A survey of covert channels and countermeasures in computer network protocols

@article{Zander2007ASO,
  title={A survey of covert channels and countermeasures in computer network protocols},
  author={Sebastian Zander and Grenville J. Armitage and Philip Branch},
  journal={IEEE Communications Surveys \& Tutorials},
  year={2007},
  volume={9},
  pages={44-57}
}
Covert channels are used for the secret transfer of information. Encryption only protects communication from being decoded by unauthorised parties, whereas covert channels aim to hide the very existence of the communication. Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols. The huge amount of data and vast number of different protocols in the Internet seems… 

Figures from this paper

Ephemeral Feature Presentation of Covert Channels in Network Protocols
TLDR
This paper presents overview of different protocol as well as some packet length based covert channels, having tamper resistance capability but due to abnormal traffic distribution results in recognition possibility.
Capacity boost with data security in Network Protocol Covert Channel
TLDR
Packet length based covert channel is presented by using real time packet lengths where statistical detection of the covert channels is not possible and certain encryption algorithm is improved which doesn't change the length of the original data load compared to other available techniques.
Towards Adaptive Covert Communication System
TLDR
This paper investigates the methods and an algorithm for implementing adaptive covert communication system that works on real-world Internet, capable of using multiple application-level protocols as its communication media and can be implemented as network application, therefore requires no system modifications of communicating nodes.
Covert Channels in the MQTT-Based Internet of Things
TLDR
This work presents the first comprehensive study of covert channels in a protocol utilizing the publish-subscriber model, i.e., the Message Queuing Telemetry Transport (MQTT) protocol which is widely deployed in Internet of Things (IoT) environments and proves that MQTT-based covert channels are practically feasible and effective.
Binary middleman covert channel in ExOR protocol
TLDR
The performance and detectability of the method, which transfers covert bits by taking the control of the number of packets in the covert sender's fragment, is evaluated and the author's direction of future study is discussed.
Improving Intrusion Detection Method for Covert Channel in TCP/IP Network
TLDR
A classification algorithm is developed to identify the existence of information hidden in ISNs and a new detection method with more efficiency is implemented by using ACO Algorithm.
Modeling packet rate covert timing channels
TLDR
A general analytical model is provided to determine the capacity of timing-based covert channels, and the model is verified with computer simulations.
CCHEF: Covert Channels Evaluation Framework design and implementation
TLDR
CCHEF - a flexible and extensible software framework for evaluating covert channels in network protocols, which is able to establish covert channels across real networks using real overt traffic, but can also emulate covert channels based on overt traffic previously collected in trace files.
CCHEF – Covert Channels Evaluation Framework User Manual Version 0.1
TLDR
CCHEF – a flexible and extensible soft ware framework for evaluating covert channels in network protocols, which is able to establish covert channels across real networks using real overt traffic, but can also emulate covert channels based on overt channels previously collected in trace files.
An adaptive approach to detecting behavioural covert channels in IPv6
TLDR
A novel Hybrid Heuristic Intelligent Algorithm coupled with enhanced Polynomial Naive Bayes machine Learning algorithm is implemented in a supervised learning model to detect and classify covert channels in IPv6 and acts as an active security warden processing intelligent information gain and optimized decision trees technique to improve the security vulnerabilities in this new network generation protocol.
...
...

References

SHOWING 1-10 OF 143 REFERENCES
Covert channels in the IP time to live field
TLDR
This paper presents a novel covert channel inside the IP header’s Time To Live (TTL) field, which manipulates the TTLs of subsequent packets transmitting covert information to the receiver and proposes an encoding scheme, which makes the TTL covert channel look similar to “natural” variation.
Covert Channels in IPv6
TLDR
This paper introduces and analyze 22 different covert channels in the Internet Protocol version 6 (IPv6), and defines three types of active wardens, stateless, stateful, and network-aware, who differ in complexity and ability to block the analyzed covert channels.
20 years of covert channel modeling and analysis
  • J. Millen
  • Computer Science
    Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)
  • 1999
TLDR
The article traces the history of covert channel modeling from 1980 to the present, by tracing the low-order two bits of each pixel in a picture for your secret message, since no one would notice if they were changed.
Covert Channels in LAN Protocols
TLDR
There is a potential of unused bandwidth in commonly used LAN protocols, which might be exploitable as covert channel and the key point is, that exploitation of this potential is not a question of a LAN's architecture, but is strongly dependent on the design of its internal interfaces and on its implementations.
Detection of Covert Channel Encoding in Network Packet Delays
TLDR
This paper investigates the channel capacity of Internet-based timing channels and proposes a methodology for detecting covert timing channels based on how close a source comes to achieving that channel capacity.
The Research on Information Hiding Based on Command Sequence of FTP Protocol
TLDR
Three characters of covert channels, which are concealment, bandwidth and robustness, are studied and the methods to construct covert channels are also applicable to other internet protocol.
Covert Messaging through TCP Timestamps
TLDR
The design of a practical system exploiting a channel in a common communications system (TCP timestamps) exploiting a protocol for sending data over a common class of low-bandwidth covert channels is presented.
A network layer covert channel in ad-hoc wireless networks
  • Song LiAnthony Epliremides
  • Computer Science
    2004 First Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks, 2004. IEEE SECON 2004.
  • 2004
TLDR
This paper investigates ad-hoc wireless networks' susceptibility to covert channels through manipulating the routing protocol operations and demonstrates four candidate multi-hop covert channels and provides detailed analysis on the most promising one which uses the destination ID information carried by the routing control packets.
Using covert channels to evaluate the effectiveness of flow confidentiality measures
TLDR
This paper provides an information theoretic analysis of the effectiveness of a link padding implementation, and presents models that describe how practical aspects, such as cross-traffic and network congestion affect the information leakage of link padding.
Practical Data Hiding in TCP/IP
TLDR
By passing supplementary information through IPv4 headers it is demonstrated how security mechanisms can be enhanced in routers, firewalls, and for services such as authentication, audit and logging without considerable additions to software or hardware.
...
...