CFP last date
20 June 2024
Reseach Article

Detection and elimination of covert communication in Transport and Internet layer � A Survey

Published on March 2012 by D. M. Dakhane, Swapna Patil, Mahendra Patil
International Conference on Recent Trends in Information Technology and Computer Science
Foundation of Computer Science USA
ICRTITCS - Number 1
March 2012
Authors: D. M. Dakhane, Swapna Patil, Mahendra Patil
c36ff396-fe92-4c7f-9855-803a64f1932f

D. M. Dakhane, Swapna Patil, Mahendra Patil . Detection and elimination of covert communication in Transport and Internet layer � A Survey. International Conference on Recent Trends in Information Technology and Computer Science. ICRTITCS, 1 (March 2012), 36-41.

@article{
author = { D. M. Dakhane, Swapna Patil, Mahendra Patil },
title = { Detection and elimination of covert communication in Transport and Internet layer � A Survey },
journal = { International Conference on Recent Trends in Information Technology and Computer Science },
issue_date = { March 2012 },
volume = { ICRTITCS },
number = { 1 },
month = { March },
year = { 2012 },
issn = 0975-8887,
pages = { 36-41 },
numpages = 6,
url = { /proceedings/icrtitcs/number1/5175-1007/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Proceeding Article
%1 International Conference on Recent Trends in Information Technology and Computer Science
%A D. M. Dakhane
%A Swapna Patil
%A Mahendra Patil
%T Detection and elimination of covert communication in Transport and Internet layer � A Survey
%J International Conference on Recent Trends in Information Technology and Computer Science
%@ 0975-8887
%V ICRTITCS
%N 1
%P 36-41
%D 2012
%I International Journal of Computer Applications
Abstract

Covert channels use stealth communications to compromise the security policies of systems. They constitute an important security threat since they can be used to exfiltrate confidential data from networks. TCP/IP protocols are used everyday and are subject to covert channels problems. Covert channels are used for the secret transfer of information. Encryption only protects communication from being decoded by unauthorized parties, whereas covert channels aim to hide the very existence of the communication. Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols. The huge amount of data and vast number of different protocols in the Internet seems ideal as a high-bandwidth vehicle for covert communication. The aim of this paper is to give an overview of covert channels in TCP/IP networks. We briefly describe the TCP and IP protocols, present the different types of covert channels and the methods to set them up in TCP/IP networks; then we study the existing methods to detect and eliminate covert channels.

References
  1. Sebastian Zander and Grenville Armitage, and Philip Branch, SWINBURNE UNIVERSITY OF TECHNOLOGY MELBOURNE, AUSTRALIA "A Survey of Covert channels and countermeasures in computer network protocols", IEEE Communications Surveys & Tutorials 44 • 3rd Quarter 2007
  2. Pierre Allix, Covert channels analysis in TCP/IP networks, 2007
  3. "Covert Channel Analysis and Data Hiding in TCP/IP" by Kamran Ahsan
  4. G. Shah, A. Molina, and M. Blaze, “Keyboards and Covert Channels,” Proc. USENIX Security Symp., Aug. 2006.
  5. N. Vachharajani et al., “RIFLE: An Architectural Framework for User-Centric Information-Flow Security,” Proc. 37th IEEE/ACM Int’l. Symp. Microarchitecture, Dec. 2004, pp.243–54.
  6. N. Feamster et al., “Infranet: Circumventing Web Censorship and Surveillance,” Proc. 11th USENIX Security Symp., Aug.2002.
  7. C. H. Rowland, “Covert Channels in the TCP/IP Protocol Suite,” First Monday, Peer Reviewed Journal on the Internet,July 1997.
  8. D. V. Forte et al., “SecSyslog: An Approach to Secure Logging Based on Covert Channels,” Proc. First Int’l. Wksp. Systematic Approaches to Digital Forensic Engineering, Nov. 2005, pp. 248–63.
  9. The Honeynet Project, “Know Your Enemy: Sebek — A Kernel Based Data Capture Tool ,” tech. rep. , 2003,
  10. S. R. White, “Covert Distributed Processing with Computer Viruses,” Proc. 9th Annual Int’l. Cryptology Conf. Advances in Cryptology, 1989, pp. 616–19.
  11. R. deGraaf, J. Aycock, and M. Jacobson Jr., “Improved Port Knocking with Strong Authentication,” Proc. 21st Annual Computer Security Applications Conf., Dec. 2005.
  12. W. Mazurczyk and Z. Kotulski, “New Security and Control Protocol for VoIP Based on Steganography and Digital Watermarking,” tech. rep., Institute of Fundamental Technological Research, Pol ish Academy of Sciences, June 2005,
  13. W. Mazurczyk and Z. Kotulski, “New VoIP Traffic Security Scheme with Digital Watermarking,” Proc. Int’l. Conf. Computer Safety, Reliability, and Security (SafeComp), Sept. 2006, pp.170–81.
  14. E. Jones, O. Le Moigne, and J.-M. Robert, “IP Traceback Solutions Based on Time to Live Covert Channel,” Proc. 12th IEEE Int’l. Conf. Networks (ICON), Nov. 2004, pp. 451–57.
  15. H. Qu, Q. Cheng, and E. Yaprak, “Using Covert Channel to Resist DoS Attacks in WLAN,” Proc. Int’l. Conf. Wireless Networks, June 2005, pp. 38–44.
  16. S. Katzenbeisser and F. Petitcolas, Information Hiding Techniques for Steganography and Digital Watermarking. Computer Securiy Series, 685 Canton Street, Norwood, MA 02062: Artech House, Inc., 2000.
  17. "The Implementation of Passive Covert Channels in the Linux Kernel", Joanna Rutkowska,Chaos Communication Congress December 2004
  18. "Embedding Covert Channels into TCP/IP" by S.J. Murdoch, S. Lewis,University of Cambridge, United Kingdom,7th Information Hiding Workshop, June 2005
  19. G. Vigna, “A topological characterization of TCP/IP security.” Dipartmento diElettronica e Informazione, Politecnico di Milano, Piazza Leonardo da Vonci, 20133Milano, Italy, December 1996.
  20. S. M. Bellovin, “Security problems in the TCP/IP protocol suite,” Computer Communication Review, vol. 19, pp. 32–48, April 1989.
  21. T. Handel and M.Sandford., “Hiding data in the OSI network model,” (Cambridge, U.K.), First International Workshop on Information Hiding, May-June 1996.
  22. Dr. T.R. Sontakke, Sanjeev Wagh, Prashant Yawalkar, “Eliminating covert channels in TCP/IP using active wardens”
  23. Prof. D. M. Dakhane, Ms. S. R. Deshmukh, “Eliminating TCP/IP Steganography using active warden.”
  24. “Covert Channels in TCP/IP & protocol steganography”, by Kashif Ali Siddiqui 2003-03-0044.
  25. "Passive Covert Channels Implementation in Linux Kernel",by Joanna Rutkowska, Chaos Communication Congress, December 27th-29th 2004, Berlin
  26. C. H. Rowland, “Covert channels in the TCP/IP protocol suite,” First Monday, 1996.
Index Terms

Computer Science
Information Sciences

Keywords

Keywords— Covert channels Steganography TCP IP computer security networking detection protection analysis traffic normalisers packet sorting