article

Covert channel-internal control protocols: attacks and defense

Authors:

Steffen Wendzel,

Michael MeierAuthors Info & Claims

Security and Communication Networks, Volume 9, Issue 15

Pages 2986 - 2997

https://doi.org/10.1002/sec.1471

Published: 01 October 2016 Publication History

Abstract

Network covert channels have become a sophisticated means for transferring hidden information over the network. Covert channel-internal control protocols, also called micro protocols, have been introduced in the recent years to enhance capabilities of the network covert channels. Micro protocols are usually placed within the hidden bits of a covert channel's payload and enable features such as reliable data transfer, session management, and dynamic routing for network covert channels. These features provide adaptive and stealthy covert communication channels. Some of the micro protocol based tools exhibit vulnerabilities and are susceptible to attacks. In this paper, we demonstrate some possible attacks on micro protocols, which are capable of breaking the sophisticated covert channel communication or jeopardizing the identity of peers in such a network. These attacks are based on the attacker's interaction with the micro protocol. We also present the defense techniques to safeguard micro protocols against such attacks. By using these techniques, micro protocol-based tools can become immune to certain attacks and lead to robust covert communication. We present our results for two micro protocol-based tools: Ping Tunnel and smart covert channel tool. Copyright © 2016 John Wiley & Sons, Ltd.

References

[1]

Lampson BW. A note on the confinement problem. Communications of the ACM. 1973; Volume 16 Issue 10: pp.613-615.

Digital Library

[2]

Zander S, Armitage G, Branch P. Covert channels and countermeasures in computer network protocols. IEEE Communications Magazine. 2007; Volume 45 Issue 12: pp.136-142.

Digital Library

[3]

Zielnska E, Mazurczyk W, Szczypiorski K. Trends in Steganography. Communications of the ACM. 2014; Volume 57 Issue 3: pp.86-95.

Digital Library

[4]

Halopeau B. Terrorist use of the Internet. In Cyber Crime and Cyber Terrorism Investigator's Handbook, Akhgar B, Staniforth A, Bosco F ¿eds. Syngress: Waltham, MA, USA, 2014; pp.123-132.

[5]

Department of Defense. Trusted computer system evaluation criteria TCSEC, Aug 1985.

[6]

Wendzel S, Keller J. Low-attention forwarding for mobile network covert channels. In Proc. 12th Int. Conference on Communications and Multimedia Security CMS 2011, ser. LNCS, vol.¿7025. Springer: Berlin, Heidelberg, 2011; pp.122-133.

Digital Library

[7]

Wendzel S, Keller J. Hidden and under control - a survey and outlook on covert channel-internal control protocols. Annals of Telecommunications. 2014; Volume 69 Issue 7: pp.417-430.

[8]

Stødle D. Ping tunnel - for those times when everything else is blocked, 2009. Available from: http://www.cs.uit.no/ daniels/PingTunnel/ {Accessed on October 20, 2015}.

[9]

Mazurczyk W, Kotulski Z. New security and control protocol for VoIP based on steganography and digital watermarking. In Annales UMCS, Informatica, AI 5, 2006; pp.417-426.

[10]

Wendzel S, Keller J. Systematic engineering of control protocols for covert channels. In Proc. 13th Int. Conference on Communications and Multimedia Security CMS 2012, ser. LNCS, vol.¿7394. Springer: Berlin, Heidelberg, 2012; pp.131-144.

Digital Library

[11]

Backs P, Wendzel S, Keller J. Dynamic routing in covert channel overlays based on control protocols. In Proc. International Workshop on Information Security, Theory and Practice ISTP-2012. IEEE: Los Alamitos, CA, USA, 2012; pp.32-39.

[12]

Handel M, Paxson V, Kreibich C. Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics. In Proc. 10th USENIX Security Symposium: Berkeley, CA, USA, 2001; pp.115-131.

Digital Library

[13]

Tcpdump website. 2014. Available from: http://www.tcpdump.org/, {last access: Oct-20-2015}.

[14]

Graphviz website, 2014. Available from: http://www.graphviz.org/, {last access: Oct-20-2015.}

[15]

Iptables website, 2014. Available from: http://www.netfilter.org/projects/iptables/, {last access: Oct-20-2015}.

[16]

Nfqueue webpage. 2008. Available from: http://www.iptables.info/en/iptables-targets-and-jumps.html, {last access: Oct-20-2015}.

[17]

Sohn T, Moon J, Lee S, Lee D, Lim J. Covert channel detection in the ICMP payload using support vector machine. In Computer and Information Sciences - ISCIS 2003, ser. LNCS, vol.¿2869. Springer: Berlin Heidelberg, 2003; pp.828-835.

[18]

Fraczek W, Mazurczyk W, Szczypiorski K. Multilevel steganography: improving hidden communication in networks. Journal of Universal Computer Science. 2012; Volume 18 Issue 14: pp.1967-1986.

Cited By

Nowakowski PŻórawski PCabaj KMazurczyk W(2021)Study of the Error Detection and Correction Scheme for Distributed Network Covert ChannelsProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3470087(1-8)Online publication date: 17-Aug-2021
https://dl.acm.org/doi/10.1145/3465481.3470087
Heinz CMazurczyk WCaviglione L(2020)Covert Channels in Transport Layer SecurityProceedings of the 2020 European Interdisciplinary Cybersecurity Conference10.1145/3424954.3424962(1-6)Online publication date: 18-Nov-2020
https://dl.acm.org/doi/10.1145/3424954.3424962

Covert channel-internal control protocols: attacks and defense
1. Computer systems organization
2. Networks

Recommendations

Countermeasures for Covert Channel-Internal Control Protocols
ARES '15: Proceedings of the 2015 10th International Conference on Availability, Reliability and Security

Network covert channels have become a sophisticated means for transferring hidden information over the network, and thereby breaking the security policy of a system. Covert channel-internal control protocols, called micro protocols, have been introduced ...
One Countermeasure, Multiple Patterns: Countermeasure Variation for Covert Channels
CECC 2018: Proceedings of the Central European Cybersecurity Conference 2018

Network covert channels enable stealthy communications for malware and data exfiltration. For this reason, the development of effective countermeasures for covert channels is important for the protection of individuals and organizations. However, due to ...
Out-of-Band Covert Channels—A Survey

A novel class of covert channel, out-of-band covert channels, is presented by extending Simmons’ prisoners’ problem. This new class of covert channel is established by surveying the existing covert channel, device-pairing, and side-channel research. ...

Comments

Information & Contributors

Information

Published In

cover image Security and Communication Networks

Security and Communication Networks Volume 9, Issue 15

October 2016

468 pages

ISSN:1939-0114

EISSN:1939-0122

Issue’s Table of Contents

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 01 October 2016

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Nowakowski PŻórawski PCabaj KMazurczyk W(2021)Study of the Error Detection and Correction Scheme for Distributed Network Covert ChannelsProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3470087(1-8)Online publication date: 17-Aug-2021
https://dl.acm.org/doi/10.1145/3465481.3470087
Heinz CMazurczyk WCaviglione L(2020)Covert Channels in Transport Layer SecurityProceedings of the 2020 European Interdisciplinary Cybersecurity Conference10.1145/3424954.3424962(1-6)Online publication date: 18-Nov-2020
https://dl.acm.org/doi/10.1145/3424954.3424962

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents