Abstract
Covert channels in information systems may cause a protected data leakage and lead to violation of data confidentiality or integrity. Moreover, some types of covert channels can function even in case of network data encryption, tunneling or traffic firewall protection. A technique to eliminate such channels is traffic normalization which means sending packets with equal lengths and fixed header fields with equal inter-packets delays that leads to significant decreasing of efficient communication channels capacity and missing of functional capabilities of network protocols. Another way to counteract covert channel is to detect an active channel and limit it capacity. In this paper, we investigate covert channel protection means in packet networks based on their capacity limitation. We suggest a technique to counteract data leakage via covert channel based on dummy traffic generating and estimate maximum residual capacity of covert channel in case of counteracting measures for stream and block encryption of traffic and different distributions for covert channel and dummy traffic. Also we give recommendation for choosing the parameters of counteraction tool.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Schaefer, M., Gold, B., Linde, R., Scheid, J.: Program confinement in KVM/370. In: Proceedings of the 1977 ACM Annual Conference, pp. 404–410 (1977)
Latham, D.C.: Department of defense trusted computer system evaluation criteria, Department of defense 5200.28-STD, p, 116 (1985)
Huskamp, J.C.: Covert communication channels in timesharing systems: PhD Thesis., Berkeley: Engineering University of California, p. 606 (1978)
Tsai, C.-R., Gligor, V.D., Chandersekaranm, C.S.: A formal method for the identification of covert storage channels in source code. IEEE Trans. Softw. Eng. 16(6), 74–87 (1990)
Moskowitz, I.S., Kang, M.H.: Covert channels—here to stay? In: Proceedings of the 9th annual conference on computer assurance, pp. 235–244 (1994)
Epishkina, A., Frolova, D., Kogos, K.: A technique to limit hybrid covert channel capacity via random increasing of packets’ lengths. Procedia Comput. Sci. 190, 231–240 (2020)
Luo, X., Chan, E., Zhou, P., Rocky, K.: Robust network covert communications based on TCP and enumerative combinatorics. IEEE Trans. Dependable Secure Comput. 9(6), 890–902 (2012)
Acknowledgements
This work was supported by the Ministry of Science and Higher Education of the Russian Federation (state assignment project No. 0723-2020-0036).
Funding
Ministry of Science and Higher Education of the Russian Federation, 0723-2020-0036, Anna Epishkina.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Epishkina, A., Karapetyants, N., Kogos, K. et al. Covert channel limitation via special dummy traffic generating. J Comput Virol Hack Tech 19, 341–349 (2023). https://doi.org/10.1007/s11416-022-00428-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-022-00428-z