Adaptive Warden Strategy for Countering Network Covert Storage Channels

  title={Adaptive Warden Strategy for Countering Network Covert Storage Channels},
  author={Mehdi Chourib and Steffen Wendzel and Wojciech Mazurczyk},
  journal={2021 IEEE 46th Conference on Local Computer Networks (LCN)},
The detection and elimination of covert channels are performed by a network node, known as a warden. Especially if faced with adaptive covert communication parties, a regular warden equipped with a static set of normalization rules is ineffective compared to a dynamic warden. However, dynamic wardens rely on periodically changing rule sets and have their own limitations, since they do not consider traffic specifics. We propose a novel adaptive warden strategy, capable of selecting active… 

Figures from this paper



Countering adaptive network covert communication with dynamic wardens

Towards Adaptive Covert Communication System

This paper investigates the methods and an algorithm for implementing adaptive covert communication system that works on real-world Internet, capable of using multiple application-level protocols as its communication media and can be implemented as network application, therefore requires no system modifications of communicating nodes.

A survey of covert channels and countermeasures in computer network protocols

A survey of the existing techniques for creating covert channels in widely deployed network and application protocols and an overview of common methods for their detection, elimination, and capacity limitation, required to improve security in future computer networks are given.

An Enlarging-the-Capacity Packet Sorting Covert Channel

An enlarging-the-capacity packet sorting covert channel model is established and the functional relationship between the total number of covert information transmitted and the number of ports is derived, which can send more secret information when the network status is not ideal.

Covert Channels in IPv6

This paper introduces and analyze 22 different covert channels in the Internet Protocol version 6 (IPv6), and defines three types of active wardens, stateless, stateful, and network-aware, who differ in complexity and ability to block the analyzed covert channels.

Protocol Proxy: An FTE-based Covert Channel

IP Covert Channel Detection

This article presents the first public implementation of an IP covert channel, discusses the subtle issues that arose in its design, and presents new detection measures that provide detection rates over 95%.

Practical Data Hiding in TCP/IP

By passing supplementary information through IPv4 headers it is demonstrated how security mechanisms can be enhanced in routers, firewalls, and for services such as authentication, audit and logging without considerable additions to software or hardware.

Covert channel attacks in pervasive computing

  • N. TuptukS. Hailes
  • Computer Science
    2015 IEEE International Conference on Pervasive Computing and Communications (PerCom)
  • 2015
Overall, this paper demonstrates that the creation of undetectable covert channels is a practical proposition in pervasive computing systems, and has implications for key distribution: the use of individual, rather than group, keys is necessary to limit the exposure caused by a successful covert channel attack.

Information Hiding in Communication Networks: Fundamentals, Mechanisms, Applications, and Countermeasures

A new classification and taxonomy for modern data hiding techniques is introduced and several example applications of information hiding in communication networks are introduced including some recent covert communication techniques in popular Internet services.