论文信息 - CCHEF: Covert Channels Evaluation Framework design and implementation

CCHEF: Covert Channels Evaluation Framework design and implementation

Communication is not necessarily made se- cure by the use of encryption alone. The mere existence of communication is often enough to raise suspicion and trigger investigative actions. Covert channels aim to hide the very existence of the communication. The huge amount of data and vast number of different protocols in the Internet makes it ideal as a high-bandwidth vehicle for covert communications. Covert channels are hidden inside pre-existing overt communication by encoding additional semantics onto 'normal' behaviours of the overt channels. We have developed CCHEF - a flexible and extensible software framework for evaluating covert channels in network protocols. The framework is able to establish covert channels across real networks using real overt traffic, but can also emulate covert channels based on overt traffic previously collected in trace files. In this paper we present the design and implementation of CCHEF. Index Terms—Covert Channels, Network Protocols

Sebastian Zander | Grenville Armitage

[1] Gustavus J. Simmons,et al. The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.

[2] Virgil D. Gligor,et al. A guide to understanding covert channel analysis of trusted systems , 1993 .

[3] Sebastian Zander. CCHEF – Covert Channels Evaluation Framework User Manual Version 0.1 , 2008 .

[4] Craig H. Rowland,et al. Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[5] Sebastian Zander,et al. An Empirical Evaluation of IP Time To Live Covert Channels , 2007, 2007 15th IEEE International Conference on Networks.

[6] Sebastian Zander,et al. A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[7] Gaurav Shah,et al. Keyboards and Covert Channels , 2006, USENIX Security Symposium.

[8] Mike Fisk,et al. Eliminating Steganography in Internet Traffic with Active Wardens , 2002, Information Hiding.

[9] Norka B. Lucena,et al. Syntax and Semantics-Preserving Application-Layer Protocol Steganography , 2004, Information Hiding.

[10] Maarten Van Horenbeeck,et al. Deception on the network: thinking differently about covert channels , 2006 .

[11] Butler W. Lampson,et al. A note on the confinement problem , 1973, CACM.

[12] Thomas M. Cover,et al. Elements of Information Theory , 2005 .

[13] I. S. Moskowitz,et al. Covert channels-here to stay? , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.