Skip to main content
SpringerLink
Log in

Covert Channels in IPv6

  • Conference paper
Privacy Enhancing Technologies (PET 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3856))

Included in the following conference series:

Abstract

A covert channel is a communication path that allows transferring information in a way that violates a system security policy. Because of their concealed nature, detecting and preventing covert channels are obligatory security practices. In this paper, we present an examination of network storage channels in the Internet Protocol version 6 (IPv6). We introduce and analyze 22 different covert channels. In the appendix, we define three types of active wardens, stateless, stateful, and network-aware, who differ in complexity and ability to block the analyzed covert channels.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Gligor, V.D.: A Guide to Understanding Covert Channel Analysis of Trusted Systems. National Computer Security Center, Meade, MD, USA. Version-1 edn. (1993) NCSC-TG-030

    Google Scholar 

  2. McHugh, J.: Covert Channel Analysis: A Chapter of the Handbook for the Computer Security Certification of Trusted Systems. Portland State University, Portland, Oregon, USA (1995)

    Google Scholar 

  3. of Defense, U.D.: Department of Defense Trusted Computer System Evaluation Criteria (1985) DOD 5200.28-STD

    Google Scholar 

  4. Cabuk, S., Brodley, C.E., Shields, C.: Ip covert timing channels: Design and detection. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington DC, USA, pp. 178–187. ACM Press, New York (2004)

    Google Scholar 

  5. Ahsan, K.: Covert channel analysis and data hiding in tcp/ip. Master’s thesis, University of Toronto (2002)

    Google Scholar 

  6. Ahsan, K., Kundur, D.: Practical data hiding in tcp/ip. In: Proceedings of the ACM Workshop on Multimedia Security at ACM Multimedia (2002)

    Google Scholar 

  7. Servetto, S.D., Vetterli, M.: Codes for the fold-sum channel. In: Proceedings of the 35th Annual Conference on Information Science and Systems (CISS), Baltimore, MD, USA (2001)

    Google Scholar 

  8. Servetto, S.D., Vetterli, M.: Communication using phantoms: Covert channels in the internet. In: Proceedings of the IEEE International Symposium on Information Theory (ISIT), Washington, DC, USA (2001)

    Google Scholar 

  9. Handel, T., Sandford, M.: Hiding data in the OSI network model. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 23–38. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  10. Szczypiorski, K.: Hiccups: Hidden communication system for coruppted networks. In: Proceedings of the Tenth International Multi-Conference on Advanced Computer Systems ACS 2003, Międzyzdroje, Poland, pp. 31–40 (2003)

    Google Scholar 

  11. Rowland, C.H.: Covert channels in the TCP/IP protocol suite. Psionics Technologies (1996), http://www.firstmonday.dk/issues/issue2_5/rowland/

  12. Dunigan, T.: Internet steganography. Technical report, Oak Ridge National Laboratory (Contract No. DE-AC05-96OR22464), Oak Ridge, Tennessee (1998) [ORNL/TM-limited distribution]

    Google Scholar 

  13. Rutkowska, J.: The implementation of passive covert channels in the linux kernel. In: 21st Chaos Communication Congress, Berliner Congress Center, Berlin, Germany (2004), www.ccc.de/congress/2004/fahrplan/files/223-passive-covert-channels-linux.pdf

  14. Abad, C.: Ip checksum covert channels and selected hash collision (2001), http://gray-world.net/cn/papers/ipccc.pdf

  15. Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMID (2004), http://eprint.iacr.org/2004/199/

  16. Kaminsky, D.: MD5 to be considered harmful someday (2004), http://www.doxpara.com/md5_someday.pdf

  17. Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert messaging through TCP timestamps. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 194–208. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  18. daemon9 (route@infonexus.com): Loki2 (the implementation). Phrack Magazine, 51, article 6 (1997), http://www.phrack.org/show.php?p=51&a=6

  19. daemon9 (route@infonexus.com), alhambra (alhambra@infornexus.com): Project loki. Phrack Magazine, 49, Article 6 (1996), http://www.phrack.org/show.php?p=49&a=6

  20. Skoudis, E.: Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses. In: Series in Computer networking and Distributed Systems. Prentice Hall, Upper Saddle River (2002)

    Google Scholar 

  21. Malan, G.R., Watson, D., Jahanian, F., Howell, P.: Transport and application protocol scrubbing. In: Proceedings of the IEEE INFOCOM 2002 Conference, Tel-Aviv, Israel, pp. 1381–1390 (2000)

    Google Scholar 

  22. Handley, M., Paxson, V.: Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In: Proceedings of the 10th USENIX Security Symposium, Washington, DC, USA. USENIX Association (2001)

    Google Scholar 

  23. Fisk, G., Fisk, M., Papadopoulos, C., Neil, J.: Eliminating steganography in internet traffic with active wardens. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 18–35. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  24. Murdoch, S.J., Lewis, S.: Embedding covert channels into TCP/IP. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 247–261. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  25. Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Chaum, D. (ed.) Advances in Cryptology, Proceedings of CRYPTO 1983, pp. 51–67. Plenum Press (1984)

    Google Scholar 

  26. Lucena, N.B., Pease, J., Yadollahpour, P., Chapin, S.J.: Syntax and semantics-preserving application-layer protocol steganography, Toronto, Canada. LNCS, pp. 164–179. Springer, Heidelberg (2004)

    Google Scholar 

  27. Craver, S.: On public-key steganography in the presence of an active warden. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 355–368. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  28. Katzenbeisser, S., Petitcolas, F.A.: Information Hiding: Techniques for Steganography and Digital Watermarking, Artech House, Norwood, MA (2000)

    Google Scholar 

  29. Deering, S., Hinden, R.: Internet protocol, version 6 (ipv6) specification (1998) RFC 2460

    Google Scholar 

  30. Hagen, S.: IPv6 Essentials. 1st edn. O’Reilly & Associates, Inc., Sebastopol (2002)

    Google Scholar 

  31. Kent, S., Atkinson, R.: Security architecture for the internet protocol (1998) RFC 2401

    Google Scholar 

  32. Kent, S., Atkinson, R.: Ip authentication header (1998) RFC 2402

    Google Scholar 

  33. Kent, S., Atkinson, R.: Ip encapsulating security payload (esp) (1998) RFC 2406

    Google Scholar 

  34. Kent, S., Atkinson, R.: Definition of the differentiated services field (ds field) in the ipv4 and ipv6 header (1998) RFC 2402

    Google Scholar 

  35. (IANA), I.A.N.A.: Protocol numbers (2004), http://www.iana.org/assignments/protocol-numbers

  36. (IANA), I.A.N.A.: IP version 6 parameters (2004), http://www.iana.org/assignments/ipv6-parameters

  37. Graf, T.: Messaging over ipv6 destination options (2003), http://net.suug.ch/articles/2003/07/06/ip6msg.html

Download references

Author information

Authors and Affiliations

  1. Syracuse University, Syracuse, NY, 13244, USA

    Norka B. Lucena, Grzegorz Lewandowski & Steve J. Chapin

Authors
  1. Norka B. Lucena
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Grzegorz Lewandowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steve J. Chapin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microsoft Research, Cambridge, UK

    George Danezis

  2. Artificial Intelligence Center, SRI International, USA

    David Martin

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lucena, N.B., Lewandowski, G., Chapin, S.J. (2006). Covert Channels in IPv6. In: Danezis, G., Martin, D. (eds) Privacy Enhancing Technologies. PET 2005. Lecture Notes in Computer Science, vol 3856. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11767831_10

Download citation

  • DOI: https://doi.org/10.1007/11767831_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34745-3

  • Online ISBN: 978-3-540-34746-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation