Covert communications through network configuration messages

Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in Multi-Level Security systems in the early 70's they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. In this paper we concentrate on short-range covert channels and analyze the opportunities of concealing data in various extensively used protocols today. From this analysis we observe several features that can be effectively exploited for subliminal data transmission in the Dynamic Host Configuration Protocol (DHCP). The result is a proof-of-concept implementation, HIDE_DHCP, which integrates three different covert channels each of which accommodate to different stealthiness and capacity requirements. Finally, we provide a theoretical and experimental analysis of this tool in terms of its reliability, capacity, and detectability.

[1]  Gaurav Shah,et al.  Keyboards and Covert Channels , 2006, USENIX Security Symposium.

[2]  Manfred Wolf Covert Channels in LAN Protocols , 1989, LANSEC.

[3]  Yongji Wang,et al.  Improving performance of network covert timing channel through Huffman coding , 2012, Math. Comput. Model..

[4]  Theodore G. Handel,et al.  Hiding Data in the OSI Network Model , 1996, Information Hiding.

[5]  End-to-End Services Task Force Protocol standard for a NetBIOS service on a TCP/UDP transport: Concepts and methods , 1987 .

[6]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[7]  Judith N. Froscher,et al.  The Handbook for the Computer Security Certification of Trusted Systems , 1992 .

[8]  David A. Huffman,et al.  A method for the construction of minimum-redundancy codes , 1952, Proceedings of the IRE.

[9]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[10]  Xiapu Luo,et al.  Cloak: A Ten-Fold Way for Reliable Covert Communications , 2007, ESORICS.

[11]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[12]  Rachel Greenstadt,et al.  Covert Messaging through TCP Timestamps , 2002, Privacy Enhancing Technologies.

[13]  Virgil D. Gligor,et al.  A guide to understanding covert channel analysis of trusted systems , 1993 .

[14]  Grzegorz Lewandowski,et al.  Covert Channels in IPv6 , 2005, Privacy Enhancing Technologies.

[15]  Anthony Ephremides,et al.  Covert channels in ad-hoc wireless networks , 2010, Ad Hoc Networks.

[16]  Gustavus J. Simmons,et al.  The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.

[17]  Carla E. Brodley,et al.  IP Covert Channel Detection , 2009, TSEC.

[18]  Steven Gianvecchio,et al.  An Entropy-Based Approach to Detecting Covert Timing Channels , 2011, IEEE Transactions on Dependable and Secure Computing.

[19]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[20]  I. S. Moskowitz,et al.  Covert channels-here to stay? , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.

[21]  Ieee Aerospace COMPASS '94 : proceedings of the Ninth Annual Conference on Computer Assurance, June 27-July 1, 1994, National Institute of Standards and Technology, Gaithersburg, MD , 1994 .