计算机工程与应用 ›› 2012, Vol. 48 ›› Issue (27): 63-68.

• 网络、通信、安全 • 上一篇    下一篇

显示器电磁木马的Soft-TEMPEST技术研究

陈荣茂,任江春,龚正虎   

  1. 国防科学技术大学 计算机学院,长沙 410073
  • 出版日期:2012-09-21 发布日期:2012-09-24

Research on Soft-TEMPEST technology for monitor electromagnetic trojans

CHEN Rongmao, REN Jiangchun, GONG Zhenghu   

  1. School of Computer, National University of Defense Technology, Changsha 410073, China
  • Online:2012-09-21 Published:2012-09-24

摘要: 显示器电磁木马是通过控制计算机屏幕电磁辐射达到窃取信息目的的一种新型木马。当前的主流防护思想是用软件防护代替较为成熟但造价昂贵的硬件防护机制,然而目前软防护思想大多侧重于理论方法的探索,在实现机制上相对比较复杂。针对显示器电磁木马的工作特点提出了Soft-TEMPEST防护机制,设计了显示器电磁木马的ADFA(API Detection and Frequency Analysis)检测方法。该方法通过API函数序列的周期性挖掘分析,结合对屏幕像素信息的傅里叶变换及频谱分析,达到检测出木马进程的目的。测试结果表明,该方法能够成功检测出多种显示器电磁木马,而且原理简单,方便投入使用。

关键词: 电磁木马, 基于软件的瞬时电磁脉冲发射监测技术(Soft-TEMPEST), 应用程序编程接口(API)周期挖掘, 傅里叶变换, 频谱分析

Abstract: Display electromagnetic trojan is a new type of trojans that steal information through the control of computer screen electromagnetic radiation. The mainstream protection idea is that software protections substitute hardware protections mechanism which is more mature, but high cost. However, the current soft protections mostly come from the perspective of theoretical methods, which results in a relative complex implementation. This paper proposes a mechanism of Soft-TEMPEST against monitor electromagnetic trojans and designs a method ADFA(APIs Detection and Frequency Analysis). The ADFA detects monitor electromagnetic trojans by cyclical mining API function sequences with Fourier transform of screen pixel information and spectrum analysis. The test results show that the method can successfully detect many types of monitor electromagnetic trojans. What is more, it is simple and can be easily put into use.

Key words: electromagnetic trojan, Soft-Transient Electromagnetic Pulse Emanation Surveillance Technology(TEMPEST), Application Programming Interface(API) cyclical mining, Fourier transform, spectrum analysis