Air gap (networking)
An air gap or air wall is a network security measure, also known as air gapping, employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. The name arises from the technique of creating a network that does not have, and often has never had, an active unsecured connection, by having the two physically separated, with air in between. The air gap may not be completely literal, as networks employing the use of dedicated cryptographic devices that can tunnel packets over untrusted networks while avoiding packet rate or size variation can be considered "air gapped", as there is no ability for computers on opposite sides of the "gap" to communicate.
Use in classified settings
In environments where networks or devices are rated to handle different levels of classified information, the two disconnected devices/networks are referred to as "low side" and "high side", low being unclassified and high referring to classified, or classified at a higher level. This is also occasionally referred to as red (classified) and black (unclassified). To move data from the high side to the low side, it is necessary to write data to a physical medium, and move it to a device on the latter network. Traditionally based on the Bell-La Padula Confidentiality Model, data can move low-to-high with minimal processes while high-to-low requires much more stringent procedures to ensure protection of the data at a higher level of classification.
The concept represents nearly the maximum protection one network can have from another (save turning the device off). It is not possible for packets or datagrams to "leap" across the air gap from one network to another, but computer viruses such as Stuxnet and agent.btz have been known to bridge the gap by exploiting security holes related to the handling of removable media. The possibility of using acoustic communication has also been demonstrated by researchers. Researchers have also demonstrated the feasibility of data exfiltration using FM frequency signals.
The upside to this is that such a network can generally be regarded as a closed system (in terms of information, signals, and emissions security) unable to be accessed from the outside world. The downside is that transferring information (from the outside world) to be analyzed by computers on the secure network is extraordinarily labor-intensive, often involving human security analysis of prospective programs or data to be entered onto air-gapped networks and possibly even human manual re-entry of the data following security analysis.
Examples of the types of networks or systems that may be air gapped include:
- Military/governmental computer networks/systems;
- Financial computer systems, such as stock exchanges;
- Industrial control systems, such as SCADA in Oil & Gas fields;
- Life-critical systems, such as:
- Very simple systems, where there is no need to compromise security in the first place, such as:
Limitations imposed on devices used in these environments may include a ban on wireless connections to or from the secure network, or similar restrictions on EM leakage from the secure network through the use of TEMPEST or a Faraday cage.
Further, scientists in 2013 demonstrated the viability of air gap malware designed to defeat air gap isolation using acoustic signaling. Shortly after that, network security researcher Dragos Ruiu's BadBIOS received press attention.
In 2014, researchers introduced "AirHopper", a bifurcated attack pattern showing the feasibility of data exfiltration from an isolated computer to a nearby mobile phone, using FM frequency signals.
Later in 2015, "BitWhisper", a Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations was introduced. "BitWhisper" supports bidirectional communication and requires no additional dedicated peripheral hardware.
- Wiktionary: Airwall, retrieved on 2010-05-13
- Whatis.com: Air gapping
- RFC 4949
- "Stuxnet delivered to Iranian nuclear plant on thumb drive". CNET. 12 April 2012.
- Hanspach, Michael; Goetz, Michael (November 2013). "On Covert Acoustical Mesh Networks in Air". Journal of Communications (Engineering and Technology Publishing) 8 (11): 758–767. doi:10.12720/jcm.8.11.758-767. Retrieved 22 November 2013.
- Guri, Mordechai; Kedma, Gabi; Kachlon, Assaf; Elovici, Yuval (November 2014). "AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio Frequencies". arXiv (C) IEEE.
- Guri, Mordechai; Kedma, Gabi; Kachlon, Assaf; Elovici, Yuval (November 2014). "How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone - AirHopper". BGU Cyber Security Labs.
- Lemos, Robert (2001-02-01). "NSA attempting to design crack-proof computer". ZDNet News. CBS Interactive, Inc. Retrieved 2012-10-12.
For example, top-secret data might be kept on a different computer than data classified merely as sensitive material. Sometimes, for a worker to access information, up to six different computers can be on a single desk. That type of security is called, in typical intelligence community jargon, an air gap.
- Rist, Oliver (2006-05-29). "Hack Tales: Air-gap networking for the price of a pair of sneakers". Infoworld. IDG Network. Retrieved 2009-01-16.
In high-security situations, various forms of data often must be kept off production networks, due to possible contamination from nonsecure resources — such as, say, the Internet. So IT admins must build enclosed systems to house that data — stand-alone servers, for example, or small networks of servers that aren't connected to anything but one another. There's nothing but air between these and other networks, hence the term air gap, and transferring data between them is done the old-fashioned way: moving disks back and forth by hand, via 'sneakernet'.
- "Weber vs SEC" (PDF). insurancenewsnet.com. 2012-11-15. p. 35.
Stock exchange internal network computer systems are so sensitive that they are “air gapped” and not attached to the internet, in order to protect them from attack, intrusion, or other malicious acts by third party adversaries.
- "Weber vs SEC".
Industrial internal network computer systems are so sensitive that they are “air gapped” and neither attached to the internet nor insecurely connects to the corporate network, in order to protect them from attack, intrusion, or other malicious acts by third party adversaries.
- Zetter, Kim (2008-01-04). "FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack". Wired Magazine. Condénet, Inc. Archived from the original on 23 December 2008. Retrieved 2009-01-16.
(...Boeing...) wouldn't go into detail about how (...it...) is tackling the issue but says it is employing a combination of solutions that involves some physical separation of the networks, known as air gaps, and software firewalls.
- Hanspach, Michael; Goetz, Michael (November 2013). "On Covert Acoustical Mesh Networks in Air". Journal of Communications. doi:10.12720/jcm.8.11.758-767.
- Leyden, John (5 Dec 2013). "Hear that? It's the sound of BadBIOS wannabe chatting over air gaps". Retrieved 30 December 2014.
- Guri, Mordechai; Monitz, Matan; Mirski, Yisroel; Elovici, Yuval (April 2015). "BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations". arXiv (C) IEEE.
- Guri, Mordechai; Monitz, Matan; Mirski, Yisroel; Elovici, Yuval (March 2015). "BitWhisper: The Heat is on the Air-Gap". BGU Cyber Security Labs.