Skip to main content
SpringerLink
Log in

Defense and Evaluation Against Covert Channel-Based Attacks in Android Smartphones

  • Conference paper
  • First Online:
Data Management, Analytics and Innovation (ICDMAI 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 662))

Included in the following conference series:

  • 451 Accesses

Abstract

The Android operating system (OS) currently occupies the majority of the global smartphone market. Even IoT specific applications have prevailing OS as Android into their end device or intermediary communication channels. These Android smartphones may store sensitive data such as texts, banking information, personal identification numbers (PIN), contact-based information, GPS/location-specific information, images, movies, IoT device operations, and so on. Furthermore, Android devices are popular among users due to their extensive capabilities and multiple connectivity options, making them a perfect target for attackers. To get their task done, attackers are shifting to methods that neatly disguise existing state-of-the-art equipment and targets. One such strategy is evasion, which is used to deceive security systems or conceal information flow in order to evade detection. On the alternative side, covert channels disguise the existence of exchange itself, making it unidentifiable to both users and cutting-edge technology. These covert channels, by employing evasive methods, become extremely undetectable and bypass security architecture, ensuring the secure maintenance or transmission of the user's confidentiality-based information. The research evaluates and analyses existing state-of-the-art technologies, as well as identifies potential defense mechanisms for mitigating and detecting such threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ceci L (2021) Statistica. Number of available applications in the Google Play Store from December 2009–July 2021

    Google Scholar 

  2. Lalande JF, Wendzel S (2013) Hiding privacy leaks in Android applications using low-attention raising covert channels. Int Conf Availability Reliabil Secur, 701–710

    Google Scholar 

  3. Mazurczyk W, Caviglione L (2014) Steganography in modern smartphones and mitigation techniques. IEEE Commun Surv Tutorials 17(1):334–357

    Article  Google Scholar 

  4. Mazurczyk W, Caviglione L (2015) Information hiding as a challenge for malware detection. Secur Privacy 13(2):89–93

    Article  Google Scholar 

  5. Sharma S, Kumar R, Rama Krishna C (2021) A survey on analysis and detection of Android ransomware. Concurr Comput: Practice Experience 33(16):e6272

    Article  Google Scholar 

  6. Li H, Liu Y, Tan R (2020) Covert device association among colluding apps via edge processor workload. IEEE Internet Things J 7(11):10763–10772

    Article  Google Scholar 

  7. Zhang L, Huang T, Rasheed W, Hu X, Zhao C (2019) An enlarging-the-capacity packet sorting covert channel. IEEE Access 7:145634–145640

    Article  Google Scholar 

  8. Tian J, Xiong G, Li Z, Gou G (2020) A survey of key technologies for constructing network covert channel. Secur Commun Netw 2020:1–20

    Google Scholar 

  9. Lalande JF, Wendzel S (2013) Hiding privacy leaks in android applications using low-attention raising covert channels. In: 2013 international conference on availability, reliability and security, 701–710, IEEE

    Google Scholar 

  10. Elsadig MA, Gafar A (2022) Covert channel detection: machine learning approaches. IEEE Access 10:38391–38405

    Article  Google Scholar 

  11. deGraaf R, Aycock J, Jacobson MJ (2005) Improved port knocking with strong authentication. In: Proc. 21st Annu. Comput. Secur. Appl. Conf. (ACSAC), 10

    Google Scholar 

  12. Qu H, Cheng Q, Yaprak E (2005) Using covert channel to resist DoS attacks in WLAN. Proc. ICWN, pp 38–44

    Google Scholar 

  13. Mazurczyk W, Kotulski Z (2006) New security and control protocol for VoIP based on steganography and digital watermarking. Proceedings 5th international conference computer science research applications (IBIZA)

    Google Scholar 

  14. Vanderhallen S, Van Bulck J, Piessens F, Mühlberg JT (2021) Robust authentication for automotive control networks through covert channels. Comput Netw 193

    Google Scholar 

  15. Zhang X, Zhu L, Wang X, Zhang C, Zhu H, Tan Y-A (2019) A packet-reordering covert channel over VoLTE voice and video traffics. J Netw Comput Appl 126:29–38

    Article  Google Scholar 

  16. Zhang X, Guo L, Xue Y, Zhang Q (2019) A two-way VoLTE covert channel with feedback adaptive to mobile network environment. IEEE Access 7:122214–122223

    Article  Google Scholar 

  17. Wu S, Chen Y, Tian H, Sun C (2021) Detection of covert timing channel based on time series symbolization. IEEE Open J Commun Soc 2:2372–2382

    Article  Google Scholar 

  18. Elsadig MA, Fadlalla YA (2017) Network protocol covert channels: countermeasures techniques. In: Proceedings 9th IEEE-GCC conference exhibition (GCCCE), pp 1–9

    Google Scholar 

  19. Goher SZ, Javed B, Saqib NA (2012) Covert channel detection: a survey based analysis. High capacity opt. network emerging/enabling technology, pp 057–065

    Google Scholar 

  20. Cabaj K, Żórawski P, Nowakowski P, Purski M, Mazurczyk W (2020) Efficient distributed network covert channels for internet of things environments. J Cybersecurity 6(1)

    Google Scholar 

  21. Wendzel S, Mazurczyk W, Haas G (2017) Don’t you touch my nuts: information hiding in cyber physical systems. In: Proceedings IEEE security privacy workshops (SPW), pp 29–34

    Google Scholar 

  22. Smith S (2020) Hiding in the noise: creation and detection analysis of modern covert channels

    Google Scholar 

  23. Tan Y-A, Zhang X, Sharif K, Liang C, Zhang Q, Li Y (2018) Covert timing channels for IoT over mobile networks. IEEE Wireless Commun 25(6):38–44

    Article  Google Scholar 

  24. Harris K, Henry W, Dill R (2022) A network-based IoT covert channel. In: 2022 4th international conference on computer communication and the internet (ICCCI), pp 91–99

    Google Scholar 

  25. Salih A, Ma X, Peytchev E (2017) Implementation of hybrid artificial intelligence technique to detect covert channels attack in new generation internet protocol IPv6. In: Leadership innovation and entrepreneurship as driving forces of the global economy, Cham, Switzerland, Springer, pp 173–190

    Google Scholar 

  26. Lucena NB, Lewandowski G, Chapin SJ (2005) Covert channels in IPv6. In: Proceedings international workshop privacy enhancing technology, 147–166

    Google Scholar 

  27. Caviglione L, Schaffhauser A, Zuppelli M, Mazurczyk W (2022) IPv6CC: IPv6 covert channels for testing networks against stegomalware and data exfiltration. SoftwareX 17:100975

    Article  Google Scholar 

  28. Zhang X, Tan Y-A, Liang C, Li Y, Li J (2018) A covert channel over VoLTE via adjusting silence periods. IEEE Access 6:9292–9302

    Article  Google Scholar 

  29. Zhang X, Pang L, Guo L, Li Y (2020) Building undetectable covert channels over mobile networks with machine learning. In: Proceedings international conference mechanism learning cyber security, pp 331–339

    Google Scholar 

  30. Yuanzhang L, Junli L, Xinting X, Xiaosong Z, Li Z, Quanxin Z (2022) A robust packet‐dropping covert channel for mobile intelligent terminals. Int J Intell Syst

    Google Scholar 

  31. De Hert P, Papakonstantinou V, Kamara I (2016) The cloud computing standard ISO/IEC 27018 through the lens of the EU legislation on data protection. Comput Law Secur Rev 32(1):16–30

    Article  Google Scholar 

  32. Drozd O (2015) Privacy pattern catalogue: a tool for integrating privacy principles of ISO/IEC 29100 into the software development process. In: IFIP international summer school on privacy and identity management. Springer, Cham, pp 129–140

    Google Scholar 

  33. Regulation P (2016) Regulation (EU) 2016/679 of the European Parliament and of the council. Regulation (eu) 679:2016

    Google Scholar 

  34. Hatzivasilis G, Papaefstathiou I, Manifavas C (2016) Software security, privacy, and dependability: metrics and measurement. IEEE Softw 33(4):46–54

    Article  Google Scholar 

  35. Greenwich Academic Literature Archive. [Online]. Available: https://gala.gre.ac.uk/. [Accessed: 19-Mar-2022]

  36. ISECOM 1988–2018. Open source security testing methodology manual, ISECOM

    Google Scholar 

  37. ISO/IEC 15408 (1996–2018) Common criteria for information technology security evaluation, ISO/IEC

    Google Scholar 

  38. Goher SZ, Javed B, Saqib NA (2012) Covert channel detection: a survey based analysis. High Capacity Opt Netw Emerg/Enabling Technol, 057–065

    Google Scholar 

  39. Bugiel S, Davi L, Dmitrienko A, Heuser S, Sadeghi AR, Shastry B (2011) Practical and lightweight domain isolation on Android. In: ACM workshop on security and privacy in smartphones and mobile devices, pp 51–62

    Google Scholar 

  40. Bugiel S, Davi L, Dmitrienko A, Fischer T, Sadeghi AR (2011) XManDroid: a new android evolution to mitigate privilege escalation attacks

    Google Scholar 

  41. Wu L, Grace M, Zhou Y, Wu C, Jiang X (2013) The impact of vendor customizations on android security. In: ACM Sigsac conference on computer and communications security, pp 623–634

    Google Scholar 

  42. Zhou X, Lee Y, Zhang N, Naveed M, Wang XF (2014) The peril of fragmentation: security hazards in android device driver customizations. In: Security and privacy, 409–423

    Google Scholar 

  43. Caviglione L, Gaggero M, Lalande JF, Mazurczyk W, Urbański M (2017) Seeing the unseen: revealing mobile malware hidden communications via energy consumption and artificial intelligence. IEEE Trans Inf Forensics Secur 11(4):799–810

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Engineering and Physical Sciences, Institute of Advanced Research, Gandhina-Gar, Gujarat, India

    Ketaki Pattani

  2. Institute of Technology, Nirma University, Ahmedabad, Gujarat, India

    Sunil Gautam

Authors
  1. Ketaki Pattani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sunil Gautam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ketaki Pattani .

Editor information

Editors and Affiliations

  1. Tata Consultancy Services Ltd., Pune, India

    Neha Sharma

  2. Society for Data Science, Pune, India

    Amol Goje

  3. Faculty of Engineering, A. K. Choudhury School of Information Technology, Kolkata, West Bengal, India

    Amlan Chakrabarti

  4. Faculty of Computer Science, Technion—Israel Institute of Technology, Haifa, Israel

    Alfred M. Bruckstein

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pattani, K., Gautam, S. (2023). Defense and Evaluation Against Covert Channel-Based Attacks in Android Smartphones. In: Sharma, N., Goje, A., Chakrabarti, A., Bruckstein, A.M. (eds) Data Management, Analytics and Innovation. ICDMAI 2023. Lecture Notes in Networks and Systems, vol 662. Springer, Singapore. https://doi.org/10.1007/978-981-99-1414-2_49

Download citation

Publish with us

Policies and ethics

Search

Navigation