Abstract
Within the last years, new techniques for network covert channels arose, such as covert channel overlay networking, protocol switching covert channels, and adaptive covert channels. These techniques have in common that they rely on covert channel-internal control protocols (so called micro protocols) placed within the hidden bits of a covert channel’s payload. An adaptable approach for the engineering of such micro protocols is not available. This paper introduces a protocol engineering technique for micro protocols. We present a two-layer system comprising six steps to create a micro protocol design. The approach tries to combine different goals: (1) simplicity, (2) ensuring a standard-conform behaviour of the underlying protocol if the micro protocol is used within a binary protocol header, as well as we provide an optimization technique to (3) raise as little attention as possible. We apply a context-free and regular grammar to analyze the micro protocol’s behavior within the context of the underlying network protocol.
Chapter PDF
Similar content being viewed by others
References
Baldoni, M., Baroglio, C., Martelli, A., Patti, V., Schifanella, C.: Verifying Protocol Conformance for Logic-Based Communicating Agents. In: Leite, J., Torroni, P. (eds.) CLIMA 2004. LNCS (LNAI), vol. 3487, pp. 196–212. Springer, Heidelberg (2005)
Bauer, M.: New covert channels in HTTP: adding unwitting web browsers to anonymity sets. In: Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society, WPES 2003, pp. 72–78. ACM, New York (2003)
Bouajjani, A., Esparza, J., Finkel, A., Maler, O., Rossmanith, P., Willems, B., Wolper, P.: An efficient automata approach to some problems on context-free grammars. Inf. Process. Lett. 74(5-6), 221–227 (2000)
Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert Messaging through TCP Timestamps. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 194–208. Springer, Heidelberg (2003)
Girling, C.G.: Covert channels in LAN’s. IEEE Transactions on Software Engineering 13, 292–296 (1987)
Gorodetski, V., Kotenko, I.: Attacks Against Computer Network: Formal Grammar-Based Framework and Simulation Tool. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 219–238. Springer, Heidelberg (2002)
Handley, M., Paxson, V., Kreibich, C.: Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In: 10th USENIX Security Symposium, vol. 10, pp. 115–131 (2001)
Koenig, H.: Protocol Engineering. Teubner (2003) (in German)
Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)
Li, W., He, G.: Towards a Protocol for Autonomic Covert Communication. In: Calero, J.M.A., Yang, L.T., Mármol, F.G., García Villalba, L.J., Li, A.X., Wang, Y. (eds.) ATC 2011. LNCS, vol. 6906, pp. 106–117. Springer, Heidelberg (2011)
Linn, R.J., McCoy, W.H.: Producing tests for implementations of OSI protocols. In: Protocol Specification, Testing, and Verification, pp. 505–520 (1983)
Lucena, N.B., Lewandowski, G., Chapin, S.J.: Covert Channels in IPv6. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 147–166. Springer, Heidelberg (2006)
Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann (1996)
McHugh, J.: Covert channel analysis. Technical Memo 5540, 080a (1995)
Murdoch, S.J.: Covert channel vulnerabilities in anonymity systems. Ph.D. thesis, University of Cambridge (Computer Laboratory) (2007)
OpenBSD: pf.conf - packet filter configuration file (manual page) (July 2011)
Ray, B., Mishra, S.: A protocol for building secure and reliable covert channel. In: Korba, L., Marsh, S., Safavi-Naini, R. (eds.) PST, pp. 246–253. IEEE (2008)
Rowland, C.H.: Covert channels in the TCP/IP protocol suite. First Monday 2(5) (May 1997), http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/528/449 (access: March 02, 2012)
Rozenberg, G., Salomaa, A.: The Mathematical Theory of L Systems. Academic Press (1980)
Snort Project: Snort users manual 2.9.0 (March 2011)
Stødle, D.: Ping tunnel – for those times when everything else is blocked (2009), http://www.cs.uit.no/~daniels/PingTunnel/ (access: March 05, 2012)
Wendzel, S.: The problem of traffic normalization within a covert channel’s network environment learning phase. In: Sicherheit 2012. LNI, vol. 195, pp. 149–161 (2012)
Wendzel, S., Keller, J.: Low-Attention Forwarding for Mobile Network Covert Channels. In: De Decker, B., Lapon, J., Naessens, V., Uhl, A. (eds.) CMS 2011. LNCS, vol. 7025, pp. 122–133. Springer, Heidelberg (2011)
Yarochkin, F.V., Dai, S.Y., et al.: Towards adaptive covert communication system. In: PRDC, pp. 153–159. IEEE Computer Society (2008)
Zander, S., Armitage, G., Branch, P.: Covert channels and countermeasures in computer network protocols. IEEE Comm. Magazine 45(12), 136–142 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Wendzel, S., Keller, J. (2012). Systematic Engineering of Control Protocols for Covert Channels. In: De Decker, B., Chadwick, D.W. (eds) Communications and Multimedia Security. CMS 2012. Lecture Notes in Computer Science, vol 7394. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32805-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-32805-3_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32804-6
Online ISBN: 978-3-642-32805-3
eBook Packages: Computer ScienceComputer Science (R0)