Abstract
Cloud environments are more and more used by cyber criminals to perform their malicious activities. With the help of covert channels they hide their data transmissions and message exchange. Whereas different techniques of covert channels in common networks are well-known, the existence of covert channels in cloud environments networks is a new topic in information hiding. The virtual environments provide new ways to hide the transmission of information. These environments use virtual networks in the cloud, which separate and isolate logical networks of the different customers. In this paper we present an examination of information hiding in virtual networks. We analyzed VXLAN, STT, GENEVE and NVGRE as the most notable so-called overlay protocols and examined different ways to create covert storage channels. Furthermore, we describe a covert timing channel based on the movement of virtual machines. As a result we propose possible countermeasures of the described covert channels.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The time to migrate a VM depends heavily on the amount of data the VM uses.
- 2.
Floating ip addresses are used in cloud environments to assign a public ip address to a VM for a short period of time [21].
References
Anderson, T., Peterson, L., Shenker, S., Turner, J.: Overcoming the internet impasse through virtualization. Computer 38(4), 34–41 (2005)
Brook, C.: Attackers hiding stolen credit card numbers in images, October 2016. https://threatpost.com/attackers-hiding-stolen-credit-card-numbers-in-images/121347/. Accessed 13 June 2017
Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 178–187. ACM (2004)
Caviglione, L., Podolski, M., Mazurczyk, W., Ianigro, M.: Covert channels in personal cloud storage services: the case of dropbox. IEEE Trans. Ind. Inf. 6(99), 1 (2016)
Constantin, L.: Fileless powershell malware uses DNS as covert channel, March 2017. http://www.computerworld.com/article/3176669/security/fileless-powershell-malware-uses-dns-as-covert-channel.html. Accessed 13 June 2017
Davie, B., Gross, J.: A Stateless Transport Tunneling Protocol for Network Virtualization (STT). Internet-Draft draft-davie-stt-08, Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/draft-davie-stt-08. Work in Progress
Fridrich, J.: Applications of data hiding in digital images. In: Proceedings of the Fifth International Symposium on Signal Processing and Its Applications, ISSPA 1999, vol. 1, pp. 1–9. IEEE (1999)
Garfinkel, S.: Anti-forensics: techniques, detection and countermeasures. In: 2nd International Conference on i-Warfare and Security, vol. 20087, pp. 77–84 (2007)
Gross, J., Sridhar, T., Garg, P., Wright, C., Ganga, I.: GENEVE: Generic network virtualization encapsulation. Internet Engineering Task Force, Internet Draft (2014)
Janicki, A., Mazurczyk, W., Szczypiorski, K.: Steganalysis of transcoding steganography. Annales des Télécommunications 69(7–8), 449–460 (2014)
Johnson, N.F., Duric, Z., Jajodia, S.: Information Hiding: Steganography and Watermarking-Attacks and Countermeasures, vol. 1. Springer, New York (2001)
Katzenbeisser, S., Petitcolas, F.: Information Hiding Techniques for Steganography and Digital Watermarking. Artech house, Boston (2000)
Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)
Lipinski, B., Mazurczyk, W., Szczypiorski, K.: Improving hard disk contention-based covert channel in cloud computing. In: Security and Privacy Workshops (SPW), 2014, pp. 100–107. IEEE (2014)
Lucena, N.B., Lewandowski, G., Chapin, S.J.: Covert channels in IPv6. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 147–166. Springer, Heidelberg (2006). doi:10.1007/11767831_10
Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, L., Sridhar, T., Bursell, M., Wright, C.: Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks. RFC 7348 (Informational). http://www.ietf.org/rfc/rfc7348.txt
Mazurczyk, W., Szczypiorski, K.: Covert channels in SIP for VoIP signalling. In: Jahankhani, H., Revett, K., Palmer-Brown, D. (eds.) ICGeS 2008. CCIS, vol. 12, pp. 65–72. Springer, Heidelberg (2008). doi:10.1007/978-3-540-69403-8_9
Mazurczyk, W., Wendzel, S., Zander, S., Houmansadr, A., Szczypiorski, K.: Information Hiding in Communication Networks: Fundamentals, Mechanisms, and Applications. IEEE Series on Information and Communication Networks Security. Wiley, New York (2016)
Murdoch, S.J., Lewis, S.: Embedding covert channels into TCP/IP. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 247–261. Springer, Heidelberg (2005). doi:10.1007/11558859_19
Okamura, K., Oyama, Y.: Load-based covert channels between Xen virtual machines. In: Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 173–180. ACM (2010)
OpenStack: Manage IP addresses, May 2017. https://docs.openstack.org/user-guide/cli-manage-ip-addresses.html. Accessed 13 June 2017
Paxson, V., Allman, M., Chu, J., Sargent, M.: Computing TCP’s retransmission timer. RFC 6298, RFC Editor. http://www.rfc-editor.org/rfc/rfc6298.txt
Pfaff, B., Pettit, J., Koponen, T., Jackson, E.J., Zhou, A., Rajahalme, J., Gross, J., Wang, A., Stringer, J., Shelar, P., et al.: The design and implementation of open vswitch. In: 12th USENIX Symposium on Networked Systems Design and Implementation, pp. 117–130 (2015)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM (2009)
Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Advances in Cryptology - CRYPTO 1983, pp. 51–67. Plenum (1984)
Spiekermann, D., Eggendorfer, T.: Challenges of network forensic investigation in virtual networks. J. Cyber Secur. Mobility 5(2), 15–46 (2016)
Spiekermann, D., Eggendorfer, T.: Towards digital investigation in virtual networks: a study of challenges and open problems. In: International Workshop of Cyber Crime, 2016 International Conference. IEEE (2016)
Spiekermann, D., Keller, J., Eggendorfer, T.: Network forensic investigation in openflow networks with forcon. Digital Invest. 20, 66–74 (2017)
Walker, S.: The day we discovered our parents were russian spies, May 2016. https://www.theguardian.com/world/2016/may/07/discovered-our-parents-were-russian-spies-tim-alex-foley. Accessed 13 June 2017
Wang, Y.S., Garg, P.: NVGRE: Network Virtualization Using Generic Routing Encapsulation. RFC 7637. https://rfc-editor.org/rfc/rfc7637.txt
Wendzel, S.: Protocol hopping covert channels. Hakin9 8, 20–21 (2008)
Wendzel, S.: The problem of traffic normalization within a covert channel’s network environment learning phase. In: Suri, N., Waidner, M. (eds.) Sicherheit. LNI, vol. 195, pp. 149–161. GI (2012)
Wendzel, S.: Novel approaches for network covert storage channels. Ph.D. thesis, FernUniverstität Hagen (2013)
Wendzel, S., Keller, J.: Design and implementation of an active warden addressing protocol switching covert channels. In: Proceedings of 7th International Conference on Internet Monitoring and Protection (ICIMP 2012), pp. 1–6. IARIA (2012)
Wu, J., Ding, L., Wang, Y., Han, W.: Identification and evaluation of sharing memory covert timing channel in Xen virtual machines. In: 2011 IEEE International Conference on Cloud Computing (CLOUD), pp. 283–291. IEEE (2011)
Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of l2 cache covert channels in virtualized environments. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, pp. 29–40. ACM (2011)
Zimmermann, H.: OSI reference model – the ISO model of architecture for open systems interconnection. IEEE Trans. Commun. 28(4), 425–432 (1980)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Spiekermann, D., Keller, J., Eggendorfer, T. (2017). Towards Covert Channels in Cloud Environments: A Study of Implementations in Virtual Networks. In: Kraetzer, C., Shi, YQ., Dittmann, J., Kim, H. (eds) Digital Forensics and Watermarking. IWDW 2017. Lecture Notes in Computer Science(), vol 10431. Springer, Cham. https://doi.org/10.1007/978-3-319-64185-0_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-64185-0_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64184-3
Online ISBN: 978-3-319-64185-0
eBook Packages: Computer ScienceComputer Science (R0)