Eliminating Covert Channels in IPv6 with Network-Aware Active Wardens
نویسندگان
چکیده
1. ABSTRACT Although as of today publicly-accessible Internet addresses are primarily IPv4, the adoption of the Internet Protocol version 6 (IPv6) is imminent, as shown in Figure 1 [1]. For example, the U.S. government established that all federal agencies must deploy IPv6 by June 2008 and news from the IPv6 Task Force reports significant progress in the adoption of IPv6 technology in other continents, such as Asia and Europe. That global embracement of IPv6 calls for a closer examination of its security risks, especially of those which are not so obvious nor possibly to overcome by IPv4 security technologies.
منابع مشابه
Network-aware Active Wardens in IPv6
Every day the world grows more and more dependent on digital communication. Technologies like e-mail or the World Wide Web that not so long ago were considered experimental, have first become accepted and then indispensable tools of everyday life. New communication technologies built on top of the existing ones continuously race to provide newer and better functionality. Even established commun...
متن کاملEliminating Steganography in Internet Traffic with Active Wardens
Active wardens have been an area of postulation in the community for nearly two decades, but to date there have been no published implementations that can be used to stop steganography as it transits networks. In this paper we examine the techniques and challenges of a high-bandwidth, unattended, real-time, active warden in the context of a network firewall. In particular, we concentrate on str...
متن کاملHiding out in plaintext : covert messaging with bitwise summations
vi CHAPTER 1. GENERAL INTRODUCTION 1 1.1 Problem Statement 1 1.2 Thesis Organization 1 1.3 Overview of Network Covert Channels 2 1.4 Overview of Information Hiding in TCP/IP 3 1.5 Network Layer 5 1.5.1 Do not Fragment Bit 5 1.5.2 IP Identification Field 6 1.5.3 IP Header Checksum 6 1.5.4 ICMP Data 6 1.6 Transport Layer 7 1.6.1 TCP Time Stamps 7 1.6.2 Sequence and Acknowledgment Fields 9 1.7 Act...
متن کاملCreating and Detecting IPv6 Transition Mechanism-Based Information Exfiltration Covert Channels
The Internet Protocol Version 6 (IPv6) transition opens a wide scope for potential attack vectors. Tunnel-based IPv6 transition mechanisms could allow the set-up of egress communication channels over an IPv4-only or dual-stack network while evading detection by a network intrusion detection system (NIDS). Increased usage of IPv6 in attacks results in long-term persistence, sensitive information...
متن کاملCovert Channel Using ICMPv6 and IPv6 Addressing
Internet Protocol version 6, the latest revision of the Internet Protocol (IP), is rising in popularity. Along with it has come ample opportunity for the discovery and utilization of fresh, new covert channels. This paper proposes a covert channel using this "IP Next Generation Protocol", widely referred to as IPv6, as well as its associated protocol ICMPv6. As a proof-of-concept, two hosts run...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008