CCHEF – Covert Channels Evaluation Framework Design and Implementation
نویسندگان
چکیده
Communication is not necessarily made secure by the use of encryption alone. The mere existence of communication is often enough to raise suspicion and trigger investigative actions. Covert channels aim to hide the very existence of the communication. The huge amount of data and vast number of different protocols in the Internet makes it ideal as a high-bandwidth vehicle for covert communications. Covert channels are hidden inside pre-existing overt communication by encoding additional semantics onto ‘normal’ behaviours of the overt channels. We have developed CCHEF – a flexible and extensible software framework for evaluating covert channels in network protocols. The framework is able to establish covert channels across real networks using real overt traffic, but can also emulate covert channels based on overt traffic previously collected in trace files. In this paper we present the design and implementation of CCHEF.
منابع مشابه
CCHEF – Covert Channels Evaluation Framework User Manual Version 0.1
Communication is not necessarily made secure by the use of encryption alone. The mere existence of communication is often enough to raise suspicion and trigger investigative actions. Covert channels aim to hide the very existence of the communication. The huge amount of data and vast number of different protocols in the Internet makes it ideal as a high-bandwidth vehicle for covert communicatio...
متن کاملModel-Based Covert Timing Channels: Automated Modeling and Evasion
The exploration of advanced covert timing channel design is important to understand and defend against covert timing channels. In this paper, we introduce a new class of covert timing channels, called model-based covert timing channels, which exploit the statistical properties of legitimate network traffic to evade detection in an effective manner. We design and implement an automated framework...
متن کاملAn Evaluation Framework for the Analysis of Covert Channels in the TCP/IP Protocol Suite
Information hiding techniques can be used by criminals and terrorists to communicate over covert channels within the TCP/IP protocol suite and can be used to overcome firewalls and most other forms of network intrusion detection and prevention systems. In this work we describe the covert channel concept and weaknesses in the five layered TCP/IP layered model. We then present an evaluation frame...
متن کاملDesign and Implementation of an Active Warden Addressing Protocol Switching Covert Channels
Network covert channels enable a policy-breaking network communication (e.g., within botnets). Within the last years, new covert channel techniques occurred which are based on the capability of protocol switching. There are currently no means available to counter these new techniques. In this paper we present the first approach to effectively limit the bandwidth of such covert channels by intro...
متن کاملA Behavior Based Covert Channel within Anti-Virus Updates
This paper presents a new behavior based covert channel utilizing the database update mechanism of anti-virus software. It is highly covert due to unattended, frequent, automatic signature database update operations performed by the software. The design of the covert channel is described; its properties are discussed and demonstrated by a reference implementation. This paper uses these points t...
متن کامل