Investigative support for information confidentiality

Abstract

With the ubiquity and pervasiveness of computers in daily activities and with the ever-growing complexity of communication networks and protocols, covert channels are becoming an eminent threat to the confidentiality of information. In light of this threat, we propose a technique to detect confidential information leakage via protocol-based covert channels. Although several works examine covert channel detection and analysis from the perspective of information theory by, for instance, analysing channel capacities, we propose a different technique that tackles the problem from a different perspective. The proposed technique takes an algebraic approach using relations. It provides tests to verify the existence of a leakage of information via a monitored covert channel. It also provides computations which show how the information was leaked if a leakage exists. We also discuss possible applications of the proposed technique in cryptanalysis and digital forensics based on a known-plaintext attack. We report on a prototype tool that allows for the automation of the proposed technique.

Appendices

Appendix 1: Proofs of propositions and corollaries

The following proposition provides a selection of properties of relations and residues required for the proofs below.

Proposition 6

Let P and Q be relations.

1. (i)

   \(\overline{\overline{P}} = P\)

2. (ii)

   \(P{^\smallsmile} {^\smallsmile} = P\)

3. (iii)

   \((P \! \cap \! Q)^\smallsmile = P^\smallsmile \! \cap \;\! Q^\smallsmile \,\)

4. (iv)

   \((P ; Q)^\smallsmile = Q^\smallsmile ; P^\smallsmile \,\)

5. (v)

   \(({P}/{Q})^\smallsmile \, = {Q^\smallsmile }\backslash {P^\smallsmile }\)

6. (vi)

   \(({P}\backslash {Q})^\smallsmile \, = {Q^\smallsmile \,}/{P^\smallsmile \,}\)

7. (vii)

   \(({P}/{Q}) ; Q \subseteq P\)

8. (viii)

   \(Q ; ({Q}\backslash {P}) \subseteq P\)

Detailed Proof of Proposition 2

Detailed Proof of Proposition 3

\((\;\Longrightarrow \;) \quad X\,{;}\, P = Q\) has a solution \(\;\Longrightarrow \;Q = ({Q}/{P})\,{;}\, P\)

Detailed Proof of Corollary 1

According to the problem formulation illustrated by Fig. 2, we need to find solutions to either Eq. 1 or 2. Therefore,

Detailed Proof of Proposition 4

\((\;\Longleftarrow \;) \quad Q \subseteq \big (R \; \cap \;({Q}/{P})\big )\,{;}\, P \;\Longrightarrow \;X\,{;}\, P = Q\) has \(R \; \cap \;({Q}/{P})\) as a solution

\((\;\Longrightarrow \;) \quad X\,{;}\, P = Q\) has \(R \; \cap \;({Q}/{P})\) as a solution \(\;\Longrightarrow \;Q \subseteq \big (R \; \cap \;({Q}/{P})\big )\,{;}\, P\)

Detailed Proof of Corollary 2

Detailed Proof of Corollary 3

According to the problem formulation illustrated by Fig. 2, we need to find solutions to Eqs. 1 and 2.

Detailed Proof of Proposition 5

Appendix 2: Cryptanalysis case study

Using the prototype tool described in Sect. 5, we have automated the process of applying the proposed cryptanalysis technique. In Deavours and Kruh (1990), we find a ciphertext originally encrypted using a German Army Enigma machine. This message has since been decrypted and roughly translated into English in Weierud (1998). For illustrative purposes in this case study, we use a portion of the English translation of this message. Since we are dealing with a message that was sent by an army, the need for confidentiality cannot be stressed enough as the unauthorised disclosure of the plaintext of this message could have devastating consequences.

For the purpose of this case study, we have encrypted the message using a substitution cipher. Table 1 shows the ciphertext in its entirety. We provide the highlights of the tool usage for applying the cryptanalysis technique and show how the technique for detecting confidential information leakage, in conjunction with a known-plaintext attack, can break the cipher to uncover the message.

Table 1 Case study ciphertext message

As preparation for the analysis, we first need to enumerate each of the cipher characters so that we are able to represent them for use with the prototype tool. The enumeration is given in Table 2.

Table 2 Case study ciphertext character enumeration

We start by loading the prototype tool modules in the Glasgow Haskell Compiler’s interactive environment (ghci) as follows:

We store the enumerated representation in a file for use with the prototype tool. From this point forward, we call the file containing the enumerated ciphertext cipher.rel. We construct the relational representation of the information contained in the cipher.rel file and store it in the newly created data store, CryptanalysisDB, by issuing the following commands:

The idea is to guess a known word or phrase that is likely to appear in the plaintext message corresponding to the given ciphertext. It is assumed that we know the context of the message. Therefore, we know that the cipher was written during a time of battle and it might be suspected that the author may have been conveying orders to a brigade of commanders and troops. So, we might expect to find words such as “orders”, “troops”, or “forces” in some reference to the conveyance of orders. These would offer formidable starting points for the analysis. However, for simplicity, brevity, and illustrative purposes, suppose that we have obtained a tip by some means (it is not important how) that the message may refer to an attack on a fortification which must not fall to the enemy. Therefore, we might guess that the plaintext message contains the phrase “FORTIFICATIONS MUST BE HELD”. Using the prototype tool, we generate a relation based on this phrase. In our representation of the phrase, we use only uppercase letters and ignore spaces as we are simply trying to find a readable plaintext based on the assumption that spaces are not encoded. We generate a relation based on this phrase by issuing the following command with the prototype tool:

Next, we apply the cryptanalysis procedure based on the proposed technique described in Sect. 6. We use the following command:

As a result of applying the cryptanalysis technique, we find that we have two fragmented possibilities for the cryptographic key. After examining the two possible plaintexts (which are generated by the prototype tool, but not shown here due to space limitations), we see that there is only one plaintext which appears to make any sense. Based on the sensible plaintext, we find that our phrase is succeeded by “A _ _ L _ C O _ _ S” which might suggest that the our guessed phrase is followed by the phrase “AT ALL COSTS”. We can concatenate our original phrase and this new phrase to have a much more refined phrase. After this refinement, we apply the cryptanalysis with the phrase “FORTIFICATIONS MUST BE HELD AT ALL COSTS”. The process of performing the cryptanalysis and its output are given below.

As a result of applying the cryptanalysis, we find that we are left with only one fragmented cryptographic key. As an example, the relation that is output by the prototype tool contains “T” |-> [“16”,“40”,“47”], showing that the letter ‘T’ corresponds to ciphertext characters enumerated as 16, 40, and 47 (in particular “L”, “I”, and “\(\bullet\)”). One can easily fill in many of the blanks in the possible plaintext to reconstruct the original message, which is given in Table 3.

We have demonstrated the application and automation of the technique for detecting confidential information leakage in the context of cryptanalysis. This illustrates the usefulness of the technique beyond the scope of covert channel analysis and detecting confidential information leakages. Using the short illustrative example above, we have shown that in a cryptanalytic investigation where we may be able to perform a known-plaintext attack, we are able to uncover the encrypted message using the proposed cryptanalysis technique.

Table 3 Case study plaintext message