Advertisement

Covert channels in TCP/IP protocol stack - extended version-

  • Aleksandra Mileva
  • Boris Panajotov
Review Article
  • 139 Downloads

Abstract

We give a survey of different techniques for hiding data in several protocols from the TCP/IP protocol stack. Techniques are organized according to affected layer and protocol. For most of the covert channels its data bandwidth is given.

Keywords

network steganography data hiding Internet layer transport layer application layer 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    B. Lampson, A Note on the Confinement Problem, Communications of the ACM 16(10), 613–615, 1973CrossRefGoogle Scholar
  2. [2]
    Department of Defence, Department of defence trusted computer system evaluation criteria, Technical Report DOD 5200.28-ST., Supersedes CSC-STD-001-83, December 1985Google Scholar
  3. [3]
    J. Gray, Countermeasures and tradeoffs for a class of covert timing channels, 1994, Available at: http://repository.ust.hk/dspace/bitstream/1783.1/25/1/tr94-18.pdf Google Scholar
  4. [4]
    P. R. Gallagher, A Guide to Understanding Covert Channel Analysis of Trusted Systems (National Computer Security Center, USA, 1993)Google Scholar
  5. [5]
    G. J. Simmons, In: D. Chaum (ed.), The prisoners problem and the subliminal channel, Crypto’ 83, Advances in Cryptography (Springer, US, 1984) pp. 51–67Google Scholar
  6. [6]
    W. Mazurczyk, K. Szczypiorski, In: Z. Tari (ed.), Steganography of VoIP Streams On the Move to Meaningful Internet Systems (OTM 2008), Monterrey, Mexico, November 9–14, 2008, LNCS vol. 5332, 1001–1018Google Scholar
  7. [7]
    M. Wolf, In: T. A. Berson, Covert channels in LAN protocols, Beth, T. (Eds.) proceedings of: Workshop on Local Area Network Security (LANSEC 89), Karlsruhe, FRG, April 3–6, 1989, LNCS vol. 396, 91–102Google Scholar
  8. [8]
    T. Handel, M. Sandford, In Anderson R. (ed.), Hiding data in the OSI network model, Information Hiding, Cambridge, U.K., May 30–June 1, 1996, LNCS vol. 1174, 23–38Google Scholar
  9. [9]
    S. J. Murdoch, S. Lewis, In M. Barni, J. Herrera Joancomartí, S. Katzenbeisser, F. Pérez-González (Eds.), Embedding Covert Channels into TCP/IP, proceedings of: 7th Information Hiding Workshop, Barcelona, Spain, June 6–8, 2005, LNCS vol. 3727, 247–261Google Scholar
  10. [10]
    C. H. Rowland, Covert channels in the TCP/IP protocol suite, DoIS Documents in Information Science, May 1997Google Scholar
  11. [11]
    D. V. Forte, SecSyslog: An Approach to Secure Logging Based on Covert Channels, In proceedings of: First International Workshop of Systematic Approaches to Digital Forensic Engineering (SADFE 2005), Taipei, Taiwan, November 7–10, 2005, 248–263Google Scholar
  12. [12]
    R. deGraaf, J. Aycock, M. Jacobson Jr., Improved Port Knocking with Strong Authentication, In proceedings of: the 21st Annual Computer Security Applications Conference (ACSAC 2005), Tucson, AZ, December 5–9, 2005Google Scholar
  13. [13]
    N. Feamster, M. Balazinska, G. Harfst, H. Balakrishnan, D. Karger, Infranet: Circumventing Web Censorship and Surveillance, In proceedings of: the 11th USENIX Security Symposium, San Francisco, CA, August 8–12, 2002, 247–262Google Scholar
  14. [14]
    S. Burnett, N. Feamster, S. Vempala, Chipping Away at Censorship Firewalls with User-Generated Content, In proceedings of: the 19th USENIX conference on Security (USENIX Security’10), Washington, DC, August 11–13, 2010Google Scholar
  15. [15]
    A. Houmansadr, T. Riedl, N. Borisov, E. Singer, I want my voice to be heard: IP over Voice-over-IP for unobservable censorship circumvention, In proceedings of: the 20th NDSS Symposium 2013, San Diego, USA, February 24–27, 2013Google Scholar
  16. [16]
    W. Mazurczyk, Z. Kotulski, In: J. Górski (ed.), New VoIP Traffic Security Scheme with Digital Watermarking, proceedings of: SafeComp 2006, Gdansk, Poland, September 26–29, 2006, LNCS vol. 4166, 170–181Google Scholar
  17. [17]
    W. Mazurczyk, Z. Kotulski, New Security and Control Protocol for VoIP Based on Steganography and Digital Watermarking, Ann. UMCS Inform. 5, 417–426, 2006Google Scholar
  18. [18]
    A. Houmansadr, N. Kiyavash, N. Borisov, RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows, In proceedings of: the 16th NDSS Symposium 2009, San Diego, USA, February 8–11, 2009Google Scholar
  19. [19]
    A. Houmansadr, N. Borisov, SWIRL: A scalable watermark to detect correlated network flows, In proceedings of: the 18th NDSS Symposium 2009, San Diego, USA, February 6–9, 2011Google Scholar
  20. [20]
    X. Wang, S. Chen, S. Jajodia, Tracking anonymous peer-to-peer voip calls on the internet, in proceedings of: the 2005 ACM Conference on Computer and Communications Security, November 2005Google Scholar
  21. [21]
    X. Wang, D. S. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of inter packet delays, in proceedings of: the 2003 ACM Conference on Computer and Communications Security, October 2003Google Scholar
  22. [22]
    E. Jones, O. Le Moigne, J.-M. Robert, IP Traceback Solutions Based on Time to Live Covert Channel, In proceedings of: 12th IEEE International Conference on Networks (ICON 2004), November 16–19, 2004, 451–457Google Scholar
  23. [23]
    W. Mazurczyk, M. Karas, K. Szczypiorski, SkyDe: a Skype-based Steganographic Method, Int. J. Comput. Commun. Control 8(3), 389–400, 2013Google Scholar
  24. [24]
    P. Kopiczko, W. Mazurczyk, K. Szczypiorski, StegTorrent: a steganographic method for P2P files sharing service, in proceedings of: IEEE Symposium on Security and Privacy Workshops 2013, San Francisco, CA, May 23–24, 2013, 151–157Google Scholar
  25. [25]
    P. Bialczak, W. Mazurczyk, K. Szczypiorski, Sending Hidden Data via Google Suggest, arXiv:1107.4062Google Scholar
  26. [26]
    X. Luo, E. Chan, R. Chang, Crafting Web Counters into Covert Channels, in proceedings of: IFIP 2007, Sandton, South Africa, 2007, 337–348Google Scholar
  27. [27]
    E. Zielinska, W. Mazurczyk, K. Szczypiorski, Development Trends in Steganography, Commun. ACM 57(2), 2014 (in press)Google Scholar
  28. [28]
    S. Zander, G. Armitage, P. Branch, A survey of covert channels and countermeasures in computer network protocols, IEEE Communications Surveys and Tutorials 9(3), 44–57, 2007CrossRefGoogle Scholar
  29. [29]
    P. Peng, P. Ning, D. Reeves, On the secrecy of timing-based active watermarking trace-back techniques, in proceedings of: the 2006 IEEE Symposium on Security and Privacy, Oakland, USA, May 2006Google Scholar
  30. [30]
    D. Llamas, C. Allison, A. Miller, Covert Channels in Internet Protocols: A Survey, In proceedings of: the 6th Annual Postgraduate Symposium about the Convergence of Telecommunications, Networking and Broadcasting (PGNET), Liverpool, UK, June 27–28, 2005Google Scholar
  31. [31]
    M. Smeets, M. Koot, Covert Channels, Research Report (University of Amsterdam, Amsterdam, 2006)Google Scholar
  32. [32]
    P. Allix, Covert channels analysis in TCP/IP networks, IFIPS School of Engineering, University of Paris-Sud XI, Orsay, France, 2007Google Scholar
  33. [33]
    J. C. Smith, Covert Shells, SANS GIAC Reading Room, 2000Google Scholar
  34. [34]
    M. C. Perkins, Hiding out in Plaintext: Covert Messaging with Bitwise Summations, Master thesis (Iowa State University, 2005)Google Scholar
  35. [35]
    B. Jankowski, W. Mazurczyk, K. Szczypiorski, PadSteg: Introducing Inter-Protocol Steganography, Telecomm. Syst. 52(2), 1101–1111, 2013Google Scholar
  36. [36]
    P. Dong, H. Qian, Z. Lu, S. Lan, A Network Covert Channel Based on Packet Classification, Int. J. Network Security 14(2), 109–116, 2012Google Scholar
  37. [37]
    K. Ahsan, D. Kundur, Practical data hiding in TCP/IP, In proceedings of: Multimedia and Security Workshop at ACM Multimedia 2002, Juan-les-Pins, France, December 1–6, 2002Google Scholar
  38. [38]
    K. Ahsan, Covert channel analysis and data hiding in TCP/IP, Master thesis (University of Toronto, 2002)Google Scholar
  39. [39]
    E. Cauich, R. Gómez, R. Watanabe, In: F. F. Ramos, V. L. Rosillo, H. Unger (Eds.), Data Hiding in Identification and Offset IP Fields, Proceedings of 5th International School and Symposium of Advanced Distributed Systems (ISSADS) 2005, LNCS vol. 3563, (Springer, Berlin, Heidelberg, 2005) pp. 118–125Google Scholar
  40. [40]
    W. Mazurczyk, K. Szczypiorski, Steganography in handling oversized IP packets, In proceedings of: First International Workshop on Network Steganography (IWNS 2009), Wuhan, China, November 18–20, 2009Google Scholar
  41. [41]
    H. Qu, P. Su, D. Feng, A Typical Noisy Covert Channel in the IP Protocol, In proceedings of: the 38th Annual International Carnahan Conference of Security Technology, October 11–14, 2004, 189–192Google Scholar
  42. [42]
    S. Zander, G. Armitage, P. Branch, Covert Channels in the IP Time To Live Field, In proceedings of: the Australian Telecommunication Networks and Applications Conference (ATNAC), Melbourne, December 4–6, 2006Google Scholar
  43. [43]
    vecna, B0CK, Butchered From Inside, 2000, 7(2)Google Scholar
  44. [44]
    C. Abad, IP checksum covert channels and selected hash collision, Technical report (University of California, 2001)Google Scholar
  45. [45]
    Z. Trabelsi, H. El-Sayed, L. Frikha, T. Rabie, Traceroute Based IP Channel for Sending Hidden Short Messages, In proceedings of: First International Workshop on Security Advances in Information and Computer Security (IWSEC 2006), Kyoto, Japan, October 23–24, 2006, LNCS vol. 4266, 421–436Google Scholar
  46. [46]
    Z. Trabelsi, H. El-Sayed, L. Frikha, T. Rabie, A novel covert channel based on the IP header record route option, Int. J. Adv. Media Commun 1(4), 328–350, 2007CrossRefGoogle Scholar
  47. [47]
    W. Mazurczyk, K. Szczypiorski, Evaluation of steganographic methods for oversized IP packets, Telecommun. Syst. 49, 207–217, 2012CrossRefGoogle Scholar
  48. [48]
    S. D. Servetto, M. Vetterli, Communication using phantoms: covert channels in the Internet. In proceedings of: IEEE International Symposium on Information Theory (ISIT), Washington, DC, June 24–29, 2001Google Scholar
  49. [49]
    A. El-Atawy, E. Al-Shaer, Building Covert Channels over the Packet Reordering Phenomenon, in proceedings of: IEEE INFOCOM 2009, 2186–2194Google Scholar
  50. [50]
    A. Galatenko, A. Grusho, A. Kniazev, E. Timonina, Statistical Covert Channels Through PROXY Server, In proceedings of: Third International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, St. Petersburg, Russia, 2005, LNCS vol. 3685, 424–429Google Scholar
  51. [51]
    M. A. Padlipsky, D. W. Snow, P. A. Karger, Limitations of End-to-End Encryption in Secure Computer Networks, Technical Report ESD-TR-78-158, Mitre Corporation, August 1978Google Scholar
  52. [52]
    S. Cabuk, C. E. Brodley, C. Shields, IP covert timing channels: Design and detection, In Proceedings of: the 11th ACM Conference on Computer and Communications Security, Washington DC, USA, 2004, ACM Press, 178–187Google Scholar
  53. [53]
    V. Berk, A. Giani, G. Cybenko, Detection of Covert Channel Encoding in Network Packet Delays, Technical Report TR2005-536, Department of Computer Science, Dartmouth College, 2005Google Scholar
  54. [54]
    G. Shah, A. Molina, M. Blaze, Keyboards and Covert Channels, In proceedings of: 15th USENIX Security Symposium, Vancouver, Canada, August 2006, 59–75Google Scholar
  55. [55]
    S. Cabuk, Network covert channels: design, analysis, detection and elimination, PhD thesis (Purdue University, 2006)Google Scholar
  56. [56]
    S. Gianvecchio, H. Wang, D. Wijesekera, S. Jajodia, Model-based covert timing channels: Automated modeling and evasion, in: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008, LNCS, vol. 5230 (Springer, 2008) pp. 211–230Google Scholar
  57. [57]
    S. H. Sellke, C.-C. Wang, S. Bagchi, N. Shroff, TCP/IP Timing Channels: Theory to Implementation, In proceedings of: the 28th Conference on Computer Communications (IEEE INFOCOM), Rio de Janeiro, Brazil, April 19–25, 2009Google Scholar
  58. [58]
    V. Paxson, S. Floyd, Wide-area traffic: the failure of Poisson modeling, IEEE/ACM T. Network. 3(3), 226–244, 1995CrossRefGoogle Scholar
  59. [59]
    S. Zander, G. Armitage, P. Branch, Stealthier Inter-packet Timing Covert Channels, in proceedings of: 10th International IFIP TC 6 Networking Conference, Valencia, Spain, May 9–13, 2011, LNCS vol. 6640, 458–470Google Scholar
  60. [60]
    Z. Trabelsi, I. Jawhar, Covert File Transfer Protocol Based on the IP Record Route Option, J. Inform. Assurance Security 5, 64–73, 2010Google Scholar
  61. [61]
    S. Gianvecchio, H. Wang, An Entropy-Based Approach to Detecting Covert Timing Channels, IEEE T. Dependable and Secure Computing 8(6), 785–797, 2011CrossRefGoogle Scholar
  62. [62]
    T. Graf, Messaging over IPv6 Destination Options, Swiss Unix User Group, 2003Google Scholar
  63. [63]
    N. B. Lucena, G. Lewandowski, S. J. Chapin, In: G. Danezis, D. Martin (Eds.), Covert Channels in IPv6, Proceedings of: the 5th International Workshop Privacy Enhancing Technologies (PET 2005), Dubrovnik, May 30–June 1, 2005, 147–166Google Scholar
  64. [64]
    daemon9, AKA, and route, Project Loki, Phrack Magazine 49, 6, 1996Google Scholar
  65. [65]
    daemon9, Loki2 (the implementation), Phrack Magazine 51, 6, 1997Google Scholar
  66. [66]
    A. Singh, C. Lu, O. Nordstrom, A. L. M. dos Santos, In: Y. Mu, W. Susilo, J. Seberry (Eds.), Malicious ICMP Tunneling: Defense against the Vulnerability, proceedings of: the 8th Australasian Conference on Information Security and Privacy (ACISP), Wollongong, Australia, July 9–11, 2003, LNCS vol. 5107 (Springer, 2003) pp. 226–236Google Scholar
  67. [67]
    M. Muench, ICMP-Chat, 2003, Available at http://icmpchat.sourceforge.net/ Google Scholar
  68. [68]
    L. Zelenchuk, Skeeve — ICMP Bounce Tunnel, 2004, available at: http://www.gray-world.net/poc_skeeve.shtml Google Scholar
  69. [69]
    G. Thomer, IP-over-ICMP using ICMPTX, 2005, available at: http://thomer.com/icmptx/ Google Scholar
  70. [70]
    D. Stødle, Ping Tunnel, 2011, Available at: http://www.cs.uit.no/~daniels/PingTunnel/ Google Scholar
  71. [71]
    R. Murphy, V00d00n3t — Ipv6 / ICMPv6 Covert Channel, DefCon, Las Vegas, 2006Google Scholar
  72. [72]
    K. Stokes, B. Yuan, D. Johnson, P. Lutz, In: K. Elleithy, T. Sobh, M. Iskander, V. Kapila, M. A. Karim, A. Mahmood (Eds.), ICMP covert channel resiliency, Technological Developments in Networking, Education and Automation, 2010, 503–506Google Scholar
  73. [73]
    B. Ray, S. Mishra, In: L. Korba, S. Marsh, R. Safavi-Naini (Eds.), A Protocol for Building Secure and Reliable Covert Channel, proceedings of: the Sixth Annual Conference on Privacy, Security and Trust (PST 2008), Fredericton, New Brunswick, Canada, October 1–3, 2008, 246–253Google Scholar
  74. [74]
    C. Scott, Network Covert Channels: Review of Current State and Analysis of Viability of the use of X.509 Certificates for Covert Communications, Technical Report RHUL-MA-2008-11, Department of Mathematics, Roal Holloway, University of London, 2008Google Scholar
  75. [75]
    R. Rios, J. A. Onieva, J. Lopez, HIDE_DHCP: Covert Communications Through Network Configuration Messages, In proceedings of: 27th IFIP TC 11 Information Security and Privacy Conference, Heraklion, Crete, Greece, June 4–6, 2012, IFIP Adv. Inform. Commun. Technol. 376, 162–173, 2012Google Scholar
  76. [76]
    J. Giffin, R. Greenstadt, P. Litwack, R. Tibbetts, In: R. Dingledine, P. Syverson (Eds.), Covert Messaging Through TCP Timestamps, Proceedings of the 2nd international conference on Privacy enhancing technologies (PET 2002), San Francisco, CA, April 14–15, 2002, 194–208Google Scholar
  77. [77]
    L. Ji, Y. Fan, C. Ma, Covert channel for local area network, In proceedings of: IEEE International Conference of Wireless Communications, Networking and Information Security (WCNIS 2010), 2010, 316–319Google Scholar
  78. [78]
    J. Rutkowska, The Implementation of Passive Covert Channels in the Linux Kernel, Chaos Communication Congress, 2004Google Scholar
  79. [79]
    A. Hintz, Covert Channels in TCP and IP Headers, DefCon 10, Las Vegas, Nevada, August 2–4, 2003Google Scholar
  80. [80]
    E. Tumoian, M. Anikeev, Detecting NUSHU Covert Channels Using Neural Networks, Technical report (Taganrog State University of Radio Engineering, 2005)Google Scholar
  81. [81]
    R. Chakinala, A. Kumarasubramanian, R. Manokaran, G. Noubir, C. Pandu Rangan, R. Sundaram, Steganographic communication in ordered channels, In proceedings of: the 8th International Conference on Information Hiding Workshop, Alexandria, VA, USA, July 10–12, 2006 (Springer-Verlag Berlin, Heidelberg, 2006) pp. 42–57Google Scholar
  82. [82]
    X. Luo, E. Chan, R. Chang, Cloak: A ten-fold way for reliable covert communications, in proceedings of: ESORICS 2007, Dresden, Germany, September 24–26, 2007, LNCS vol. 4734, 283–298Google Scholar
  83. [83]
    X. Luo, E. Chan, R. Chang, TCP Covert Timing Channels: Design and Detection, In proceedings of: IEEE International Conference on Dependable Systems and Networks With FTCS and DCC, Anchorage, Alaska, June 24–27, 2008, 420–429Google Scholar
  84. [84]
    X. Luo, E. Chan, R. Chang, CLACK: A network covert channel based on partial acknowledgement encoding, In proceedings of: IEEE International Conference on Communications, Dresden, Germany, June 14–18, 2009, 1–5Google Scholar
  85. [85]
    X. Luo, P. Zhou, E. Chan, R. Chang, W. Lee, A Combinatorial Approach to Network Covert Communications with Applications in Web Leaks, In proceedings of: IEEE/IFIP 41st International Conference on Dependable Systems and Networks (DSN 2011), Hong Kong, June 27–30, 2011, 474–485Google Scholar
  86. [86]
    G. Fisk, M. Fisk, C. Papadopoulos, J. Neil, In: F. A. P. Petitcolas (Ed.), Eliminating steganography in Internet traffic with active wardens, 5th International Workshop on Information Hiding (IH), 2002, LNCS vol. 2578, 18–35Google Scholar
  87. [87]
    J. S. Thyer, Covert Data Storage Channel Using IP Packet Headers (SANS Institute, 2008)Google Scholar
  88. [88]
    W. Mazurczyk, M. Smolarczyk, K. Szczypiorski, Retransmission Steganography Applied, In proceedings of: 2010 International Conference on Multimedia Information Networking and Security (MINES), Nanjing, China, November 4–6, 2010, 846–850Google Scholar
  89. [89]
    W. Mazurczyk, M. Smolarczyk, K. Szczypiorski, On Information Hiding in Retransmissions, Telecommun. Syst. Modelling, Analysis, Design and Management 52(2), 1113–1121, 2013Google Scholar
  90. [90]
    K. Anjan, J. Abraham, Behavioral Analysis of Transport Layer Based Hybrid Covert Channel, In proceedings of: Third International Conference of Recent Trends in Network Security nd Applications (CNSA 2010), Chennai, India, July 23-25, 2010 (Springer Berlin Heidelberg, 2010) pp. 83–92Google Scholar
  91. [91]
    K. Anjan, J. Abraham, M. Jadhav, Design of Transport Layer Based Hybrid Covert Channel Detection Engine, arXiv:1101.0104Google Scholar
  92. [92]
    vanHauser, Placing Backdoors through Firewalls, The Hacker’s Choice, 1999Google Scholar
  93. [93]
    P. Pack, W. Streilein, S. Webster, R. Cunningham, Detecting http Tunneling Activities, in proceedings of: 3rd Annual Information Assurance Wksp., West Point, NY, USA, June 17–19, 2002Google Scholar
  94. [94]
    K. Borders, A. Prakash, Web Tap: Detecting Covert Web Traffic, in proceedings of: 11th ACM Conf. Computer and Communications Security (CCS), 110–120, October 2004Google Scholar
  95. [95]
    P. Padgett, Corkscrew, 2011, Available at http://www.agroman.net/corkscrew/ Google Scholar
  96. [96]
    L. Bowyer, Firewall Bypass via protocol Steganography, Network Penetration, 2002Google Scholar
  97. [97]
    A. Dyatlov, S. Castro, Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the http protocol, Gray-world, USA, June, 2003Google Scholar
  98. [98]
    M. Bauer, New Covert Channels in http: Adding Unwitting Web Browsers to Anonymity Sets. In Proceedings of Workshop on Privacy Electronic Society (WPES 2003), Washington, DC, USA, October 30, 2003, 72–78Google Scholar
  99. [99]
    H. -G. Eßer, F. C. Freiling, Kapazitätsmessung eines verdeckten Zeitkanals über http, Technical Report TR-2005-10 (Universität Mannheim, 2005)Google Scholar
  100. [100]
    P. LeBoutillier, 2005, HTTunnel, Available at: http://sourceforge.net/projects/httunnel/ Google Scholar
  101. [101]
    Z. Kwecka, Application Layer Covert Channel Analysis and Detection, Technical Report (Napier University Edinburgh, 2006)Google Scholar
  102. [102]
    M. Van Horenbeeck, Deception on the network: thinking differently about covert channels, In proceedings of; Australian Information Warfare and Security Conference, Perth, Western Australia, December 4–5, 2006, 174–184Google Scholar
  103. [103]
    S. Castro, Gray World Team: Cooking Channels, hakin9 Magazine, May 2006, 50–57Google Scholar
  104. [104]
    R. Duncan, J. E. Martina, Steganographic Message Broadcasting using Web Protocols, In proceedings of: Simposio Brasilerio de Seguranca (SBSeg 2010), Fortaleza, Brasil, 2010Google Scholar
  105. [105]
    Z. Kwecka, Application Layer Covert Channel Analysis and Detection, Technical Report (Napier University Edinburgh, 2006)Google Scholar
  106. [106]
    J. Blascoa, J. C. Hernandez-Castrob, J. M. de Fuentes, B. Ramosa, A framework for avoiding steganography usage over http, J. Network Computer Appl. 35(1), 491–501, 2012CrossRefGoogle Scholar
  107. [107]
    D. Alman, http Tunnels Though Proxies (SANS Institute, 2003)Google Scholar
  108. [108]
    X. Zou, Q. Li, S.-H. Sun, X. Niu, In: R. Khosla, R. J. Howlett, L. C. Jain (Eds.), The Research on Information Hiding Based on Command Sequence of FTP Protocol, proceedings of: the 9th International Conference on Knowledge-Based Intelligent Information and Engineering Systems (KES 2005), Melbourne, Australia, September 14–16, 2005, LNCS vol. 3683, 1079–1085Google Scholar
  109. [109]
    savannah.nongnu.org, NSTX, 2002, Available at http://savannah.nongnu.org/projects/nstx/ Google Scholar
  110. [110]
    L. Nussbaum, P. Neyron, O. Richard, On Robust Covert Channels Inside DNS, In proceedings of: 24th IFIP TC 11 International Information Security Conference (SEC 2009), Pafos, Cyprus, May 182-20, 2009, 51–62Google Scholar
  111. [111]
    T. Pietraszek, 2004, DNSCat, Available at: http://tadek.pietraszek.org/projects/DNScat/ Google Scholar
  112. [112]
    D. Kaminsky, OzymanDNS, 2004, Available at: http://dankaminsky.com/2004/07/29/51/ Google Scholar
  113. [113]
    Anonymous, DNS Covert Channels and Bouncing Techniques, 2005, Available at: http://seclists.org/fulldisclosure/2005/Jul/att-452/p63_dns_worm_covert_channel.txt
  114. [114]
    O. Dembour, C. Collignon, DNS2TCP, 2008, Available at: http://hsc.fr/ressources/outils/dns2tcp/ Google Scholar
  115. [115]
    Kryo, iodine, 2010, Available at: http://code.kryo.se/iodine/
  116. [116]
    L. Y. Bai, Y. Huang, G. Hou, B. Xiao, In: J. -S. Pan, X. Niu, H.-C. Huang, L. C. Jain (Eds.), Covert Channels Based on Jitter Field of the RTCP Header, Proceedings of the Fourth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IEEE Computer Society, 2008, 1388–1391Google Scholar
  117. [117]
    Y. Lizhi, H. Yongfeng, Y. Jian, L. Y. Bai, A Novel Covert Timing Channel Based on RTP/RTCP, Chinese J. Electron. 21(4), 711–714, 2012Google Scholar
  118. [118]
    W. Mazurczyk, Lost Audio Packets Steganography: The First Practical Evaluation, Journal of Security and Communication Networks 5(12), 1394–1403, 2012CrossRefGoogle Scholar
  119. [119]
    W. Mazurczyk, K. Szczypiorski, Covert Channels in SIP for VoIP Signalling, Communications in Computer and Information Science 12, 65–72, 2008CrossRefGoogle Scholar
  120. [120]
    N. Lucena, J. Pease, P. Yadollahpour, S. J. Chapin, Syntax and Semantics-Preserving Application-Layer Protocol Steganography, In proceedings of: 6th Information Hiding Workshop, Toronto, Canada, May 23–25, 2004, LNCS vol. 3200, 164–179Google Scholar
  121. [121]
    R. A. Kemmerer, Shared Resource Matrix Methodology: an Approach to Identifying Storage and Timing Channels, ACM T. Comput. Syst. (TOCS) 1(3), 256–277, 1983CrossRefGoogle Scholar
  122. [122]
    R. A. Kemmerer, A Practical Approach to Identifying Storage and Timing Channels: Twenty Years Later, in proceedings of: Annual Computer Security Applications Conference (ACSAC), Dec. 2002, 109–118Google Scholar
  123. [123]
    A. L. Donaldson, J. McHugh, K. A. Nyberg, Covert Channels in Trusted LANs, in proceedings of: 11th NBS/NCSC National Computer Security Conference, October 1988, 226–232Google Scholar
  124. [124]
    R. A. Kemmerer, P. Porras, Covert Flow Trees: A Visual Approach to Analysing Covert Storage Channels, IEEE Trans. Software Eng. SE-17(11), 1166–1185, 1991CrossRefGoogle Scholar
  125. [125]
    A. Giani, V. Berk, G. Cybenko, Covert channel detection using process query systems, in proceedings of: FLoCon 2005Google Scholar
  126. [126]
    G. R. Malan, D. Watson, F. Jahanian, P. Howell, Transport and application protocol scrubbing, in proceedings of: the IEEE INFOCOM 2002 Conference, 1381–1390, Tel-Aviv, Israel, 2000Google Scholar
  127. [127]
    S. Gianvecchio, H. Wang, Detecting Covert Timing Channels: An Entropy-Based Approach, in proceedings of: ACM CCS 2007, Alexandria, USA, October 28–31, 2007Google Scholar
  128. [128]
    T. Sohn, J. Seo, J. Moon, In; P. Perner, S. Qing, D. Gollmann, J. Zhou (eds.), A study on the covert channel detection of TCP/IP header using support vector machine, Information and Communications Security, LNCS vol. 2836, 313–324 (Springer-Verlag, 2003)CrossRefGoogle Scholar
  129. [129]
    M. Handley, V. Paxson, Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In proceedings of: the 10th USENIX Security Symposium, Washington, DC, August 13–17, 2001Google Scholar
  130. [130]
    A. B. Jeng, M. D. Abrams, On Network Covert Channel Analysis, in proceedings of: 3rd Aerospace Computer Security Conference, Orlando, FL, USA, December 7–11, 1987Google Scholar
  131. [131]
    H. Wei-Ming, Reducing Timing Channels with Fuzzy Time, in proceedings of: IEEE Computer Society Symposium Research in Security and Privacy, Oakland, CA, USA, May, 1991, 8–20Google Scholar

Copyright information

© Versita Warsaw and Springer-Verlag Wien 2014

Authors and Affiliations

  1. 1.Faculty of Computer ScienceUniversity Goce DelčevŠtipThe Republic of Macedonia

Personalised recommendations