Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Reconnection-Based Covert Channels in Wireless Networks

  • Conference paper
  • First Online:
ICT Systems Security and Privacy Protection (SEC 2021)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 625))

Abstract

In recent years, malware is increasingly applying means of hidden communication. The emergence of network-capable stegomalware applies such methods to communication networks. In this paper, we introduce and evaluate two covert channels that utilize reconnections to transmit hidden information in WiFi networks. We implement these covert channels in the 802.11 protocol by abusing the authentication mechanism of these networks. Furthermore, we propose detection methods and countermeasures for both covert channels. Our implementation and quick-start guide are available as open source code on GitHub to aid replicability (https://github.com/NIoSaT/WiFi_Reconnection_CovertChannel).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 159.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    A common attack on this process is the “deauthentication attack”, a type of denial of service attack. An attacker continuously sends spoofed deauthentication frames which force a client back into state 1. This effectively disables network access for this client as long as the attacker keeps sending these frames.

References

  1. Carrara, B., Adams, C.: Out-of-band covert channels-a survey. ACM Comput. Surv. (CSUR) 49(2), 1–36 (2016). https://doi.org/10.1145/2938370

    Article  Google Scholar 

  2. Carrega, A., Caviglione, L., Repetto, M., Zuppelli, M.: Programmable data gathering for detecting stegomalware. In: 2020 6th IEEE Conference on Network Softwarization (NetSoft), pp. 422–429 (2020). https://doi.org/10.1109/NetSoft48620.2020.9165537

  3. Classen, J., Schulz, M., Hollick, M.: Practical covert channels for WiFi systems. In: 2015 IEEE Conference on Communications and Network Security (CNS), pp. 209–217, September 2015. https://doi.org/10.1109/CNS.2015.7346830

  4. Fadlalla, Y.: Approaches to Resolving Covert Storage Channels in Multilevel Secure Systems. Ph.D. thesis, University of New Brunswick (1996)

    Google Scholar 

  5. Guri, M.: AIR-FI: Generating covert Wi-Fi signals from air-gapped computers. arXiv/CS.CR (2020)

    Google Scholar 

  6. Holloway, R., Beyah, R.: Covert DCF: A DCF-based covert timing channel in 802.11 networks. In: 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems, pp. 570–579. IEEE (2011)

    Google Scholar 

  7. Krätzer, C., Dittmann, J., Lang, A., Kühne, T.: WLAN steganography: a first practical review. In: Proceedings of the 8th Workshop on Multimedia and Security. MM&Sec 2006, New York, NY, USA, pp. 17–22. Association for Computing Machiner (2006). https://doi.org/10.1145/1161366.1161371

  8. Mazurczyk, W., Wendzel, S.: Information hiding: challenges for forensic experts. Commun. ACM 61(1), 86–94 (2017). https://doi.org/10.1145/3158416

    Article  Google Scholar 

  9. Mazurczyk, W., Wendzel, S., Cabaj, K.: Towards deriving insights into data hiding methods using pattern-based approach. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. ARES 2018. ACM (2018). https://doi.org/10.1145/3230833.3233261

  10. Mileva, A., Velinov, A., Hartmann, L., Wendzel, S., Mazurczyk, W.: Comprehensive analysis of MQTT 5.0 susceptibility to network covert channels. Comput. Secur. 104 (2021). https://doi.org/10.1016/j.cose.2021.102207

  11. Szczypiorski, K.: HICCUPS: hidden communication system for corrupted networks. In: International Multi-Conference on Advanced Computer Systems, pp. 31–40 (2003)

    Google Scholar 

  12. The aircrack project: airmon-ng monitor mode (2019). https://www.aircrack-ng.org/doku.php?id=airmon-ng&s[]=monitor

  13. Wendzel, S., Zander, S., Fechner, B., Herdin, C.: Pattern-based survey and categorization of network covert channel techniques. ACM Comput. Surv. 47(3) (2015). https://doi.org/10.1145/2684195

  14. Zander, S., Armitage, G., Branch, P.: Covert channels and countermeasures in computer network protocols. IEEE Commun. Mag. 45(12), 136–142 (2007). https://doi.org/10.1109/MCOM.2007.4395378

    Article  Google Scholar 

  15. Zhao, H.: Covert channels in 802.11e wireless networks. In: 2014 Wireless Telecommunications Symposium, pp. 1–5 (2014). https://doi.org/10.1109/WTS.2014.6834991

Download references

Acknowledgements

The authors like to thank Laura Hartmann for providing her comments on this paper.

Author information

Authors and Affiliations

  1. Centre of Technology and Transfer, Worms University of Applied Sciences, Worms, Germany

    Sebastian Zillien & Steffen Wendzel

Authors
  1. Sebastian Zillien
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steffen Wendzel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sebastian Zillien .

Editor information

Editors and Affiliations

  1. University of Oslo, Oslo, Norway

    Audun Jøsang

  2. Nelson Mandela University, Gqeberha, South Africa

    Lynn Futcher

  3. University of Oslo, Oslo, Norway

    Janne Hagen

Rights and permissions

Reprints and permissions

Copyright information

© 2021 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zillien, S., Wendzel, S. (2021). Reconnection-Based Covert Channels in Wireless Networks. In: Jøsang, A., Futcher, L., Hagen, J. (eds) ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, vol 625. Springer, Cham. https://doi.org/10.1007/978-3-030-78120-0_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-78120-0_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-78119-4

  • Online ISBN: 978-3-030-78120-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation