Covert channels have been topic of discussion within both academic and non-academic communities for more than two decades now. Traditionally, research on this topic focussed on storage and timing channels within singular systems. As more systems became interconnected in the last decade, the scope expanded to network-based covert channels. Numerous designs and implementations of such covert channels have been suggested, altogether leaving the world with valuable pieces of knowledge scattered around the Internet. By aggregating the essentials and representing them in a structured format, we attempt to provide clarity on the current state of research. In addition, a (non-exhaustive) overview of contemporary trends in network-based covert channels is given, explaining common channels within IP, TCP, ICMP, HTTP and DNS. Lastly, several implementations were evaluated to gain insight in their eciency and performance, and the influences to which they’re prone. We conclude that they pose a security issue that needs proper attention when defining and enforcing security policies, and expect more sophisticated covert channels to appear in the future.
[1]
Butler W. Lampson,et al.
A note on the confinement problem
,
1973,
CACM.
[2]
Carla E. Brodley,et al.
IP covert timing channels: design and detection
,
2004,
CCS '04.
[3]
Rachel Greenstadt,et al.
Covert Messaging through TCP Timestamps
,
2002,
Privacy Enhancing Technologies.
[4]
Jonathan K. Millen.
20 years of covert channel modeling and analysis
,
1999,
Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).
[5]
Ruby B. Lee,et al.
New Constructive Approach to Covert Channel Modeling and Channel Capacity Estimation
,
2005,
ISC.
[6]
Steven J. Murdoch,et al.
Embedding Covert Channels into TCP/IP
,
2005,
Information Hiding.