Abstract
Almost all the previously proposed network storage channels write covert messages in the packets’ protocol fields. In contrast, we present in this paper a new network storage channel WebShare that uses the plentiful, public Web counters for storage. Therefore, the physical locations of the WebShare encoder and decoder are not restricted to a single path. To make WebShare practical, we have addressed a number of thorny issues, such as the “noise” introduced by other legitimate Web requests, and synchronization between encoder and decoder. For the proof-of-concept purpose, we have experimented a WebShare prototype in the Internet, and have showed that it is practically feasible even when the Web counter and the encoder/decoder are separated by more than 20 router hops.
Please use the following formal when citing this chapter: Luo, X.. Chan. E., and Chang, R.. 2007. in IFIP International Federation for information Processing, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H., Eloff, M, Labuschagne, L., Eloff, i., von Solms, R., (Boston: Springer), pp. 337–348.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Bauer. New covert channels in HTTP: Adding unwitting Web browsers to anonymity sets. In Proc. ACM Workshop on Privacy in the Electronic Society, 2003.
K. Borders and A. Prakash. Web Tap: Detecting covert Web traffic. In Proc. ACM CCS, 2004.
DoD US. Department of defense trusted computer system evaluation criteria (orange book). Technical Report DoD 5200.28-STD, National Computer Security Center, Dec. 1985.
V. Gligor. A guide to understanding covert channel analysis of trusted systems (light pink book). Technical Report NCSC-TG-030, National Computer Security Center, Nov. 1993.
E. Cronin, M. Sherr, and M. Blaze. The eavesdropper’s dilemma. Technical Report MS-CIS-05-24, University of Pennsylvania, February 2006.
R. Kemmerer. Shared resource matrix methodology: A practical approach to indetifying covert channels. ACM Transactions on Computer Systems, 1(3), 1983.
C. Tsai and V. Gligor. A bandwidth computation model for covert storage channels and its applications. In Proc. IEEE Symp. Security and Privacy, 1988.
G. Danezis. Covert communications despite traffic data retention. http://www.homes.esat.kuleuven.be/gdanezis/cover.pdf, 2006.
C. Rowland. Covert channels in the TCP/IP protocol suite. First Monday: Peerreviewed Journal on the Internet, 2(5), 1997.
Fyodor. Idle scanning and related IPID games. http://www.insecure.org/nmap/idlescan.html.
F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In Proc. IEEE Symp. Security and Privacy, 2002.
H. Lee, E. Chang, and M. Chan. Pervasive random beacon in the Internet for covert coordination. In Proc. Information Hiding Workshop, 2005.
M. Simon, J. Omura, R. Scholtz, and B. Levitt. Spread Spectrum Communications Handbook. McGraw-Hill, 2002.
D. Kreher and D. Stinson. Combinatorial Algorithms: Generation, Enumeration and Search. CRC press, 1998.
W. Myrvold and F. Ruskey. Ranking and unranking permutations in linear time. Information Processing Letters, 79:281–284, 2001.
K. Ahsan and D. Kundur. Practical data hiding in TCP/IP. In Proc. Workshop on Multimedia Security, 2002.
S. Murdoch and S. Lewis. Embedding covert channels into TCP/IP. In Proc. Information Hiding Workshop, 2005.
C. Abad. IP checksum covert channels and selected hash collision, http://www.gray-world.net/papers/ipccc.pdf, 2001.
J. Giffen, R. Greenstadt, P. Litwack, and R. Tibbetts. Covert messaging through TCP timestamps. In Proc. PET Workshop, 2002.
J. Rutkowska. The implementation of passive covert channels in the Linux kernel. In Proc. Chaos Communication Congress, 2004.
K. Moore. On the use of HTTP as a substrate. RFC 3205, Feb. 2002.
Gray-World Team. Covert channel and tunneling over the HTTP protocol detection: GW implementation theoretical design. http://www.gray-world.net/projects/papers/cctde.txt, 2003.
N. Feamster, M. Balazinska, W. Wang, H. Balakrishnan, and D. Karger. Thwarting Web cenorship with untrusted messenger discovery. In Proc. PET Workshop, 2003.
J. Seo T. Sohn and J. Moon. A study on the covert channel detection of TCP/IP header using support vector machine. In Proc. ICICS, 2003.
E. Tumoian and M. Anikeev. Network based detection of passive covert channels in TCP/IP. In Proc. IEEE LCN, 2005.
D. Pack, W. Streilein, S. Webster, and R. Cunningham. Detecting HTTP tunneling activities. In Proc. IEEE Annual Information Assurance Workshop, 2002.
N. Feamster, M. Balazinska, G. Harfst, H. Balakrishnan, and D. Karger. Infranet: Circumventing censorship and surveillance. In Proc. USENIX Security Symp., 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Luo, X., Chan, E.W.W., Chang, R.K.C. (2007). Crafting Web Counters into Covert Channels. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_29
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_29
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)