17
Covert Channels Covert Channels John Dabney John Dabney

Covert Channels

  • Upload
    emmett

  • View
    61

  • Download
    0

Tags:

Embed Size (px)

DESCRIPTION

Covert Channels. John Dabney. Covert Channels. “. . . any communication channel that can be exploited by a process to transfer information in a manner that violates the system's security policy. National Institute of Standards and Technology - PowerPoint PPT Presentation

Citation preview

Page 1: Covert Channels

Covert ChannelsCovert ChannelsJohn DabneyJohn Dabney

Page 2: Covert Channels

Covert ChannelsCovert Channels

“. . . any communication channel that can be exploited by a process to transfer information in a manner that violates the system's security policy.

- National Institute of Standards and Technology

““a path of communication that was not a path of communication that was not designed to be used for communication.” designed to be used for communication.”

- Matt Bishop- Matt Bishop

Page 3: Covert Channels

SteganographySteganography

““the practice of concealing information in channels that superficially appear benign.””

““While cryptography is about protecting While cryptography is about protecting the content of messages, steganography the content of messages, steganography is about concealing their very existence.” – is about concealing their very existence.” – Fabien Petitcolas Fabien Petitcolas

Page 4: Covert Channels

PropertiesProperties ExistenceExistence

Hide the fact that communication is taking placeHide the fact that communication is taking place BandwidthBandwidth

Unused Unused DetectabilityDetectability

EvaluationEvaluation Ease of implementationEase of implementation RangeRange PermissibilityPermissibility Probability of detectionProbability of detection AnonymityAnonymity

““Unobservable”Unobservable” ““Unlinkable”Unlinkable”

Page 5: Covert Channels

UsageUsage NetworkNetwork

Wireless - Corrupted headersWireless - Corrupted headers Modifying header fields Modifying header fields

Optional/mandatory – bits used infrequently raise Optional/mandatory – bits used infrequently raise risk of detectionrisk of detection

Modifying existing trafficModifying existing traffic Audio and Video stenograms Audio and Video stenograms EncryptionEncryption Canary trap and Digital watermarkingCanary trap and Digital watermarking

Page 6: Covert Channels

An exampleAn example

http://www.petitcolas.net/fabien/http://www.petitcolas.net/fabien/steganography/image%5Fdowngrading/steganography/image%5Fdowngrading/

Page 7: Covert Channels

64 KB hidden64 KB hidden

Page 8: Covert Channels

129 KB hidden129 KB hidden

Page 9: Covert Channels

194 KB hidden194 KB hidden

Page 10: Covert Channels

258 KB hidden258 KB hidden

Page 11: Covert Channels

323 KB hidden323 KB hidden

Page 12: Covert Channels

388 KB “hidden”388 KB “hidden”

Page 13: Covert Channels

452 KB “hidden”452 KB “hidden”

Page 14: Covert Channels

DetectionDetection

Comparison with originalComparison with original Artifacts from applications used to hide Artifacts from applications used to hide

informationinformation Statistical analysisStatistical analysis Wireless - High error ratesWireless - High error rates

Page 15: Covert Channels

MitigationMitigation

Not complete eliminationNot complete elimination IsolationIsolation Bandwidth - timeBandwidth - time Randomness/UniformityRandomness/Uniformity CompressionCompression Changing formatsChanging formats Disabling certain trafficDisabling certain traffic

Page 16: Covert Channels

Questions?Questions?

??

Page 17: Covert Channels

BibliographyBibliography Bishop, Matt. Introduction to Computer Security. Massachusetts: Pearson Education, Inc., 2005. “Canary Trap.” Wikipedia. http://en.wikipedia.org/wiki/Canary_trap. April 26, 2007. “Covert Channels.” Wikipedia. http://en.wikipedia.org/wiki/Covert_channel. April 26, 2007. Dunbar, Bret. A detailed look at Steganographic Techniques and their use in an Open-Systems

Environment. SANS Institute. 01/18/2002 http://www.sans.org/reading_room/papers/download.php?id=677&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629. April 26, 2007.

Owens, Mark. A Discussion of Covert Channels and Steganography. SANS/GIAC GSEC 1.3. March 19, 2002. http://www.sans.org/reading_room/papers/download.php?id=678&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629. April 26, 2007.

Petitcolas, Fabien. “the information hiding homepage digital watermarking and steganography.” (Nov. 2006) Fabien a. p. petitcolas. http://www.petitcolas.net/fabien/steganography/image%5Fdowngrading/ April 26, 2007.

Sbrusch, Raymond. Network Covert Channels: Subversive Secrecy. SANS Institute. http://www.sans.org/reading_room/papers/download.php?id=1660&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629. April 26, 2007

“Steganography.” Wikipedia. http://en.wikipedia.org/wiki/Steganography. April 26, 2007. Wingate, Jim. The Perfect Dead Drop: The Use of Cyberspace for Covert Communications.

BackBone Security.com. http://www.infosec-technologies.com/steganograph.pdf. April 26, 2007.

http://en.wikipedia.org/wiki/Covert_channel
http://www.sans.org/reading_room/papers/download.php?id=678&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629
http://www.sans.org/reading_room/papers/download.php?id=678&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629
http://www.sans.org/reading_room/papers/download.php?id=1660&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629
http://www.sans.org/reading_room/papers/download.php?id=1660&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629

Leaky Buddies: Cross-Component Covert Channels on

Leaky Buddies: Cross-Component Covert Channels on

Documents
Valletta - NYSCSC 2011 - Data Exfiltration Using Covert Channels

Valletta - NYSCSC 2011 - Data Exfiltration Using Covert Channels

Documents
IPv6 / ICMPv6 Covert Channels - DEF CON · Covert Channels R.P. Murphy, CISSP, CEH. Overview • IPv4 • IPv6 • RFC’s and IPv6/ICMPv6 fields • Definition of a Covert Channel

IPv6 / ICMPv6 Covert Channels - DEF CON · Covert Channels R.P. Murphy, CISSP, CEH. Overview • IPv4 • IPv6 • RFC’s and IPv6/ICMPv6 fields • Definition of a Covert Channel

Documents
Back Channels Can be Useful! – Layering Authentication Channels to Provide Covert Communication

Back Channels Can be Useful! – Layering Authentication Channels to Provide Covert Communication

Technology
Information Flow and Covert Channels November, 2006

Information Flow and Covert Channels November, 2006

Documents
Exploiting Temporal Persistence to Detect Covert Botnet Channels

Exploiting Temporal Persistence to Detect Covert Botnet Channels

Documents
Covert Channels Within IRC - AFIT Scholar

Covert Channels Within IRC - AFIT Scholar

Documents
Covert channels in TCP/IP: attack and defence - cl.cam.ac.uk · Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels

Covert channels in TCP/IP: attack and defence - cl.cam.ac.uk · Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels

Documents
Kerberos and Covert Channels

Kerberos and Covert Channels

Education
Undermining Isolation through Covert Channels in … Isolation through Covert Channels in the Fiasco.OC Microkernel Michael Peter Technische Universitaet Berlin Security in Telecommunications

Undermining Isolation through Covert Channels in … Isolation through Covert Channels in the Fiasco.OC Microkernel Michael Peter Technische Universitaet Berlin Security in Telecommunications

Documents
Covert channels detection in protocols using scenarios

Covert channels detection in protocols using scenarios

Documents
Understanding and Mitigating Covert Channels Through Branch …dmitry/assets/files/taco-a10-evtyushkin.pdf · 2020. 8. 24. · Covert channels through shared processor resources provide

Understanding and Mitigating Covert Channels Through Branch …dmitry/assets/files/taco-a10-evtyushkin.pdf · 2020. 8. 24. · Covert channels through shared processor resources provide

Documents
Detection of Size Modulation Covert Channels Using

Detection of Size Modulation Covert Channels Using

Documents
Practical data hiding technique in Covert timing channels

Practical data hiding technique in Covert timing channels

Education
NICScatter: Backscatter as a Covert Channel in Mobile Devicescsqhuang/Paper/NICScatter... · establish covert channels. Existing discussions on covert channels usually focus on desktops

NICScatter: Backscatter as a Covert Channel in Mobile Devicescsqhuang/Paper/NICScatter... · establish covert channels. Existing discussions on covert channels usually focus on desktops

Documents
Keyboards and Covert Channels

Keyboards and Covert Channels

Documents
Embedding Covert Channels Into TCP IP

Embedding Covert Channels Into TCP IP

Documents
POWERT Channels: A Novel Class of Covert Communication ...altai.ece.umn.edu/Main_files/hpca19.pdfPOWERT Channels: A Novel Class of Covert Communication Exploiting Power Management

POWERT Channels: A Novel Class of Covert Communication ...altai.ece.umn.edu/Main_files/hpca19.pdfPOWERT Channels: A Novel Class of Covert Communication Exploiting Power Management

Documents
Firewall Defense against Covert Channels

Firewall Defense against Covert Channels

Technology
Real-Time Detection of Covert Channels in Highly

Real-Time Detection of Covert Channels in Highly

Documents
Physical media covert channels on smart mobile devices

Physical media covert channels on smart mobile devices

Technology
Covert Channels Through Branch Predictors: a Feasibility Studycaslab.eng.yale.edu/workshops/hasp2015/slides_05_evtyushkin.pdf · Covert Channels Through Branch Predictors: a Feasibility

Covert Channels Through Branch Predictors: a Feasibility Studycaslab.eng.yale.edu/workshops/hasp2015/slides_05_evtyushkin.pdf · Covert Channels Through Branch Predictors: a Feasibility

Documents
Security Breach in Smartphone with Overt and Covert Channels …mwang2/projects/Security_CovertChannel... · 2014. 12. 14. · exploits through overt and covert channels. We then

Security Breach in Smartphone with Overt and Covert Channels …mwang2/projects/Security_CovertChannel... · 2014. 12. 14. · exploits through overt and covert channels. We then

Documents
Covert Channel Detection Using Process Query Systems · 2005. 9. 20. · 3 OUTLINE • Covert Channels • Process Query Systems • Detection of covert channels using a PQS “A

Covert Channel Detection Using Process Query Systems · 2005. 9. 20. · 3 OUTLINE • Covert Channels • Process Query Systems • Detection of covert channels using a PQS “A

Documents
Robust Covert Channels Based on DRAM Power Consumption

Robust Covert Channels Based on DRAM Power Consumption

Documents
Keyboards and Covert Channels - Matt Blaze

Keyboards and Covert Channels - Matt Blaze

Documents
Covert Channels in SDN: Leaking Out Information from

Covert Channels in SDN: Leaking Out Information from

Documents
Covert Channels Over Network Traffic: Methods, Metrics ... · Covert Channels over Network Traffic: Methods, Metrics, and Mitigations . Patrick Prendergast . Cyber and Electronic

Covert Channels Over Network Traffic: Methods, Metrics ... · Covert Channels over Network Traffic: Methods, Metrics, and Mitigations . Patrick Prendergast . Cyber and Electronic

Documents
On the Unobservability of Multimedia-Based Covert Channels

On the Unobservability of Multimedia-Based Covert Channels

Documents
Covert Channels in the TCP_IP Protocol Suite

Covert Channels in the TCP_IP Protocol Suite

Documents