A Covert Channel Over Transport Layer Source Ports

Covert communication is a rapidly expanding field of research with significant impact on the security theater. These communication methods, or “covert channels”, can be applied in a number of ways, including as a mechanism for an attacker to leak data from a monitored system or network. This paper sets out to contribute to this field by introducing a new covert channel which operates over transport layer protocols. The mechanism is flexible, covert, and has the potential to operate at relatively high bandwidth. In addition, this paper proposes a number of encoding schemes which can be used in conjunction with this channel to improve its bandwidth and covertness.

[1]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[2]  Daryl Johnson,et al.  Behavior-Based Covert Channel in Cyberspace , 2009 .

[3]  Yvo Desmedt Covert Channels , 2011, Encyclopedia of Cryptography and Security.

[4]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[5]  Steven J. Murdoch,et al.  Embedding Covert Channels into TCP/IP , 2005, Information Hiding.