Covert Channel in the BitTorrent Tracker Protocol

Covert channels have the unique quality of masking evidence that a communication has ever occurred between two parties. For spies and terrorist cells, this quality can be the difference between life and death. However, even the detection of communications in a botnet could be troublesome for its creators. To evade detection and prevent insights into the size and members of a botnet, covert channels can be used. A botnet should rely on covert channels built on ubiquitous protocols to blend in with legitimate traffic. In this paper, we propose a covert channel built on the BitTorrent peer-to-peer protocol. In a simple application, this covert channel can be used to discretely and covertly send messages between two parties. However, this covert channel can also be used to stealthily distribute commands or the location of a command and control server for use in a botnet.

[1]  Ping Wang,et al.  An Advanced Hybrid Peer-to-Peer Botnet , 2007, IEEE Transactions on Dependable and Secure Computing.

[2]  Xingming Sun,et al.  A Steganography Scheme in P2P Network , 2008, 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[3]  Patrick Butler,et al.  Quantitatively Analyzing Stealthy Communication Channels , 2011, ACNS.

[4]  Christopher Krügel,et al.  Overbot: a botnet protocol based on Kademlia , 2008, SecureComm.

[5]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[6]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[7]  Bo Yuan,et al.  Covert channels in the HTTP network protocol: Channel characterization and detecting man-in-the-middle attacks , 2010 .

[8]  Daryl Johnson,et al.  Behavior-Based Covert Channel in Cyberspace , 2009 .

[9]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.