Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP International Conference on Communications and Multimedia Security

CMS 2012: Communications and Multimedia Security pp 131–144Cite as

  1. Home
  2. Communications and Multimedia Security
  3. Conference paper
Systematic Engineering of Control Protocols for Covert Channels

Systematic Engineering of Control Protocols for Covert Channels

  • Steffen Wendzel18 &
  • Jörg Keller18 
  • Conference paper
  • 1009 Accesses

  • 8 Citations

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7394)

Abstract

Within the last years, new techniques for network covert channels arose, such as covert channel overlay networking, protocol switching covert channels, and adaptive covert channels. These techniques have in common that they rely on covert channel-internal control protocols (so called micro protocols) placed within the hidden bits of a covert channel’s payload. An adaptable approach for the engineering of such micro protocols is not available. This paper introduces a protocol engineering technique for micro protocols. We present a two-layer system comprising six steps to create a micro protocol design. The approach tries to combine different goals: (1) simplicity, (2) ensuring a standard-conform behaviour of the underlying protocol if the micro protocol is used within a binary protocol header, as well as we provide an optimization technique to (3) raise as little attention as possible. We apply a context-free and regular grammar to analyze the micro protocol’s behavior within the context of the underlying network protocol.

Keywords

  • Network Covert Channel
  • Covert Channel Control Protocol

Download conference paper PDF

References

  1. Baldoni, M., Baroglio, C., Martelli, A., Patti, V., Schifanella, C.: Verifying Protocol Conformance for Logic-Based Communicating Agents. In: Leite, J., Torroni, P. (eds.) CLIMA 2004. LNCS (LNAI), vol. 3487, pp. 196–212. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  2. Bauer, M.: New covert channels in HTTP: adding unwitting web browsers to anonymity sets. In: Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society, WPES 2003, pp. 72–78. ACM, New York (2003)

    CrossRef  Google Scholar 

  3. Bouajjani, A., Esparza, J., Finkel, A., Maler, O., Rossmanith, P., Willems, B., Wolper, P.: An efficient automata approach to some problems on context-free grammars. Inf. Process. Lett. 74(5-6), 221–227 (2000)

    CrossRef  MathSciNet  MATH  Google Scholar 

  4. Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert Messaging through TCP Timestamps. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 194–208. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  5. Girling, C.G.: Covert channels in LAN’s. IEEE Transactions on Software Engineering 13, 292–296 (1987)

    CrossRef  Google Scholar 

  6. Gorodetski, V., Kotenko, I.: Attacks Against Computer Network: Formal Grammar-Based Framework and Simulation Tool. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 219–238. Springer, Heidelberg (2002)

    CrossRef  Google Scholar 

  7. Handley, M., Paxson, V., Kreibich, C.: Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In: 10th USENIX Security Symposium, vol. 10, pp. 115–131 (2001)

    Google Scholar 

  8. Koenig, H.: Protocol Engineering. Teubner (2003) (in German)

    Google Scholar 

  9. Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)

    CrossRef  Google Scholar 

  10. Li, W., He, G.: Towards a Protocol for Autonomic Covert Communication. In: Calero, J.M.A., Yang, L.T., Mármol, F.G., García Villalba, L.J., Li, A.X., Wang, Y. (eds.) ATC 2011. LNCS, vol. 6906, pp. 106–117. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  11. Linn, R.J., McCoy, W.H.: Producing tests for implementations of OSI protocols. In: Protocol Specification, Testing, and Verification, pp. 505–520 (1983)

    Google Scholar 

  12. Lucena, N.B., Lewandowski, G., Chapin, S.J.: Covert Channels in IPv6. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 147–166. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  13. Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann (1996)

    Google Scholar 

  14. McHugh, J.: Covert channel analysis. Technical Memo 5540, 080a (1995)

    Google Scholar 

  15. Murdoch, S.J.: Covert channel vulnerabilities in anonymity systems. Ph.D. thesis, University of Cambridge (Computer Laboratory) (2007)

    Google Scholar 

  16. OpenBSD: pf.conf - packet filter configuration file (manual page) (July 2011)

    Google Scholar 

  17. Ray, B., Mishra, S.: A protocol for building secure and reliable covert channel. In: Korba, L., Marsh, S., Safavi-Naini, R. (eds.) PST, pp. 246–253. IEEE (2008)

    Google Scholar 

  18. Rowland, C.H.: Covert channels in the TCP/IP protocol suite. First Monday 2(5) (May 1997), http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/528/449 (access: March 02, 2012)

  19. Rozenberg, G., Salomaa, A.: The Mathematical Theory of L Systems. Academic Press (1980)

    Google Scholar 

  20. Snort Project: Snort users manual 2.9.0 (March 2011)

    Google Scholar 

  21. Stødle, D.: Ping tunnel – for those times when everything else is blocked (2009), http://www.cs.uit.no/~daniels/PingTunnel/ (access: March 05, 2012)

  22. Wendzel, S.: The problem of traffic normalization within a covert channel’s network environment learning phase. In: Sicherheit 2012. LNI, vol. 195, pp. 149–161 (2012)

    Google Scholar 

  23. Wendzel, S., Keller, J.: Low-Attention Forwarding for Mobile Network Covert Channels. In: De Decker, B., Lapon, J., Naessens, V., Uhl, A. (eds.) CMS 2011. LNCS, vol. 7025, pp. 122–133. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  24. Yarochkin, F.V., Dai, S.Y., et al.: Towards adaptive covert communication system. In: PRDC, pp. 153–159. IEEE Computer Society (2008)

    Google Scholar 

  25. Zander, S., Armitage, G., Branch, P.: Covert channels and countermeasures in computer network protocols. IEEE Comm. Magazine 45(12), 136–142 (2007)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Mathematics and Computer Science, University of Hagen, 58084, Hagen, Germany

    Steffen Wendzel & Jörg Keller

Authors
  1. Steffen Wendzel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jörg Keller
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, IBBT-DistriNet, K.U. Leuven, Celestijnenlaan 200A, 3001, Leuven, Belgium

    Bart De Decker

  2. School of Computing, University of Kent, CT2 7NZ, Canterbury, Kent, UK

    David W. Chadwick

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Wendzel, S., Keller, J. (2012). Systematic Engineering of Control Protocols for Covert Channels. In: De Decker, B., Chadwick, D.W. (eds) Communications and Multimedia Security. CMS 2012. Lecture Notes in Computer Science, vol 7394. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32805-3_11

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-32805-3_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32804-6

  • Online ISBN: 978-3-642-32805-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature