Covert Channels
description
Transcript of Covert Channels
Covert ChannelsCovert ChannelsJohn DabneyJohn Dabney
Covert ChannelsCovert Channels
“. . . any communication channel that can be exploited by a process to transfer information in a manner that violates the system's security policy.
- National Institute of Standards and Technology
““a path of communication that was not a path of communication that was not designed to be used for communication.” designed to be used for communication.”
- Matt Bishop- Matt Bishop
SteganographySteganography
““the practice of concealing information in channels that superficially appear benign.””
““While cryptography is about protecting While cryptography is about protecting the content of messages, steganography the content of messages, steganography is about concealing their very existence.” – is about concealing their very existence.” – Fabien Petitcolas Fabien Petitcolas
PropertiesProperties ExistenceExistence
Hide the fact that communication is taking placeHide the fact that communication is taking place BandwidthBandwidth
Unused Unused DetectabilityDetectability
EvaluationEvaluation Ease of implementationEase of implementation RangeRange PermissibilityPermissibility Probability of detectionProbability of detection AnonymityAnonymity
““Unobservable”Unobservable” ““Unlinkable”Unlinkable”
UsageUsage NetworkNetwork
Wireless - Corrupted headersWireless - Corrupted headers Modifying header fields Modifying header fields
Optional/mandatory – bits used infrequently raise Optional/mandatory – bits used infrequently raise risk of detectionrisk of detection
Modifying existing trafficModifying existing traffic Audio and Video stenograms Audio and Video stenograms EncryptionEncryption Canary trap and Digital watermarkingCanary trap and Digital watermarking
An exampleAn example
http://www.petitcolas.net/fabien/http://www.petitcolas.net/fabien/steganography/image%5Fdowngrading/steganography/image%5Fdowngrading/
64 KB hidden64 KB hidden
129 KB hidden129 KB hidden
194 KB hidden194 KB hidden
258 KB hidden258 KB hidden
323 KB hidden323 KB hidden
388 KB “hidden”388 KB “hidden”
452 KB “hidden”452 KB “hidden”
DetectionDetection
Comparison with originalComparison with original Artifacts from applications used to hide Artifacts from applications used to hide
informationinformation Statistical analysisStatistical analysis Wireless - High error ratesWireless - High error rates
MitigationMitigation
Not complete eliminationNot complete elimination IsolationIsolation Bandwidth - timeBandwidth - time Randomness/UniformityRandomness/Uniformity CompressionCompression Changing formatsChanging formats Disabling certain trafficDisabling certain traffic
Questions?Questions?
??
BibliographyBibliography Bishop, Matt. Introduction to Computer Security. Massachusetts: Pearson Education, Inc., 2005. “Canary Trap.” Wikipedia. http://en.wikipedia.org/wiki/Canary_trap. April 26, 2007. “Covert Channels.” Wikipedia. http://en.wikipedia.org/wiki/Covert_channel. April 26, 2007. Dunbar, Bret. A detailed look at Steganographic Techniques and their use in an Open-Systems
Environment. SANS Institute. 01/18/2002 http://www.sans.org/reading_room/papers/download.php?id=677&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629. April 26, 2007.
Owens, Mark. A Discussion of Covert Channels and Steganography. SANS/GIAC GSEC 1.3. March 19, 2002. http://www.sans.org/reading_room/papers/download.php?id=678&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629. April 26, 2007.
Petitcolas, Fabien. “the information hiding homepage digital watermarking and steganography.” (Nov. 2006) Fabien a. p. petitcolas. http://www.petitcolas.net/fabien/steganography/image%5Fdowngrading/ April 26, 2007.
Sbrusch, Raymond. Network Covert Channels: Subversive Secrecy. SANS Institute. http://www.sans.org/reading_room/papers/download.php?id=1660&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629. April 26, 2007
“Steganography.” Wikipedia. http://en.wikipedia.org/wiki/Steganography. April 26, 2007. Wingate, Jim. The Perfect Dead Drop: The Use of Cyberspace for Covert Communications.
BackBone Security.com. http://www.infosec-technologies.com/steganograph.pdf. April 26, 2007.