Abstract
The Android operating system (OS) currently occupies the majority of the global smartphone market. Even IoT specific applications have prevailing OS as Android into their end device or intermediary communication channels. These Android smartphones may store sensitive data such as texts, banking information, personal identification numbers (PIN), contact-based information, GPS/location-specific information, images, movies, IoT device operations, and so on. Furthermore, Android devices are popular among users due to their extensive capabilities and multiple connectivity options, making them a perfect target for attackers. To get their task done, attackers are shifting to methods that neatly disguise existing state-of-the-art equipment and targets. One such strategy is evasion, which is used to deceive security systems or conceal information flow in order to evade detection. On the alternative side, covert channels disguise the existence of exchange itself, making it unidentifiable to both users and cutting-edge technology. These covert channels, by employing evasive methods, become extremely undetectable and bypass security architecture, ensuring the secure maintenance or transmission of the user's confidentiality-based information. The research evaluates and analyses existing state-of-the-art technologies, as well as identifies potential defense mechanisms for mitigating and detecting such threats.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ceci L (2021) Statistica. Number of available applications in the Google Play Store from December 2009–July 2021
Lalande JF, Wendzel S (2013) Hiding privacy leaks in Android applications using low-attention raising covert channels. Int Conf Availability Reliabil Secur, 701–710
Mazurczyk W, Caviglione L (2014) Steganography in modern smartphones and mitigation techniques. IEEE Commun Surv Tutorials 17(1):334–357
Mazurczyk W, Caviglione L (2015) Information hiding as a challenge for malware detection. Secur Privacy 13(2):89–93
Sharma S, Kumar R, Rama Krishna C (2021) A survey on analysis and detection of Android ransomware. Concurr Comput: Practice Experience 33(16):e6272
Li H, Liu Y, Tan R (2020) Covert device association among colluding apps via edge processor workload. IEEE Internet Things J 7(11):10763–10772
Zhang L, Huang T, Rasheed W, Hu X, Zhao C (2019) An enlarging-the-capacity packet sorting covert channel. IEEE Access 7:145634–145640
Tian J, Xiong G, Li Z, Gou G (2020) A survey of key technologies for constructing network covert channel. Secur Commun Netw 2020:1–20
Lalande JF, Wendzel S (2013) Hiding privacy leaks in android applications using low-attention raising covert channels. In: 2013 international conference on availability, reliability and security, 701–710, IEEE
Elsadig MA, Gafar A (2022) Covert channel detection: machine learning approaches. IEEE Access 10:38391–38405
deGraaf R, Aycock J, Jacobson MJ (2005) Improved port knocking with strong authentication. In: Proc. 21st Annu. Comput. Secur. Appl. Conf. (ACSAC), 10
Qu H, Cheng Q, Yaprak E (2005) Using covert channel to resist DoS attacks in WLAN. Proc. ICWN, pp 38–44
Mazurczyk W, Kotulski Z (2006) New security and control protocol for VoIP based on steganography and digital watermarking. Proceedings 5th international conference computer science research applications (IBIZA)
Vanderhallen S, Van Bulck J, Piessens F, Mühlberg JT (2021) Robust authentication for automotive control networks through covert channels. Comput Netw 193
Zhang X, Zhu L, Wang X, Zhang C, Zhu H, Tan Y-A (2019) A packet-reordering covert channel over VoLTE voice and video traffics. J Netw Comput Appl 126:29–38
Zhang X, Guo L, Xue Y, Zhang Q (2019) A two-way VoLTE covert channel with feedback adaptive to mobile network environment. IEEE Access 7:122214–122223
Wu S, Chen Y, Tian H, Sun C (2021) Detection of covert timing channel based on time series symbolization. IEEE Open J Commun Soc 2:2372–2382
Elsadig MA, Fadlalla YA (2017) Network protocol covert channels: countermeasures techniques. In: Proceedings 9th IEEE-GCC conference exhibition (GCCCE), pp 1–9
Goher SZ, Javed B, Saqib NA (2012) Covert channel detection: a survey based analysis. High capacity opt. network emerging/enabling technology, pp 057–065
Cabaj K, Żórawski P, Nowakowski P, Purski M, Mazurczyk W (2020) Efficient distributed network covert channels for internet of things environments. J Cybersecurity 6(1)
Wendzel S, Mazurczyk W, Haas G (2017) Don’t you touch my nuts: information hiding in cyber physical systems. In: Proceedings IEEE security privacy workshops (SPW), pp 29–34
Smith S (2020) Hiding in the noise: creation and detection analysis of modern covert channels
Tan Y-A, Zhang X, Sharif K, Liang C, Zhang Q, Li Y (2018) Covert timing channels for IoT over mobile networks. IEEE Wireless Commun 25(6):38–44
Harris K, Henry W, Dill R (2022) A network-based IoT covert channel. In: 2022 4th international conference on computer communication and the internet (ICCCI), pp 91–99
Salih A, Ma X, Peytchev E (2017) Implementation of hybrid artificial intelligence technique to detect covert channels attack in new generation internet protocol IPv6. In: Leadership innovation and entrepreneurship as driving forces of the global economy, Cham, Switzerland, Springer, pp 173–190
Lucena NB, Lewandowski G, Chapin SJ (2005) Covert channels in IPv6. In: Proceedings international workshop privacy enhancing technology, 147–166
Caviglione L, Schaffhauser A, Zuppelli M, Mazurczyk W (2022) IPv6CC: IPv6 covert channels for testing networks against stegomalware and data exfiltration. SoftwareX 17:100975
Zhang X, Tan Y-A, Liang C, Li Y, Li J (2018) A covert channel over VoLTE via adjusting silence periods. IEEE Access 6:9292–9302
Zhang X, Pang L, Guo L, Li Y (2020) Building undetectable covert channels over mobile networks with machine learning. In: Proceedings international conference mechanism learning cyber security, pp 331–339
Yuanzhang L, Junli L, Xinting X, Xiaosong Z, Li Z, Quanxin Z (2022) A robust packet‐dropping covert channel for mobile intelligent terminals. Int J Intell Syst
De Hert P, Papakonstantinou V, Kamara I (2016) The cloud computing standard ISO/IEC 27018 through the lens of the EU legislation on data protection. Comput Law Secur Rev 32(1):16–30
Drozd O (2015) Privacy pattern catalogue: a tool for integrating privacy principles of ISO/IEC 29100 into the software development process. In: IFIP international summer school on privacy and identity management. Springer, Cham, pp 129–140
Regulation P (2016) Regulation (EU) 2016/679 of the European Parliament and of the council. Regulation (eu) 679:2016
Hatzivasilis G, Papaefstathiou I, Manifavas C (2016) Software security, privacy, and dependability: metrics and measurement. IEEE Softw 33(4):46–54
Greenwich Academic Literature Archive. [Online]. Available: https://gala.gre.ac.uk/. [Accessed: 19-Mar-2022]
ISECOM 1988–2018. Open source security testing methodology manual, ISECOM
ISO/IEC 15408 (1996–2018) Common criteria for information technology security evaluation, ISO/IEC
Goher SZ, Javed B, Saqib NA (2012) Covert channel detection: a survey based analysis. High Capacity Opt Netw Emerg/Enabling Technol, 057–065
Bugiel S, Davi L, Dmitrienko A, Heuser S, Sadeghi AR, Shastry B (2011) Practical and lightweight domain isolation on Android. In: ACM workshop on security and privacy in smartphones and mobile devices, pp 51–62
Bugiel S, Davi L, Dmitrienko A, Fischer T, Sadeghi AR (2011) XManDroid: a new android evolution to mitigate privilege escalation attacks
Wu L, Grace M, Zhou Y, Wu C, Jiang X (2013) The impact of vendor customizations on android security. In: ACM Sigsac conference on computer and communications security, pp 623–634
Zhou X, Lee Y, Zhang N, Naveed M, Wang XF (2014) The peril of fragmentation: security hazards in android device driver customizations. In: Security and privacy, 409–423
Caviglione L, Gaggero M, Lalande JF, Mazurczyk W, Urbański M (2017) Seeing the unseen: revealing mobile malware hidden communications via energy consumption and artificial intelligence. IEEE Trans Inf Forensics Secur 11(4):799–810
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Pattani, K., Gautam, S. (2023). Defense and Evaluation Against Covert Channel-Based Attacks in Android Smartphones. In: Sharma, N., Goje, A., Chakrabarti, A., Bruckstein, A.M. (eds) Data Management, Analytics and Innovation. ICDMAI 2023. Lecture Notes in Networks and Systems, vol 662. Springer, Singapore. https://doi.org/10.1007/978-981-99-1414-2_49
Download citation
DOI: https://doi.org/10.1007/978-981-99-1414-2_49
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-1413-5
Online ISBN: 978-981-99-1414-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)