Covert Channel Analysis and Data Hiding in TCP/IP

Covert Channel Analysis and Data Hiding in TCP/IP Kamran Ahsan Masters of Applied Science Edward S. Rogers Sr. Graduate Department of Electrical and Computer Engineering University of Toronto 2002 This thesis investigates the existence of covert channels in computer networks by analyzing the transport and the Internet layers of the TCP/IP protocol suite. Two approaches for data hiding are identified: packet header manipulation and packet sorting. Each scenario facilitates the interaction of steganographic principles with the existing network security environment. Specifically, we show how associating additional information with IPv4 headers can ease up security mechanisms in network nodes like routers, firewalls and for services such as authentication, audit, and billing. Furthermore, use of packet sorting with the IP Sec framework results in an enhanced network security architecture. The packet sorting approach is simulated at the network layer which provides a feasibility of packet sorting under varying network conditions. While bridging the areas of data hiding, network protocols and network security, both techniques have potential for practical data hiding at the transport and network layers.

[1]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[2]  Giovanni Vigna,et al.  A Topological Characterization of TCP/IP Security , 2003, FME.

[3]  Manfred Wolf Covert Channels in LAN Protocols , 1989, LANSEC.

[4]  Ralf Steinmetz,et al.  Associating network flows with user and application information , 2000, MULTIMEDIA '00.

[5]  O. Roeva,et al.  Information Hiding: Techniques for Steganography and Digital Watermarking , 2000 .

[6]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[7]  Marvin Schaefer,et al.  Program confinement in KVM/370 , 1977, ACM '77.

[8]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[9]  Marco de Vivo,et al.  Internet vulnerabilities related to TCP/IP and T/TCP , 1999, CCRV.

[10]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[11]  Elizabeth D. Zwicky,et al.  Building internet firewalls , 1995 .

[12]  Jeffrey C. Mogul,et al.  Observing TCP dynamics in real networks , 1992, SIGCOMM '92.

[13]  Vern Paxson,et al.  End-to-end Internet packet dynamics , 1997, SIGCOMM '97.

[14]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[15]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[16]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[17]  Richard A. Kemmerer,et al.  Shared resource matrix methodology: an approach to identifying storage and timing channels , 1983, TOCS.

[18]  Douglas E. Comer,et al.  Internetworking with TCP/IP - Principles, Protocols, and Architectures, Fourth Edition , 1988 .

[19]  Naganand Doraswamy,et al.  Ipsec: the new security standard for the internet , 1999 .

[20]  Pyda Srisuresh,et al.  Security Model with Tunnel-mode IPsec for NAT Domains , 1999, RFC.

[21]  Theodore G. Handel,et al.  Hiding Data in the OSI Network Model , 1996, Information Hiding.

[22]  Ioannis Pitas,et al.  Chaotic Mixing of Digital Images and Applications to Watermarking , 1996 .

[23]  Judith N. Froscher,et al.  The Handbook for the Computer Security Certification of Trusted Systems , 1992 .

[24]  Gustavus J. Simmons,et al.  The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.

[25]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[26]  Steven B. Lipner,et al.  A comment on the confinement problem , 1975, SOSP.

[27]  Jon Postel,et al.  Internet Control Message Protocol , 1981, RFC.

[28]  J. P. Ed,et al.  Transmission control protocol- darpa internet program protocol specification , 1981 .

[29]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.