Covert channels and countermeasures in computer network protocols [Reprinted from IEEE Communications Surveys and Tutorials]

Covert channels are used for the secret transfer of information. Encryption only protects communication from being decoded by unauthorized parties, whereas covert channels aim to hide the very existence of the communication. Initially, covert channels were identified as a security threat on monolithic systems such as mainframes. More recently, focus has shifted toward covert channels in computer network protocols. The huge amount of data and large number of different protocols in the Internet is ideal as a high-bandwidth vehicle for covert communication. This article provides an overview of the existing techniques for creating covert channels in widely deployed network protocols, and common methods for their detection, elimination, and capacity limitation.

[1]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[2]  Richard E. Newman,et al.  Transmission schedules to prevent traffic analysis , 1993, Proceedings of 9th Annual Computer Security Applications Conference.

[3]  Gustavus J. Simmons,et al.  The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.

[4]  Mark Handley,et al.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics , 2001, USENIX Security Symposium.

[5]  Markus G. Kuhn,et al.  Information hiding-a survey , 1999, Proc. IEEE.

[6]  Scott Craver,et al.  On Public-Key Steganography in the Presence of an Active Warden , 1998, Information Hiding.

[7]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[8]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[9]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[10]  Steven J. Murdoch,et al.  Embedding Covert Channels into TCP/IP , 2005, Information Hiding.

[11]  Theodore G. Handel,et al.  Hiding Data in the OSI Network Model , 1996, Information Hiding.

[12]  Jonathan K. Millen 20 years of covert channel modeling and analysis , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[13]  I. S. Moskowitz,et al.  Covert channels-here to stay? , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.

[14]  Virgil D. Gligor,et al.  A guide to understanding covert channel analysis of trusted systems , 1993 .

[15]  Norka B. Lucena,et al.  Syntax and Semantics-Preserving Application-Layer Protocol Steganography , 2004, Information Hiding.

[16]  Ira S. Moskowitz,et al.  The Pump: a decade of covert fun , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).