Effective detection mechanism for TCP based hybrid covert channels in secure communication

Covert channels are malicious conversation in a legitimate secured network communication that violates the security policies laid down. Covert channels are hidden, intended design in the legitimate communication whose motto is to leak information. Trapdoors are unintended design with a communication system that exists in network covert channels as a part of rudimentary protocols. Subliminal channel, a variant of covert channel works similarly as network covert channel except that trapdoor is set in cryptographic algorithm. Feel of covertness can better be understood by classical problem-“The Prisoner's Problem” illustrated by G. Simmons and further exploration of attacks based on it can be understood by Dr. Adam Young's book on Malicious Cryptography. In this paper, Hybrid Covert Channel is visualized as composition of covert channel in TCP and subliminal channel in SSL. Hybrid Covert Channel is the co-existence of homogeneous or heterogeneous network covert channel variants either at same instant or at regular instant of time. Hybrid covert channels are a major threat for security which is clearly unacceptable in presence of secure network communication. The paper deals with detection of intra LAN covert activities and developing a detection engine that can detect or analyze the hybrid covert channel on Transport layer with a clear understanding of theoretical literatures of composed covert channels.