HIDE_DHCP: Covert Communications through Network Configuration Messages

Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in multilevel security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. We analyze a protocol extensively used today, the Dynamic Host Configuration Protocol (DHCP), in search of new forms of covert communication. From this analysis we observe several features that can be effectively exploited for subliminal data transmission. This results in the implementation of HIDE_DHCP, which integrates three covert channels that accommodate to different stealthiness and bandwidth requirements.

[1]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[2]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[3]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[4]  Manfred Wolf Covert Channels in LAN Protocols , 1989, LANSEC.

[5]  Thomas Beth,et al.  Proceedings on the Workshop for European Institute for System Security on Local Area Network Security , 1989 .

[6]  Judith N. Froscher,et al.  The Handbook for the Computer Security Certification of Trusted Systems , 1992 .

[7]  Virgil D. Gligor,et al.  A guide to understanding covert channel analysis of trusted systems , 1993 .

[8]  Theodore G. Handel,et al.  Hiding Data in the OSI Network Model , 1996, Information Hiding.

[9]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[10]  Rachel Greenstadt,et al.  Covert Messaging through TCP Timestamps , 2002, Privacy Enhancing Technologies.

[11]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[12]  Grzegorz Lewandowski,et al.  Covert Channels in IPv6 , 2005, Privacy Enhancing Technologies.

[13]  Laurie L. Hill,et al.  The Orange Book , 2005, Nature Reviews Drug Discovery.

[14]  Gaurav Shah,et al.  Keyboards and Covert Channels , 2006, USENIX Security Symposium.

[15]  Joachim Biskup,et al.  Computer Security - ESORICS 2007, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007, Proceedings , 2007, ESORICS.

[16]  Xiapu Luo,et al.  Cloak: A Ten-Fold Way for Reliable Covert Communications , 2007, ESORICS.

[17]  Carla E. Brodley,et al.  IP Covert Channel Detection , 2009, TSEC.

[18]  Pramod Pandya Local Area Network Security , 2009 .

[19]  Anthony Ephremides,et al.  Covert channels in ad-hoc wireless networks , 2010, Ad Hoc Networks.

[20]  Steven Gianvecchio,et al.  An Entropy-Based Approach to Detecting Covert Timing Channels , 2011, IEEE Transactions on Dependable and Secure Computing.