Network covert channels on the Android platform

Network covert channels are used to exfiltrate information from a secured environment in such a way that an observer cannot detect that communication is taking place at all. These secret channels have been identified as an important security threat to governments and the private sector, and several research efforts have focused on the design, detection, and prevention of such channels in enterprise-type environments. Mobile devices such as smartphones and tablets have become an ubiquitous computing platform, and are storing or have access to an increasingly large amount of sensitive information. As such, these devices have become prime targets of attackers with malicious intents. This paper discusses the implementation of network covert channels on the Android mobile platform, and shows that data can be leaked from these devices in a manner undetectable by the user, the phone’s security features, or network security between the mobile device and the outside network. Understanding the threat of covert channels to mobile devices will allow the development of proactive protection mechanisms.

[1]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[2]  Vincent H. Berk,et al.  Covert Channel Detection Using Process Query Systems , 2005 .

[3]  Sushil Jajodia,et al.  Model-Based Covert Timing Channels: Automated Modeling and Evasion , 2008, RAID.

[4]  C. Brodley,et al.  Network covert channels: design, analysis, detection, and elimination , 2006 .

[5]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[6]  Theodore G. Handel,et al.  Hiding Data in the OSI Network Model , 1996, Information Hiding.

[7]  Vincent H. Berk,et al.  Detection of Covert Channel Encoding in Network Packet Delays , 2005 .

[8]  Peng Ning,et al.  On the secrecy of timing-based active watermarking trace-back techniques , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[9]  Gustavus J. Simmons,et al.  The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.

[10]  Steven Gianvecchio,et al.  An Entropy-Based Approach to Detecting Covert Timing Channels , 2011, IEEE Transactions on Dependable and Secure Computing.

[11]  Wei-Ming Hu,et al.  Reducing timing channels with fuzzy time , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[13]  Gaurav Shah,et al.  Keyboards and Covert Channels , 2006, USENIX Security Symposium.

[14]  Saurabh Bagchi,et al.  TCP/IP Timing Channels: Theory to Implementation , 2009, IEEE INFOCOM 2009.

[15]  Carla E. Brodley,et al.  IP Covert Channel Detection , 2009, TSEC.

[16]  Xiapu Luo,et al.  TCP covert timing channels: Design and detection , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[17]  Ira S. Moskowitz,et al.  The Pump: a decade of covert fun , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).