Sneak-Peek: High speed covert channels in data center networks

With the advent of big data, modern businesses face an increasing need to store and process large volumes of sensitive customer information on the cloud. In these environments, resources are shared across a multitude of mutually untrusting tenants increasing propensity for data leakage. This problem stands to grow further in severity with increasing use of clouds in all aspects of our daily lives and the recent spate of high-profile data exfiltration attacks are evidence. To highlight this serious issue, we present a novel and highspeed network-based covert channel that is robust and circumvents a broad set of security mechanisms currently deployed by cloud vendors. We successfully test our channel on numerous network environments, including commercial clouds such as EC2 and Azure. Using an information theoretic model of the channel, we derive an upper bound on the maximum information rate and propose an optimal coding scheme. Our adaptive decoding algorithm caters to the cross traffic in the channel and maintains high bit rates and extremely low error rates. Finally, we discuss several effective avenues for mitigation of the aforementioned channel and provide insights into how data exfiltration can be prevented in such shared environments.

[1]  C. Brodley,et al.  Network covert channels: design, analysis, detection, and elimination , 2006 .

[2]  Vijay Varadharajan,et al.  The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs , 2012, IEEE Transactions on Information Forensics and Security.

[3]  Uthpala Premarathne,et al.  Network traffic self similarity measurements using classifier based Hurst parameter estimation , 2010, 2010 Fifth International Conference on Information and Automation for Sustainability.

[4]  George Varghese,et al.  Efficient fair queueing using deficit round robin , 1995, SIGCOMM '95.

[5]  Jennifer Rexford,et al.  Live migration of an entire network (and its hosts) , 2012, HotNets-XI.

[6]  Yongji Wang,et al.  C2Detector: a covert channel detection framework in cloud computing , 2014, Secur. Commun. Networks.

[7]  I. S. Moskowitz,et al.  Covert channels-here to stay? , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.

[8]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[9]  Jean-Pierre Seifert,et al.  Hardware-software integrated approaches to defend against software cache-based side channel attacks , 2009, 2009 IEEE 15th International Symposium on High Performance Computer Architecture.

[10]  Brian Beach Virtual Private Cloud , 2014 .

[11]  Paul England,et al.  Resource management for isolation enhanced cloud services , 2009, CCSW '09.

[12]  QUTdN QeO,et al.  Random early detection gateways for congestion avoidance , 1993, TNET.

[13]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[14]  Saurabh Bagchi,et al.  TCP/IP Timing Channels: Theory to Implementation , 2009, IEEE INFOCOM 2009.

[15]  Mostafa H. Ammar,et al.  Spectral probing, crosstalk and frequency multiplexing in internet paths , 2008, IMC '08.

[16]  David A. Maltz,et al.  Network traffic characteristics of data centers in the wild , 2010, IMC '10.

[17]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[18]  Chita R. Das,et al.  Characterizing Network Traffic in a Cluster-based, Multi-tier Data Center , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[19]  Kevin R. B. Butler,et al.  On detecting co-resident cloud instances using network flow watermarking techniques , 2014, International Journal of Information Security.

[20]  Hai Huang,et al.  A covert channel construction in a virtualized environment , 2012, CCS '12.

[21]  Kevin R. B. Butler,et al.  Detecting co-residency with active traffic analysis techniques , 2012, CCSW '12.

[22]  Ruby B. Lee,et al.  Covert and Side Channels Due to Processor Architecture , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[23]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[24]  Stefan Katzenbeisser,et al.  Hide and Seek in Time - Robust Covert Timing Channels , 2009, ESORICS.

[25]  Steven G. Krantz,et al.  Handbook of Complex Variables , 1999 .

[26]  Srdjan Capkun,et al.  Proceedings of the 2012 ACM Workshop on Cloud computing security workshop , 2012, CCS 2012.

[27]  Walter Willinger,et al.  On the self-similar nature of Ethernet traffic , 1993, SIGCOMM '93.

[28]  John Nagle,et al.  On Packet Switches with Infinite Storage , 1985, IEEE Trans. Commun..

[29]  Zhenyu Wu,et al.  Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud , 2012, USENIX Security Symposium.

[30]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[31]  Sae-Young Chung,et al.  On the design of low-density parity-check codes within 0.0045 dB of the Shannon limit , 2001, IEEE Communications Letters.

[32]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.