A Technique to Limit Packet Length Covert Channels

Anna Epishkina, Konstantin Kogos

2015

Abstract

We designed the technique to estimate and limit the capacity of the covert channel based on traffic padding and random increase of packets lengths. It was applied to two types of packet size covert channels namely binary and multi-symbol channels. The method to choose the parameter of counteraction tool is given, it takes into account an allowable value of covert channel capacity and error level. The investigation carried out is significant because such type of covert channels could be constructed even if traffic encryption is used. The novelty of the investigation undertaken is that the covert channel capacity is limited preliminary, whereas state of the art methods focus on detecting active IP covert channels.

References

  1. Ahsan, K., Kundur, D., 2002. Practical data hiding in TCP/IP. In Proc. of the 2002 ACM Multimedia and security workshop.
  2. Berk, V., Giani, A., Cybenko, G., 2005. Detection of covert channel encoding in network packet delays: Technical report TR2005-536. New Hampshire: Thayer school of engineering of Dartmouth College.
  3. Bovy, C.J., Mertodimedjo, H.T., Hooghiemstra, G., Uijterwaal, H., Mieghem, Van P., 2002. Analysis of end-to-end delay measurements in Internet. In Proc. of ACM Conference Passive and Active Measurements.
  4. Cabuk, S., Brodley, C.E., Shields, C. 2004. IP covert timing channels: design and detection. In Proc. of the 11th ACM conference on computer and communications security, pp. 178-187.
  5. Department of defence trusted computer system evaluation criteria, 1985. Department of defence standard.
  6. Edekar, S., Goudar, R., 2013. Capacity boost with data security in network protocol covert channel. In Computer engineering and intelligent systems, Vol. 4, No. 5, pp. 55-59.
  7. Fisk, G., Fisk, M., Papadopoulos, C., Neil, J., 2002. Eliminating steganography in Internet traffic with active wardens. In Proc. of the fifth International workshop on information hiding, pp. 18-35.
  8. Girling, C.G., 1987. Covert channels in LAN's. In IEEE Transactions on software engineering, Vol. 13, No. 2, pp. 292-296.
  9. Grusho, A.A., 1999. On the existence of hidden channels. In Discrete mathematics and applications, Vol. 11, No. 1, pp. 24-28.
  10. Handel, T., Sandford, M., 1996. Hiding data in the OSI network model. In: Proc. of the first International workshop on information hiding, pp. 23-38.
  11. Hussain, Mehdi, Hussain, M., 2011. A high bandwidth covert channel in network protocol. In Proc. of the 2011 International conference on information and communication technologies, pp. 1-6.
  12. Ji, L., Liang, H., Song, Y., Niu, X., 2009a. A normal-traffic network covert channel. In Proc. of the 2009 International conference on computational intelligence and security, pp. 499-503.
  13. Ji, L., Jiang, W., Dai, B., Niu, X., 2009b. A novel covert channel based on length of messages. In Proc. of the 2009 Symposium on information engineering and electronic commerce, pp. 551-554.
  14. Kiraly, C., Teofili, S., Bianchi, G., Cigno, R. Lo, Nardelli, M., Delzeri, E., 2008. Traffic flow confidentiality in IPsec: protocol and implementation. In The International federation for information processing, Vol. 262, pp. 311-324.
  15. Kundur, D., Ahsan, K., 2003. Practical Internet steganography: data hiding in IP. In Proc. of the 2003 Texas workshop on security of information systems.
  16. Lampson, B.W., 1973. A Note on the Confinement Problem. In Communications of the ACM, pp. 613-615.
  17. Millen, J.K., 1987. Covert channel capacity In Proc. of the IEEE Symposium on Security and Privacy, pp. 60-66.
  18. Padlipsky, M.A., Snow, D.W., Karger, P.A., 1978. Limitations of end-to-end encryption in secure computer networks: Technical report ESD-TR-78-158. Massachusetts: The MITRE Corporation.
  19. Sellke, S.H., Wang, C.-C., Bagchi S., Shroff N.B., 2009. Covert TCP/IP timing channels: theory to implementation. In Proc. of the 28th Conference on computer communications, pp. 2204-2212.
  20. Shah, G., Molina, A., Blaze, M., 2009. Keyboards and covert channels. In Proc. of the 15th USENIX Security symposium, pp. 59-75.
  21. Venkatraman, B.R., Newman-Wolfe, R.E., 1995. Capacity estimation and auditability of network covert channels. In Proc. of the IEEE Symposium on Security and Privacy, pp. 186-198.
  22. Yao, Q., Zhang, P., 2008. Coverting channel based on packet length. In Computer engineering, Vol. 34, No. 3, pp. 183-185.
  23. Yao, L., Zi, X., Pan, L., Li, J., 2009. A study of on/off timing channel based on packet delay distribution. In Computers and security, Vol. 28, No. 8, pp. 785-794.
  24. Zander, S., Armitage, G., Branch, P., 2006. Covert channels in the IP time to live field. In Proc. of the 2006 Australian telecommunication networks and applications conference, pp. 298-302
  25. Zander, S., Armitage, G., Branch, P,. 2007. A survey of covert channels and countermeasures in computer network protocols. In IEEE Communications surveys and tutorials, Vol. 9, No. 3, pp. 44-57.
Download


Paper Citation


in Harvard Style

Epishkina A. and Kogos K. (2015). A Technique to Limit Packet Length Covert Channels . In Proceedings of the 7th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management - Volume 3: KMIS, (IC3K 2015) ISBN 978-989-758-158-8, pages 144-151. DOI: 10.5220/0005587501440151


in Bibtex Style

@conference{kmis15,
author={Anna Epishkina and Konstantin Kogos},
title={A Technique to Limit Packet Length Covert Channels},
booktitle={Proceedings of the 7th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management - Volume 3: KMIS, (IC3K 2015)},
year={2015},
pages={144-151},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005587501440151},
isbn={978-989-758-158-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 7th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management - Volume 3: KMIS, (IC3K 2015)
TI - A Technique to Limit Packet Length Covert Channels
SN - 978-989-758-158-8
AU - Epishkina A.
AU - Kogos K.
PY - 2015
SP - 144
EP - 151
DO - 10.5220/0005587501440151