Design and Implementation of an Active Warden Addressing Protocol Switching Covert Channels
نویسندگان
چکیده
Network covert channels enable a policy-breaking network communication (e.g., within botnets). Within the last years, new covert channel techniques occurred which are based on the capability of protocol switching. There are currently no means available to counter these new techniques. In this paper we present the first approach to effectively limit the bandwidth of such covert channels by introducing a new active warden. We present a calculation method for the bandwidth of these channels in case the active warden is used. Additionally, we discuss implementation details and we evaluate the practical usefulness of our technique. Keywords-Protocol Switching Covert Channel; Protocol Channel, Active Warden
منابع مشابه
Preventing Protocol Switching Covert Channels
Network covert channels enable a policy-breaking network communication (e.g., within botnets). Within the last years, new covert channel techniques arose which are based on the capability of protocol switching. Such protocol switching covert channels operate within overlay networks and can (as a special case) contain their own internal control protocols. We present the first approach to effecti...
متن کاملEliminating Steganography in Internet Traffic with Active Wardens
Active wardens have been an area of postulation in the community for nearly two decades, but to date there have been no published implementations that can be used to stop steganography as it transits networks. In this paper we examine the techniques and challenges of a high-bandwidth, unattended, real-time, active warden in the context of a network firewall. In particular, we concentrate on str...
متن کاملSystematic Engineering of Control Protocols for Covert Channels
Within the last years, new techniques for network covert channels arose, such as covert channel overlay networking, protocol switching covert channels, and adaptive covert channels. These techniques have in common that they rely on covert channel-internal control protocols (so called micro protocols) placed within the hidden bits of a covert channel’s payload. An adaptable approach for the engi...
متن کاملConstruction of the Covert Channels
The purpose of this work is the demonstration of an adversary intrusion into protected computing system, when the covert channels are poorly taken into account. We consider an opportunity of overcoming the protection mechanisms placed between a protected segment of a local area network and a global network (for example, Internet). We discuss the ability for a warden to reveal the covert channels.
متن کاملCCHEF – Covert Channels Evaluation Framework Design and Implementation
Communication is not necessarily made secure by the use of encryption alone. The mere existence of communication is often enough to raise suspicion and trigger investigative actions. Covert channels aim to hide the very existence of the communication. The huge amount of data and vast number of different protocols in the Internet makes it ideal as a high-bandwidth vehicle for covert communicatio...
متن کامل