GreyFan：一种Wi-Fi隐蔽信道攻击框架

doi:10.11959/j.issn.1000-0801.2019179

Telecommunications Science ›› 2019, Vol. 35 ›› Issue (9): 85-97.doi: 10.11959/j.issn.1000-0801.2019179

• research and development • Previous Articles Next Articles

GreyFan:a network attack framework using Wi-Fi covert channel

Dongjie MA^1,²,Chengqiang JIN^1,²,·uan CHEN^1,²,Tieming CHEN^1,^2,³

¹ College of Computer Science and Technology,Zhejiang University of Technology,Hangzhou 310023,China
² Zhejiang Innovation Center of Cyberspace Security,Hangzhou 310023,China
³ Research Center of Industrial Internet,Zhejiang Lab,Hangzhou 311100,China

Revised:2019-07-03 Online:2019-09-20 Published:2019-09-30
Supported by:
The National Natural Science Foundation of China(61202282);The National Natural Science Foundation of China(61772026);The Joint Project of National Natural Science Foundation and Zhejiang Provincial Government(U1509214)

Abstract

Abstract:

For traditional physical attacks such as side channel attacks and HID attacks in real networks,physical isolation is considered to be a relatively complete security protection against network attacks.In 2018,a Wi-Fi hidden channel method in the physical isolation environment——Ghost Tunnel was firstly proposed,that is,in the state that Wi-Fi didn’t connected,the wireless AP could successfully transmit data to the computer that initiates the connection request.An attack framework based on the Ghost Tunnel method——GreyFan was proposed.This attack framework enabled attackers to implement non-aware attacks on users who didn’t connected to Wi-Fi,such as file concealed transmission and arbitrary code execution,etc.The corresponding defense technology was also analyzed.

Key words: HID attack, network isolation, covert channel, GreyFan attack

CLC Number:

TP309

Dongjie MA,Chengqiang JIN,·uan CHEN,Tieming CHEN. GreyFan:a network attack framework using Wi-Fi covert channel[J]. Telecommunications Science, 2019, 35(9): 85-97.

Figures/Tables 14

References 13

[1]	DAKHANE D M , DESHMUKH P R . Active warden for TCP sequence number base covert channel[C]// International Conference on Pervasive Computing,Jan 8-10,2015,Pune,India. Piscataway:IEEE Press, 2015: 1-5.
[2]	ZANDER S , ARMITAGE G , BRANCH P . Covert channels and countermeasures in computer network protocols[J]. IEEE Communications Surveys ＆ Tutorials, 2007,9(3): 44-57.
[3]	王娟, 郭永冲, 王强 ,等. 基于BHO的网络隐蔽通道研究[J]. 计算机工程, 2009,35(5): 159-161,164.
	WANG J , GUO · C , WANG Q ,et al. Research of network covert channel based on BHO[J]. Computer Engineering, 2009,35(5): 159-161,164.
[4]	AHMADZADEH S A , AGNEW G . Turbo covert channel:an iterative framework for covert communication over data networks[C]// IEEE INFOCOM,April 14-19,2013,Turin,Italy. Piscataway:IEEE Press, 2013: 2031-2039.
[5]	姬国珍, 谭全福 . 基于数据包时间间隔的隐蔽通道实现及检测方法研究[J]. 通信技术, 2018,51(1): 189-194.
	JI G Z , TAN Q F . Covert channel implementation based on between-packet time intervals and detection method[J]. Communications Technology, 2018,51(1): 189-194.
[6]	李卫, 嵩天 . 适用于NAT环境的隐蔽通道构建方法[J]. 计算机工程与应用, 2018,54(17): 103-109.
	LI W , SONG T . Covert channel applying to NAT environment[J]. Computer Engineering and Applications, 2018,54(17): 103-109.
[7]	朱越凡, 马迪, 王伟 ,等. 一种 NTP 协议隐蔽通道[J]. 计算机系统应用, 2017,26(5): 119-125.
	ZHU · F , MA D , WANG W ,et al. Covert channel based on NTP protocol[J]. Computer Systems ＆ Applications, 2017,26(5): 119-125.
[8]	TAN · A , XU X , LIANG C ,et al. An end-to-end covert channel via packet dropout for mobile networks[J]. International Journal of Distributed Sensor Networks, 2018,14(5).
[9]	·ANG Z , HUANG Q , ZHANG Q ,et al. NICScatter:backscatter as a covert channel in mobile devices[Z]. 2017.
[10]	SCHULZ M , LINK J . Shadow Wi-Fi:teaching smartphones to transmit raw signals and to extract channel state information to implement practical covert channels over Wi-Fi[C]// The 16th Annual International Conference on Mobile Systems,Applications,and Services Table of Contents,June 10-15,2018,San Francisco,California,USA.[S.l.:s.n]. 2018: 256-268.
[11]	WU K , WEI Z S , TEACHER W Z . A study on the application of intrusion detection technology to WLAN[C]// IEEE International Conference on Communication Software and Networks,May 27-29,2011,Xi’an,China. Piscataway:IEEE Press, 2011: 344-346.
[12]	谭彦, 厉萍, 卢洪涛 ,等. Wi-Fi 无线钓鱼攻击分析及应对技术研究[J]. 电信科学, 2013,29(Z2): 143-146,151.
	TAN · , LI P , LU H T ,et al. Wi-Fi wireless phishing attack analysis and coping technology research[J]. Telecommunications Science, 2013,29(Z2): 143-146,151.
[13]	高波, 潘毅明, 黄国瑾 . 基于城域组网的运营级WLAN组网技术[J]. 电信科学, 2015,31(10): 199-203.
	GAO B , PAN · M , HUANG G J . Technology of WLAN in operation level based on metropolitan area network[J]. Telecommunications Science, 2015,31(10): 199-203.

Metrics

Recommended 0

No Suggested Reading articles found!

字节数/byte	含义	用途
1	特殊字段	标识该帧用于传输文件
2	文件名长度	标识文件名的长度，用 16 进制表示
8	散列值	用于可靠传输
2	文件总长度	标识文件的总分片数，用16进制表示
2	当前分片序号	标识当前分片所属的位置，用16进制表示
0 ～ 240	文件名	标识文件的保存名称，可带具体路径
0 ～ 240－文件名长度	文件的具体内容	发送具体的文件信息

GreyFan:a network attack framework using Wi-Fi covert channel

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 14

References 13

Related Articles 1

Metrics

Recommended 0