Embedding Covert Channels into TCP/IP

@inproceedings{Murdoch2005EmbeddingCC,
  title={Embedding Covert Channels into TCP/IP},
  author={Steven J. Murdoch and Stephen Lewis},
  booktitle={Information Hiding},
  year={2005}
}
It is commonly believed that steganography within TCP/IP is easily achieved by embedding data in header fields seemingly filled with “random” data, such as the IP identifier, TCP initial sequence number (ISN) or the least significant bit of the TCP timestamp. We show that this is not the case; these fields naturally exhibit sufficient structure and non-uniformity to be efficiently and reliably differentiated from unmodified ciphertext. Previous work on TCP/IP steganography does not take this… 
Steganography by hiding data in TCP/IP headers
TLDR
A novel scheme to send message imperceptibly between points over Internet is presented, which uses fourth-order chaotic system to generate chaos sequence which is used to encrypt secret message, and then embeds the modulated message into identification field of IP header.
Practical Protocol Steganography: Hiding Data in IP Header
TLDR
A novel scheme to send message imperceptibly between points over Internet, which uses fourth-order Chebyshev chaotic system to generate chaos sequence which is used to encrypt secret message, and then embeds the modulated message into identification field of IP header.
The Implementation of Covert Channel in IPV6 using Linux Kernel
TLDR
This work has proposed a unique way of covert commumcation - TCP and IPv6 Referencing Model that instead of embedding any bit and destroying the semantics of the header, it is going to use the referencing method to send the covert bit from sender to receiver end.
Steganography in IPV 6
TLDR
This honors thesis uses steganography within the source address fields of Internet Protocol Version 6 (IPv6) packets to create a covert channel through which clandestine messages are passed from one party to another.
SCONeP: Steganography and Cryptography approach for UDP and ICMP
TLDR
An implementation called SCONeP (Steganography and Cryptography over Network Protocols) that offers the protection of hidden data by encrypting it is proposed, and two less utilized protocols for data hiding, ICMP and UDP are described.
Steganography in IPV6
TLDR
This honors thesis uses steganography within the source address fields of Internet Protocol Version 6 (IPv6) packets to create a covert channel through which clandestine messages are passed from one party to another.
PRACTICAL DEVELOPMENT AND DEPLOYMENT OF COVERT COMMUNICATION IN IPV
TLDR
The paper focuses on the existent methods used with ipv4 and studies the various algorithms and the scheme to bypass the firewall.
DNS ID Covert Channel based on Lower Bound Steganography for Normal DNS ID Distribution
TLDR
This method produces a normal distribution for DNS ID covert channel through the application of Steganography to insert the cipher value into the DNS ID.
PadSteg: introducing inter-protocol steganography
TLDR
Basing on real network traces, it is confirmed that PadSteg is feasible in today’s networks and it is estimated what steganographic bandwidth is achievable while limiting the chance of disclosure.
...
...

References

SHOWING 1-10 OF 26 REFERENCES
Practical Data Hiding in TCP/IP
TLDR
By passing supplementary information through IPv4 headers it is demonstrated how security mechanisms can be enhanced in routers, firewalls, and for services such as authentication, audit and logging without considerable additions to software or hardware.
Eliminating Steganography in Internet Traffic with Active Wardens
TLDR
This paper examines the techniques and challenges of a high-bandwidth, unattended, real-time, active warden in the context of a network firewall, and introduces the concept of Minimal Requisite Fidelity (MRF) as a measure of the degree of signal fidelity that is both acceptable to end users and destructive to covert communications.
A Study on the Covert Channel Detection of TCP/IP Header Using Support Vector Machine
TLDR
The experiments showed that the proposed method could discern the abnormal cases from normal TCP/IP traffic using a Support Vector Machine, which has excellent performance in pattern classification problems.
The Implementation of Passive Covert Channels in the Linux Kernel
TLDR
The goal of this paper is to describe the idea of so called passive covert channels (PCC), which might be used by malware to leak information from the compromised hosts, and to implement this idea in a proof-of-concept tool, called NUSHU.
Security problems in the TCP/IP protocol suite
TLDR
A variety of attacks based on a number of serious security flaws inherent in the TCP/IP protocols are described, including sequence number spoofed, routing attacks, source address spoofing, and authentication attacks.
Cryptography in OpenBSD: An Overview
TLDR
An overview of the cryptography employed in OpenBSD is given, including the various components (IPsec, SSL libraries, stronger password encryption, Kerberos IV, random number generators, etc.), their role in system security, and their interactions with the rest of the system (and, where applicable, the network).
Hiding Data in the OSI Network Model
TLDR
The Alice and Bob analogy, derived from cryptology, is used to present network protocols in a way that more clearly defines the problem.
Covert Messaging through TCP Timestamps
TLDR
The design of a practical system exploiting a channel in a common communications system (TCP timestamps) exploiting a protocol for sending data over a common class of low-bandwidth covert channels is presented.
10th USENIX Security Symposium
  • K. Jones
  • Computer Science
    login Usenix Mag.
  • 2001
TLDR
BEK is a language and system for writing sanitizers that enables precise analysis of sanitizer behavior, including checking idempotence, commutativity, and equivalence, and is quick in practice, taking fewer than two seconds to check the Commutativity of the entire set of Internet Exporer XSS filters.
Covert Channels in IPv6
TLDR
This paper introduces and analyze 22 different covert channels in the Internet Protocol version 6 (IPv6), and defines three types of active wardens, stateless, stateful, and network-aware, who differ in complexity and ability to block the analyzed covert channels.
...
...