Pattern-Based Survey and Categorization of Network Covert Channel Techniques

@article{Wendzel2015PatternBasedSA,
  title={Pattern-Based Survey and Categorization of Network Covert Channel Techniques},
  author={Steffen Wendzel and Sebastian Zander and Bernhard Fechner and Christian Herdin},
  journal={ACM Computing Surveys (CSUR)},
  year={2015},
  volume={47},
  pages={1 - 26}
}
Network covert channels are used to hide communication inside network protocols. Various techniques for covert channels have arisen in the past few decades. We surveyed and analyzed 109 techniques developed between 1987 and 2013 and show that these techniques can be reduced to only 11 different patterns. Moreover, the majority (69.7%) of techniques can be categorized into only four different patterns (i.e., most techniques we surveyed are similar). We represent the patterns in a hierarchical… 
A Protocol Independent Approach in Network Covert Channel Detection
  • Md. Ahsan Ayub, Steven Smith, A. Siraj
  • Computer Science
    2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC)
  • 2019
TLDR
A generic, protocol-independent approach for the detection of network storage covert channels is proposed using a supervised machine learning technique and can lead to a reduction of necessary techniques to prevent covert channel communication in network traffic.
Survey on Covert Storage Channel in Computer Network Protocols Detection and Mitigation Techniques
TLDR
The covert channel countermeasures—detection, elimination, mitigation, and capacity reduction—are still real challenges and lag behind an acceptable level of network security, so the research door is open for more contributions in this field.
A Systematic Analysis of Covert Channels in the Network Time Protocol
TLDR
This work presents a systematic in-depth analysis of covert channels by modification for the Network Time Protocol (NTP), and shows in its first assessment that practically undetectable channels can be implemented in NTP, motivating the required further research.
Covert Channels in the MQTT-Based Internet of Things
TLDR
This work presents the first comprehensive study of covert channels in a protocol utilizing the publish-subscriber model, i.e., the Message Queuing Telemetry Transport (MQTT) protocol which is widely deployed in Internet of Things (IoT) environments and proves that MQTT-based covert channels are practically feasible and effective.
Efficient distributed network covert channels for Internet of things environments†
TLDR
This article presents an extensive analysis on how distributed network covert channels that utilize network traffic from IoT devices can be used to perform efficient secret communication and investigates how to combine existing covert channels so the resulting data transfer is less visible.
Trends and Challenges in Network Covert Channels Countermeasures
TLDR
Investigation of trends and challenges in the development of countermeasures against the most popular network covert channels indicates that many works are extremely specialized and an effective strategy for taming security risks caused by network hidden channels may benefit from high-level and general approaches.
Towards Utilization of Covert Channels as a Green Networking Technique
TLDR
The obtained results show that the approach can be useful mostly under specific circumstances, i.e., when the total energy consumption of the network devices is already relatively high and the approach is examined to assess their usefulness from the green networking perspective.
Binary middleman covert channel in ExOR protocol
TLDR
The performance and detectability of the method, which transfers covert bits by taking the control of the number of packets in the covert sender's fragment, is evaluated and the author's direction of future study is discussed.
A Survey of Key Technologies for Constructing Network Covert Channel
TLDR
The key technologies for constructing network covert channels are divided into two aspects: communication content level and transmission network level (based on proxy and anonymity communication technology), and an comprehensively summary about covert channels at each level is given.
POSTER: An Educational Network Protocol for Covert Channel Analysis Using Patterns
TLDR
This paper provides a method for teaching covert channel analysis of network protocols by eliminating the requirement for students to understand several network protocols in advance and by focusing on so-called hiding patterns.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 120 REFERENCES
Preventing Protocol Switching Covert Channels
TLDR
This work presents the first approach to effectively limit the bitrate of protocol switching covert channels by introducing a new active warden, and presents a calculation method for the maximum usable bit rate of these channels in case theactive warden is used.
Systematic Engineering of Control Protocols for Covert Channels
TLDR
This paper presents a two-layer system comprising six steps to create a micro protocol design and applies a context-free and regular grammar to analyze the micro protocol's behavior within the context of the underlying network protocol.
Low-Attention Forwarding for Mobile Network Covert Channels
TLDR
This work presents calculation methods for utilizable header areas in network protocols, calculations for channel optimization, an algorithm to minimize a covert channel's overhead traffic, as well as implementationrelated solutions for such a mobile environment.
A survey of covert channels and countermeasures in computer network protocols
TLDR
A survey of the existing techniques for creating covert channels in widely deployed network and application protocols and an overview of common methods for their detection, elimination, and capacity limitation, required to improve security in future computer networks are given.
Analyzing Network-Aware Active Wardens in IPv6
TLDR
A pioneer implementation of network-aware active wardens is presented that eliminates the covert channels exploiting the Routing Header and the hop limit field as well as the well-known Short TTL Attack.
Network covert channels: design, analysis, detection, and elimination
TLDR
It is shown that traffic analysis can counter traditional event-based covert channels, which do not employ any additional scheme to obfuscate the channel further, and a new family of covert channels that do not produce such anomaly are introduced.
Model-Based Covert Timing Channels: Automated Modeling and Evasion
TLDR
An automated framework for building model-based covert timing channels, which exploit the statistical properties of legitimate network traffic to evade detection in an effective manner are designed and implemented.
Pattern-Based Survey and Categorization of Network Covert Channel Techniques
TLDR
This research surveyed and analyzed 109 techniques for covert channels used to hide communication inside network protocols and found that eight out of 10 techniques had been used in the past few decades to dupe users into thinking that they were legitimate.
Building Covert Channels over the Packet Reordering Phenomenon
TLDR
This paper proposes using the packet reordering phenomenon as the media to carry a hidden channel and shows promising results show the potential of the proposed approach.
Towards Adaptive Covert Communication System
TLDR
This paper investigates the methods and an algorithm for implementing adaptive covert communication system that works on real-world Internet, capable of using multiple application-level protocols as its communication media and can be implemented as network application, therefore requires no system modifications of communicating nodes.
...
1
2
3
4
5
...