Lampson was the first to introduce a covert channel as a channel that was not designed for inform... more Lampson was the first to introduce a covert channel as a channel that was not designed for information transmission. The problem of information leakage via network covert channels has a large scale due to the facts that IP protocol is widely used and has a lot of features to use it for hidden information transmission. Usually covert channels are divided into two groups by transmission technic: storage and timing covert channels. In the paper authors provide brief survey for network timing and storage covert channels as well as methods of information leakage counteraction. According to best practices, information systems and infrastructure have an information security policy with the requirements about allowable level of covert channel capacity. However, to take a decision about any method activation it is important not to allow underestimation of covert channel capacity. For the effective prevention of information leakage via network covert channels authors suggest a way to assess timing covert channel capacity. Two binary timing channels have been investigated: on/off and channel based on inter packet intervals modulation. In on/off covert channel the sender sends a packet during a preliminarily agreed time interval to transmit the bit «1» and does not send to transmit the bit «0». In a covert channel based on inter packet intervals modulation the sender sends packets with different time intervals defining different bits. The scientific novelty consists in taking into account network load conditions while assessing maximum amount of information that can be stealthily transmitted from secure infrastructure to an illegitimate receiver beyond secure perimeter. Authors investigated cases when packet transfer time from the sender to the receiver in the network (PTT) is defined by normal and exponential distribution – the most common distribution according to current research. Covert channel capacity is evaluated as a function of covert channel parameters and parameters of the PTT distribution (DPTT). Conducted research shows that in case when secure officer does not take into account typical load for the network and DPTT type maximum covert channel capacity will most likely be underestimated. If allowable level of covert channel capacity is set up, obtained results allow to take right decision about activation of countermeasures to prevent information leakage.
Covert channel is a communication channel that was not designed for information transmission. Cov... more Covert channel is a communication channel that was not designed for information transmission. Covert channels in IP networks can be implemented in a way that is difficult to detect. That is why the method of capacity limitation of a potential covert channel seems to be an effective counteraction that can be used when allowable level of covert channel capacity is set up. To effectively protect information from leakage, it is needed to estimate residual covert channel capacity when limitation method was implemented. Random delays before packet sending are considered as a tool of noise insertion into a covert channel. In this paper authors investigated the way to estimate covert channel capacity taking into account network load conditions and ways of random delay generation. The main topics of the research are cases when time intervals between packet sending and packet receiving in network comply with normal and exponential distributions.
Covert channels are used for information transmission in a manner that is not intended for commun... more Covert channels are used for information transmission in a manner that is not intended for communication and is difficult to detect. The authors have proposed and explored the way to counter the leakage of information via covert channels by introducing additional random delays before packets' sending. The main topic of the research is the case when the capacity of the covert channel without error does not exceed the permissible value. In addition, practical recommendations to choose the counteraction parameter values are given.
Covert channels are used for information transmission in a manner that is not intended for commun... more Covert channels are used for information transmission in a manner that is not intended for communication and is difficult to detect. The authors have proposed and investigated the way to counter the leakage of information via IP timing covert channels by introducing additional random delays before packets' sending. The main topic of the research is the case when the capacity of the covert channel does not exceed the permissible value. In addition, practical recommendations to choose the counteraction parameter values are given.
2016 European Intelligence and Security Informatics Conference (EISIC)
Covert channels are used for information transmission in a manner that is not intended for commun... more Covert channels are used for information transmission in a manner that is not intended for communication and is difficult to detect. The authors have proposed and investigated the way to counter the leakage of information via IP timing covert channels by introducing additional random delays before packets' sending. The main topic of the research is the case when the capacity of the covert channel does not exceed the permissible value. In addition, practical recommendations to choose the counteraction parameter values are given.
Keywords: Covert channels in IP networks are investigated. The possibilities adversary needs to c... more Keywords: Covert channels in IP networks are investigated. The possibilities adversary needs to construct covert channels are given. Current methods of covert channels elimination, detection and capacity limitation are examined. Detection methods are compared using such criteria: alpha and beta errors, an ability of implementation.
2021 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus), 2021
Covert channel is a communication channel that was not designed for information transmission. Cov... more Covert channel is a communication channel that was not designed for information transmission. Covert channels in IP networks can be implemented in a way that is difficult to detect. That is why the method of capacity limitation of a potential covert channel seems to be an effective counteraction that can be used when allowable level of covert channel capacity is set up. To effectively protect information from leakage, it is needed to estimate residual covert channel capacity when limitation method was implemented. Random delays before packet sending are considered as a tool of noise insertion into a covert channel. In this paper authors investigated the way to estimate covert channel capacity taking into account network load conditions and ways of random delay generation. The main topics of the research are cases when time intervals between packet sending and packet receiving in network comply with normal and exponential distributions.
2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), 2018
Covert channels are used to hidden transmit information and violate the security policy. What is ... more Covert channels are used to hidden transmit information and violate the security policy. What is more it is possible to construct covert channel in such manner that protection system is not able to detect it. IP timing covert channels are objects for research in the article. The focus of the paper is the research of how one can counteract an information leakage by dummy traffic generation. The covert channel capacity formula has been obtained in case of counteraction. In conclusion, the examples of counteraction tool parameter calculation are given.
Lampson was the first to introduce a covert channel as a channel that was not designed for inform... more Lampson was the first to introduce a covert channel as a channel that was not designed for information transmission. The problem of information leakage via network covert channels has a large scale due to the facts that IP protocol is widely used and has a lot of features to use it for hidden information transmission. Usually covert channels are divided into two groups by transmission technic: storage and timing covert channels. In the paper authors provide brief survey for network timing and storage covert channels as well as methods of information leakage counteraction. According to best practices, information systems and infrastructure have an information security policy with the requirements about allowable level of covert channel capacity. However, to take a decision about any method activation it is important not to allow underestimation of covert channel capacity. For the effective prevention of information leakage via network covert channels authors suggest a way to assess t...
Covert channels are used for information transmission in a manner that is not intended for commun... more Covert channels are used for information transmission in a manner that is not intended for communication and is difficult to detect. The authors have proposed and explored the way to counter the leakage of information via covert channels by introducing additional random delays before packets' sending. The main topic of the research is the case when the capacity of the covert channel without error does not exceed the permissible value. In addition, practical recommendations to choose the counteraction parameter values are given.
Lampson was the first to introduce a covert channel as a channel that was not designed for inform... more Lampson was the first to introduce a covert channel as a channel that was not designed for information transmission. The problem of information leakage via network covert channels has a large scale due to the facts that IP protocol is widely used and has a lot of features to use it for hidden information transmission. Usually covert channels are divided into two groups by transmission technic: storage and timing covert channels. In the paper authors provide brief survey for network timing and storage covert channels as well as methods of information leakage counteraction. According to best practices, information systems and infrastructure have an information security policy with the requirements about allowable level of covert channel capacity. However, to take a decision about any method activation it is important not to allow underestimation of covert channel capacity. For the effective prevention of information leakage via network covert channels authors suggest a way to assess timing covert channel capacity. Two binary timing channels have been investigated: on/off and channel based on inter packet intervals modulation. In on/off covert channel the sender sends a packet during a preliminarily agreed time interval to transmit the bit «1» and does not send to transmit the bit «0». In a covert channel based on inter packet intervals modulation the sender sends packets with different time intervals defining different bits. The scientific novelty consists in taking into account network load conditions while assessing maximum amount of information that can be stealthily transmitted from secure infrastructure to an illegitimate receiver beyond secure perimeter. Authors investigated cases when packet transfer time from the sender to the receiver in the network (PTT) is defined by normal and exponential distribution – the most common distribution according to current research. Covert channel capacity is evaluated as a function of covert channel parameters and parameters of the PTT distribution (DPTT). Conducted research shows that in case when secure officer does not take into account typical load for the network and DPTT type maximum covert channel capacity will most likely be underestimated. If allowable level of covert channel capacity is set up, obtained results allow to take right decision about activation of countermeasures to prevent information leakage.
Covert channel is a communication channel that was not designed for information transmission. Cov... more Covert channel is a communication channel that was not designed for information transmission. Covert channels in IP networks can be implemented in a way that is difficult to detect. That is why the method of capacity limitation of a potential covert channel seems to be an effective counteraction that can be used when allowable level of covert channel capacity is set up. To effectively protect information from leakage, it is needed to estimate residual covert channel capacity when limitation method was implemented. Random delays before packet sending are considered as a tool of noise insertion into a covert channel. In this paper authors investigated the way to estimate covert channel capacity taking into account network load conditions and ways of random delay generation. The main topics of the research are cases when time intervals between packet sending and packet receiving in network comply with normal and exponential distributions.
Covert channels are used for information transmission in a manner that is not intended for commun... more Covert channels are used for information transmission in a manner that is not intended for communication and is difficult to detect. The authors have proposed and explored the way to counter the leakage of information via covert channels by introducing additional random delays before packets' sending. The main topic of the research is the case when the capacity of the covert channel without error does not exceed the permissible value. In addition, practical recommendations to choose the counteraction parameter values are given.
Covert channels are used for information transmission in a manner that is not intended for commun... more Covert channels are used for information transmission in a manner that is not intended for communication and is difficult to detect. The authors have proposed and investigated the way to counter the leakage of information via IP timing covert channels by introducing additional random delays before packets' sending. The main topic of the research is the case when the capacity of the covert channel does not exceed the permissible value. In addition, practical recommendations to choose the counteraction parameter values are given.
2016 European Intelligence and Security Informatics Conference (EISIC)
Covert channels are used for information transmission in a manner that is not intended for commun... more Covert channels are used for information transmission in a manner that is not intended for communication and is difficult to detect. The authors have proposed and investigated the way to counter the leakage of information via IP timing covert channels by introducing additional random delays before packets' sending. The main topic of the research is the case when the capacity of the covert channel does not exceed the permissible value. In addition, practical recommendations to choose the counteraction parameter values are given.
Keywords: Covert channels in IP networks are investigated. The possibilities adversary needs to c... more Keywords: Covert channels in IP networks are investigated. The possibilities adversary needs to construct covert channels are given. Current methods of covert channels elimination, detection and capacity limitation are examined. Detection methods are compared using such criteria: alpha and beta errors, an ability of implementation.
2021 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus), 2021
Covert channel is a communication channel that was not designed for information transmission. Cov... more Covert channel is a communication channel that was not designed for information transmission. Covert channels in IP networks can be implemented in a way that is difficult to detect. That is why the method of capacity limitation of a potential covert channel seems to be an effective counteraction that can be used when allowable level of covert channel capacity is set up. To effectively protect information from leakage, it is needed to estimate residual covert channel capacity when limitation method was implemented. Random delays before packet sending are considered as a tool of noise insertion into a covert channel. In this paper authors investigated the way to estimate covert channel capacity taking into account network load conditions and ways of random delay generation. The main topics of the research are cases when time intervals between packet sending and packet receiving in network comply with normal and exponential distributions.
2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), 2018
Covert channels are used to hidden transmit information and violate the security policy. What is ... more Covert channels are used to hidden transmit information and violate the security policy. What is more it is possible to construct covert channel in such manner that protection system is not able to detect it. IP timing covert channels are objects for research in the article. The focus of the paper is the research of how one can counteract an information leakage by dummy traffic generation. The covert channel capacity formula has been obtained in case of counteraction. In conclusion, the examples of counteraction tool parameter calculation are given.
Lampson was the first to introduce a covert channel as a channel that was not designed for inform... more Lampson was the first to introduce a covert channel as a channel that was not designed for information transmission. The problem of information leakage via network covert channels has a large scale due to the facts that IP protocol is widely used and has a lot of features to use it for hidden information transmission. Usually covert channels are divided into two groups by transmission technic: storage and timing covert channels. In the paper authors provide brief survey for network timing and storage covert channels as well as methods of information leakage counteraction. According to best practices, information systems and infrastructure have an information security policy with the requirements about allowable level of covert channel capacity. However, to take a decision about any method activation it is important not to allow underestimation of covert channel capacity. For the effective prevention of information leakage via network covert channels authors suggest a way to assess t...
Covert channels are used for information transmission in a manner that is not intended for commun... more Covert channels are used for information transmission in a manner that is not intended for communication and is difficult to detect. The authors have proposed and explored the way to counter the leakage of information via covert channels by introducing additional random delays before packets' sending. The main topic of the research is the case when the capacity of the covert channel without error does not exceed the permissible value. In addition, practical recommendations to choose the counteraction parameter values are given.
Uploads
Papers by Anna Belozubova