Information Leakage via Protocol-Based Covert Channels: Detection, Automation, and Applications

With the emergence of computers in every day activities and with the ever-growing complexity of networks and network communication protocols, covert channels are becoming an eminent threat to the confidentiality of information. In light of this threat, we propose a technique to detect confidential information leakage via covert channels. Although several works examine covert channel detection and analysis from the perspective of information theory by analysing channel capacities, for instance, we propose a different technique from a different perspective. The proposed technique is based on relational algebra. It provides tests to verify the existence of a leakage of information via a monitored covert channel. The technique also provides computations which, when a leakage is detected, shows how the information was leaked. We also report on a prototype tool that allows for the automation of the proposed technique. We limit our focus to protocol-based covert channels and instances where the users of covert channels modulate the information that is being sent; either by encryption, or some other form of encoding. We discuss possible applications of the proposed technique in digital forensics and cryptanalysis.