6,7,8,9]. Over time, the research strand mentioned above branched out into several specific fields of study, some of which—among the primary ones—can be identified as follows: 1) building system optimization as well as integration of innovative technologies into the building and use of advanced and highly performing building materials [10,11]; 2) integration of passive systems and architectural design optimization concerning the characteristics that influence the most energy consumption, such as orientation and shape [12,13]. Nonetheless, the topic of building performance improvement is much broader, encompassing issues such as the home and workplace healthiness and safety [14,15,16], the comfort perceived by the users [17,18], and other aspects [19]. Actually, the attention paid by authors in the literature to the overall building performance increased earlier and faster than the focus on building energy efficiency, and is still growing stronger (Figure 1).

    Figure 1.  Occurrences of the expressions "building performance" and "building energy efficiency" in English books (source: Google Books Ngram Viewer, https://books.google.com/ngrams, last accessed 21.05.2024).

    In this position paper, we argue that two somewhat niche topics—whether the focus is on energy efficiency or other aspects shaping the notion of building performance—are deeply intertwined with the issue of improving that performance, and thus, they deserve greater attention. The first topic—discussed below in Section 2—is hinged upon the notion of budget constraint, which plays a crucial role in the decision-making processes on the construction of new buildings or the renovation of existing ones, as it significantly affects the planning and execution stages, as well as the outcomes. The second topic discussed later in Section 3 is related to operating in critical scenarios, meaning dealing with building performance improvement while facing problematic situations, such as rapidly developing demographic phenomena and other anthropological changes, for instance, overcrowding due to fast population growth and recurrent natural disasters such like sea level rise and flash flooding due to climate change.

    Economic issues are known to be tied to achievable levels of building performance [20]. The role played by economic parameters in shaping the viability of adopting efficiency measures is a case in point [21,22,23]. An additional case in point is represented by the examination of the financial incentives to push the adoption of efficiency measures, in addition to the rise and growth of innovative business models [24,25] to exploit those incentives in the building industry [26,27,28]. Another pertinent example is given in the studies dealing with the appraisal of the cost premium [29,30] and the price premium [31,32] of highly efficient buildings compared to conventional ones [33,34,35]. Nonetheless, the comparative analysis of the profitability of investing in high-performance constructions—whether performed through well-known cost-benefit or life-cycle cost models [36,37,38], or even novel economic and multi-criteria models [39,40]—often misses considering a second feasibility dimension, namely, the ability to meet a given budget constraint.

    The early literature on the topic explored a variety of market failures and barriers—such as imperfect and asymmetric information, bounded rationality, split incentives, transaction costs, and more [41,42,43]—that hinder the adoption of state-of-the-art and high-performance solutions in buildings. While the actual occurrence of all these barriers is disputed [44,45,46], consumers' and firms' spending ability is recognized as a barrier itself [47,48]. There is an inherent conflict - apparent and yet still partly neglected - between the substantial costs required to get high-performance buildings and the limited ability to incur capital expenditures by property owners and other investors (Figure 2). A budget constraint is seldom included in the evaluation of performance optimization measures to be adopted in new [49,50] and existing buildings [51]. Its consideration is largely connected with the use of analytical models derived from the life-cycle costing approach and the cost-optimal methodology [52,53]. It is additionally linked to the planning of maintenance and renovation actions of building elements according to their deterioration function in a couple of research papers [54,55], as well as used among the inputs in investment decision optimization tools concerning retrofit measures in multiple buildings in another couple of studies [56,57,58].

    Figure 2.  Economic optimum and budget constraint for capital expenditures (source: authors' study based on [5], page 1072, Figure 6).

    There is a case for arguing that the research on the investments meant to improve building energy efficiency—and building performance, more broadly—has been focused primarily in Western economies and developed countries [59]. Thus, it has predominantly advanced in the EU and US contexts [60] with a few other additional areas, following the adoption and implementation of targeted policies, codes, and regulations in those countries, as also shown by the International Energy Agency in its 2018 report (Figure 3). Only recently, the literature reported studies of efficiency and performance in the least-developed countries. Such studies are still limited to a small number [61,62].

    Figure 3.  (a) Building energy codes by jurisdiction (source: International Energy Agency, 2018, "Global Status Report Towards a zero-emission, efficient and resilient buildings and construction sector", https://www.iea.org, last accessed 21.05.2024). (b) Per capita GDP as of the year 2021 (source: World Bank, 2023, GDP per capita—dataset, World Development Indicators—original data, with minor processing by Our World in Data, https://ourworldindata.org/grapher/gdp-per-capita-worldbank, last accessed 21.05.2024).

    One of the issues with that lies in the lack of representativeness [63]. Western economies and developed countries hardly provide a comprehensive representation of the various situations the majority of the world's population faces, both in terms of rapidly evolving demographic phenomena— or other anthropological changes—and recurring natural disasters. We refer to them as critical scenarios. On the demographic and anthropological side, they include exponential population growth, fast rural-to-urban migration resulting in intensive land-use changes, overcrowding of urban areas, and other migratory movements with related shifts in needs and wants, tastes, and preferences [64,65,66]. On the environmental side, they also include sea level rise, flash flooding, drought, overheating, and desertification due to ongoing climate change, which represents a source of substantial risk for urban areas [67,68,69,70].

    Since many of the above-mentioned disruptive phenomena are bound to occur in developing and underdeveloped countries [71,72,73], the dynamic interplay between budget constraints and critical scenarios looks like an interesting field of study. From a normative analysis perspective, what strategies and tactics should be adopted to cope with limitations on spending power while simultaneously dealing with challenging situations? Also, from a positive analysis perspective, what actual actions do the affected people, households, and firms put into play? How much do critical scenarios worsen the burden of budget constraints, especially in large urban areas and in developing countries? Thus, how much does exposure to critical scenarios exacerbate budget constraints? How do budget constraints in critical scenarios interact with medium-to long-run policy goals as far as building performance is concerned? These are just a few instances of the research questions populating this field of inquiry.

    In the near future, we expect more and more studies to address the above research issues and, perhaps, other related research topics so as to start shedding light on this under-explored topic.

    This paper is meant as the opening of the special issue "Budget constraints in critical scenarios: challenges to improving building performance" in the journal AIMS Energy. Please see: https://www.aimspress.com/aimse/article/6744/special-articles.

    The authors declare no conflicts of interest.



    [1] M. G. Kuhn and R. J. Anderson, Soft tempest: Hidden data transmission using electromagnetic emanations, International Workshop on Information Hiding, 1998, 124–142. Available from: https://link.springer.com/chapter/10.1007/3-540-49380-8 10.
    [2] M. Guri, G. Kedma, A. Kachlon, et al., Air hopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies, Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software: The Americas (MALWARE), 2014, 58–67. Available from: https://ieeexplore.ieee.org/abstract/document/6999418/.
    [3] M. Guri, A. Kachlon, O. Hasson, et al., GSMem: Data exfiltration from air-gapped computers over GSM frequencies, 24th USENIX Security Symposium (USENIX Security 15), 2015, 849–864. Available from: https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/guri.
    [4] M. Guri, M. Monitz and Y. Elovici, USBee: Air-gap covert-channel via electromagnetic emission from USB, 2016 14th Annual Conference on Privacy, Security and Trust (PST), 2016, 264–268. Available from: https://ieeexplore.ieee.org/abstract/document/7906972.
    [5] S. O'Malley and K.-K. Choo, Bridging the air gap: Inaudible data exfiltration by insiders, 20th Americas Conference on Information Systems (AMCIS 2014), 2014. Available from: https://papers.ssrn.com/sol3/papers.cfm?abstract id=2431593.
    [6] E. Lee, H. Kim and W. Y. Ji, Various threat models to circumvent air-gapped systems for preventing network attack, International workshop on information security applications, 2015. Available from: https://link.springer.com/chapter/10.1007/978-3-319-31875-2 16citeas.
    [7] M. Guri, Y. Solewicz, A. Daidakulov, et al., Fansmitter: Acoustic data exfiltration from (speakerless) air-gapped computers, arXiv preprint arXiv, (2016).
    [8] M. Guri, Y. A. Solewicz, A. Daidakulov, et al., Diskfiltration: Data exfiltration from speakerless air-gapped computers via covert hard drive noise, 98–115. arXiv preprint arXiv: 1608.03431, (2016).
    [9] M. Guri, M. Monitz, Y. Mirski, et al., Bitwhisper: Covert signaling channel between air- gapped computers using thermal manipulations, 2015 IEEE 28th Computer Security Foundations Symposium, 2015. Available from: https://ieeexplore.ieee.org/abstract/document/7243739.
    [10] Y. Mirsky, M. Guri and Y. Elovici, Hvacker: Bridging the air-gap by manipulating the environment temperature, Magdeburger J. zur Sicherheitsforschung, 14 (2017), 815–829.
    [11] V. Sepetnitsky, M. Guri and Y. Elovici, Exfiltration of information from air-gapped machines using monitor's LED indicator, 2014 IEEE Joint Intelligence and Security Informatics Conference,IEEE, 2014, 264–267. Available from: https://ieeexplore.ieee.org/abstract/document/6975588.
    [12] A. Lopes and D. Aranha, Platform-agnostic low-intrusion optical data exfiltration, 3rd International Conference on Information Systems Security and Privacy (ICISSP 2017), 2017, 474–480. Available from: http://dx.doi.org/10.5220/0006211504740480.
    [13] M. Guri, B. Zadov and Y. Elovici, LED-it-GO: Leaking (a lot of) data from air-gapped computers via the (small) hard drive LED, International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 2017, 161–184. Available from: http://arxiv.org/abs/1702.06715.
    [14] M. Guri, B. Zadov, A. Daidakulov, et al., xLED: Covert data exfiltration from air-gapped networks via router leds, arXiv preprint arXiv, (2017).
    [15] Z. Zheng, W. Zhang, Z. Yang et al., Exfiltration of data from air-gapped networks via unmodulated led status indicators, arXiv preprint arXiv, (2017).
    [16] M. Guri, D. Bykhovsky and Y. Elovici, Air-jumper: Covert air-gap exfiltration/infiltration via security cameras & infrared (IR), Comput. Secur., 82 (2019), 15–29.
    [17] K. Jo, M. Gupta and S. K. Nayar, DisCo: Display-Camera Communication Using Rolling Shutter Sensors, ACM Trans. Graphics., 35 (2016), 1–13.
    [18] H. Hao, L. Rujun, Q. Guolei et al., Covert-optical transmission channel based on LED display, Commun. Technol., 51 (2018), 1689–1693.
    [19] M. Guri, O. Hasson, G. Kedma, et al., An optical covert-channel to leak data through an air-gap 2016 14th Annual Conference on Privacy, Security and Trust (PST), IEEE, 2016. Available from: https://ieeexplore.ieee.org/document/7906933.
    [20] Kolb Helga, Much of the construction of an image takes place in the retina itself through the use of specialized neural circuits, in How the Retina Works, American Scientist, (2003), 28–35.
    [21] J. L. Ecker, G. S. Lall, S. Haq, et al., Melanopsin cells are the principal conduits for rod cone input to non-image-forming vision, Nature, 7191 (2008), 102–106.
    [22] G. Buchsbaum, An Analytical Derivation of Visual Nonlinearity IEEE Trans. Biomed. Eng.,5(1980), 237–242.
    [23] D. Mandal, K. Panetta and S. Agaian, Human visual system inspired object detection and recognition, 2012 IEEE International Conference on Technologies for Practical Robot Applications (TePRA), IEEE, 2012, 145–150. Available from:http://dx.doi.org/10.1109/TePRA.2012.6215669.
    [24] E. Simonson and J. Brozek, Flicker fusion frequency; background and applications, Physiol. Rev., 32 (1952), 349–378.
    [25] S. D. Perli, N. Ahmed and D. Katabi, PixNet: Interference-free wireless links using LCD-camera pairs, 16th Annual Conference on Mobile Computing and Networking, MobiCom 2010 (2010), 1952, 137–148. Available from: http://dx.doi.org 10.1145/1859995.1860012.
    [26] T. Hao, R. Zhou and G. Xing, COBRA: Color barcode streaming for smartphone systems, Proceedings of the 10th international conference on Mobile systems, applications, and services, ACM, 2012, 85–98. Available from: http://dx.doi.org/10.1145/2307636.2307645.
    [27] W. Hu, Lightsync: Unsynchronized visual communication over screen-camera links, Proceedings of the 19th annual international conference on Mobile computing & networking, ACM, 2013, 15–26. Available from: http://dx.doi.org/10.1145/2500423.2500437.
    [28] T. Li, C. An, X. Xiao, et al., Real-time screen-camera communication behind any scene Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services, ACM, 2015, 197–211. Available from: http://dx.doi.org/10.1145/2742647.2742667.
    [29] A. Wang, C. Peng, O. Zhang, et al., InFrame: Multiflexing full-frame visible communication channel for humans and devices, Proceedings of the 13th ACM Workshop on Hot Topics in Networks, ACM, 2014. Available from: http://dx.doi.org/10.1145/2670518.2673867.
    [30] A. Wang, Z. Li, C. Peng, et al., Inframe++: Achieve simultaneous screen-human viewing and hidden screen-camera communication, Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services, ACM, 2015, 181-195. Available from: http://dx.doi.org/10.1145/2742647.2742652.
    [31] A. Costin, Security of cctv and video surveillance systems: Threats, vulnerabilities, attacks, and mitigations, Proceedings of the 6th international workshop on trustworthy embedded devices, ACM, 2016.Available from: https://dl.acm.org/citation.cfm?id=2995290.
  • Reader Comments
  • © 2019 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

Metrics

Article views(5061) PDF downloads(463) Cited by(1)

Figures and Tables

Figures(9)  /  Tables(4)

Other Articles By Authors

/

DownLoad:  Full-Size Img  PowerPoint
Return
Return

Catalog