Design and performance evaluation of reversible network covert channels

Covert channels nested within network traffic are important tools for allowing malware to act unnoticed or to stealthily exchange and exfiltrate information. Thus, understanding how to detect or mitigate their utilization is of paramount importance, especially to counteract the rise of increasingly sophisticated threats. In this perspective, the literature proposed various approaches, including distributed wardens, which can be used to collect traffic in different portions of the network and compare the samples to check for discrepancies revealing hidden communications. However, the use of some form of reversibility, i.e., being able to restore the exploited network carrier to its original form before the injection, can challenge such a detection scheme. Therefore, in this work we introduce and evaluate the performances of different techniques used to endow network covert channels with reversibility. Results indicate the feasibility of achieving reversibility but the used protocol plays a major role.

[1]  Wojciech Mazurczyk,et al.  Countering adaptive network covert communication with dynamic wardens , 2019, Future Gener. Comput. Syst..

[2]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[3]  Steffen Wendzel,et al.  Towards Reversible Storage Network Covert Channels , 2019, ARES.

[4]  Sebastian Zander,et al.  Pattern-Based Survey and Categorization of Network Covert Channel Techniques , 2014, ACM Comput. Surv..

[5]  Sebastian Zander,et al.  Information Hiding in Communication Networks: Fundamentals, Mechanisms, Applications, and Countermeasures , 2016 .

[6]  Wojciech Mazurczyk,et al.  The Future of Digital Forensics: Challenges and the Road Ahead , 2017, IEEE Security & Privacy.

[7]  Wojciech Mazurczyk,et al.  Covert Channels in Personal Cloud Storage Services: The Case of Dropbox , 2017, IEEE Transactions on Industrial Informatics.

[8]  Sebastian Zander,et al.  The New Threats of Information Hiding: The Road Ahead , 2018, IT Professional.

[9]  Wojciech Mazurczyk,et al.  Information Hiding as a Challenge for Malware Detection , 2015, IEEE Security & Privacy.

[10]  Wojciech Mazurczyk,et al.  Exploiting IP telephony with silence suppression for hidden data transfers , 2018, Comput. Secur..

[11]  Wojciech Mazurczyk,et al.  VoIP network covert channels to enhance privacy and information sharing , 2020, Future Gener. Comput. Syst..

[12]  Wojciech Mazurczyk,et al.  Steganography in Modern Smartphones and Mitigation Techniques , 2014, IEEE Communications Surveys & Tutorials.

[13]  Wojciech Mazurczyk,et al.  Using transcoding for hidden communication in IP telephony , 2011, Multimedia Tools and Applications.

[14]  Luca Caviglione Can satellites face trends? The case of Web 2.0 , 2009, 2009 International Workshop on Satellite and Space Communications.