Covert Channel Using Man-in-the-Middle over HTTPS

The goal of this covert channel is to prove the feasibility of using encrypted HTTPS traffic to carry a covert channel. The encryption key is not needed because the original HTTPS payload is not decrypted. The covert message will be appended to the HTTPS data field. The receiver will extract the covert channel and restore the original HTTPS traffic for forwarding. Only legitimate HTTPS connections will be used as the overt channel. A Man-in-the-Middle (MITM) attack at the sending and receiving ends will give access to modify the traffic streams. The HTTPS return traffic from the server can carry a covert channel. Without the original HTTPS traffic for comparison or the original encryption keys, this covert channel is undetectable.

[1]  Theodore J. Socolofsky,et al.  TCP/IP tutorial , 1991, RFC.

[2]  Angela Orebaugh,et al.  Wireshark & Ethereal Network Protocol Analyzer Toolkit , 2007 .

[3]  Hesham El-Sayed,et al.  A novel covert channel based on the IP header record route option , 2007, Int. J. Adv. Media Commun..

[4]  Xiamu Niu,et al.  A Novel Covert Channel Based on Length of Messages , 2009, 2009 International Symposium on Information Engineering and Electronic Commerce.

[5]  Kamran Ahsan,et al.  Covert Channel Analysis and Data Hiding in TCP/IP , 2002 .

[6]  Jon Postel Transmission Control Protocol (TCP) Version 4 , 1979 .

[7]  Steven J. Murdoch,et al.  Embedding Covert Channels into TCP/IP , 2005, Information Hiding.

[8]  Xiamu Niu,et al.  A Normal-Traffic Network Covert Channel , 2009, 2009 International Conference on Computational Intelligence and Security.

[9]  Yvo Desmedt Covert Channels , 2011, Encyclopedia of Cryptography and Security.

[10]  Daryl Johnson,et al.  A HTTP cookie covert channel , 2011, SIN '11.

[11]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[12]  Bo Yuan,et al.  Covert channels in the HTTP network protocol: Channel characterization and detecting man-in-the-middle attacks , 2010 .

[13]  Matthias Bauer New covert channels in HTTP: adding unwitting Web browsers to anonymity sets , 2003, WPES '03.

[14]  Natarajan Meghanathan,et al.  Recent Trends in Network Security and Applications - Third International Conference, CNSA 2010, Chennai, India, July 23-25, 2010. Proceedings , 2010, CNSA.

[15]  Pritika Mehra,et al.  A brief study and comparison of Snort and Bro Open Source Network Intrusion Detection Systems , 2012 .

[16]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[17]  Z. Trabelsi,et al.  Implementation of a Covert Channel in the 802.11 Header , 2008, 2008 International Wireless Communications and Mobile Computing Conference.

[18]  Jibi Abraham,et al.  Behavioral Analysis of Transport Layer Based Hybrid Covert Channel , 2010 .

[19]  Manfred Wolf Covert Channels in LAN Protocols , 1989, LANSEC.

[20]  Alan O. Freier,et al.  Internet Engineering Task Force (ietf) the Secure Sockets Layer (ssl) Protocol Version 3.0 , 2022 .