COVERT STORAGE CHANNEL MODULE

Slides:



Advertisements
Similar presentations
Western Michigan University Covert Timing Channels Omar Darwish Instructor: Professor Elise de Doncker.
Advertisements

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Embedding Covert Channels into TCP/IP
Covert Channels John Dabney. Covert Channels   “... any communication channel that can be exploited by a process to transfer information in a manner.
Information Hiding: Covert Channels Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.
VPN Protocol What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.
CIS 450 – Network Security Chapter 16 – Covering the Tracks.
Covert Channels Thomas Arnold CSCI 5235/Summer /12/2010.
Model-Based Covert Timing Channels: Automated Modeling and Evasion Steven Gianvecchio 1, Haining Wang 1, Duminda Wijesekera 2, and Sushil Jajodia 2 1 College.
Class 16 Deniable Authentication CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
CMSC 691 IAUMBC Analysis and Detection of Network Covert Channels Sweety Chauhan CMSC 691 IA 30 th Nov. 2005
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Implementation of Steganographic Techniques Danny Friedheim pd. 2.
1 Effectiveness of Physical and Virtual Carrier Sensing in IEEE Wireless Ad Hoc Networks Fu-Yi Hung and Ivan Marsic WCNC 2007.
Mike Switlick. Overview What is a covert channel? Storage / Timing Requirements Bunratty attack Covert_tcp Questions.
@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.
Final Project: Advanced Security Blade IPS and DLP blades.
Advanced Block Cipher Characteristic. Introduction Published by NIST in 2001 Developed to overcome bottleneck of 3DES Block length is of 128 bits Key.
ADHOC MAC : a new, flexible and reliable MAC architecture for ad- hoc networks F. Borgonovo, A. Capone, M. Cesana, L. Fratta Dipartimento Elettronica e.
Denial of Service detection and mitigation on GENI
Digital Steganography
Denial of Service detection and mitigation on GENI
Cybersecurity + Liberal Arts Workshop
GENI, Cybersecurity, and Liberal Arts
Computing Clusters, Grids and Clouds Globus data service
Xenia Mountrouidou (Dr. X)
Lab 2: Packet Capture & Traffic Analysis with Wireshark
2. OPERATING SYSTEM 2.1 Operating System Function
Techniques, Tools, and Research Issues
Encryption and Network Security
THE NEED FOR DNS DOMAIN NAME SYSTEM
OSI model vs. TCP/IP MODEL
Chapter 18 IP Security  IP Security (IPSec)
Computer Science Courses
IoT at the Edge Technical guidance deck.
GENI, Cybersecurity, and Liberal Arts
Channel Allocation (MAC)
Steganography.
3.2 Virtualisation.
Net 431: ADVANCED COMPUTER NETWORKS
Chapter 2 Network Models.
ECET 375 Competitive Success/snaptutorial.com
ECET 375 Education for Service-- snaptutorial.com.
ECET 375 Teaching Effectively-- snaptutorial.com.
IoT at the Edge Technical guidance deck.
CyberPaths Interdisciplinary Modules
The Stanford Clean Slate Program
Seminar class presentation Student: Chuming Chen & Xinliang Zheng
CS412 Introduction to Computer Networking & Telecommunication
Chapter 2 Network Models.
Wireshark CSC8510 David Sivieri.
Chapter 2 Network Models.
Performance Evaluation of an Integrated-service IEEE Network
Wireless LAN Simulation IEEE MAC Protocol
Data Link Layer 2019/2/19.
Intro Cyber Security Labs on GENI
COVERT STORAGE CHANNEL MODULE
Ns-3 Tutorial Xin Li.
Chapter 2 Network Models.
Data Communication Chapter 1 Introduction 1.#.
Intrusion Detection Systems
Intro Cyber Security Labs on GENI
Lecture 36.
Lecture 36.
NetWarden: Mitigating Network Covert Channels without Performance Loss
Presentation transcript:

COVERT STORAGE CHANNEL MODULE Xenia Mountrouidou College of Charleston Xiangyang Li Johns Hopkins University Information Security Institute

Outline Start reserving your topology Learning Goals Audience Background Variations

Reserve topology Go to: https://goo.gl/KTOVfA Use the Rspec: http://mountrouidoux.people.cofc.edu/Cy berPaths/files/csc_lab_rspec.txt

Learning Goals Generate regular traffic based on a distribution Generate covert storage traffic channel traffic with TCP flag manipulation Analyze the TCP packets Detect the presence of covert storage traffic in a network using entropy Use Wireshark, GENI

Audience CS majors Some background work is needed

Background Linux, SFTP and Wireshark Covert Storage Channels TCP Flags GENI

What are Covert Storage Channels? A Covert Storage Channel is a communications channel that is hidden within the medium of legitimate communications channel. Covert channels manipulate a communications medium in an unexpected or unconventional way by using resources that are not meant for communication in order to transmit information in an undetectable manner. How do we use TCP Flags as carriers? A Covert Storage Channel uses the TCP Flag (TF) header field in a network packet, a six-bit field used to set up TCP connection for transmitting messages. The two communicating parties, start exchanging messages based on pre-agreed coding scheme.

TCP Flags as Carriers

How Cybercrime Exploits Covert Storage Channels Researchers focus on methods to more reliable CSC channels for the need of privacy and protection of communication parties. Conspirators seek advanced steganographic tools for purposes of: Data Exfiltration Command Control

CSC Lab for non-CS Majors Draw Topology Generate regular traffic Use TCP flag manipulation Generate covert storage channel traffic Detect the presence of covert storage traffic Experiments on GENI GENI: Virtual laboratory for networking and distributed systems research and education

Simulating Covert Storage Channels Real machines Small Network CSC traffic Regular traffic You control all these!

Variations GENI Desktop Usage of different TCP header field as CSC Usage of Split-Join Network for transmitting CSC traffic

Questions? LET’S EXPERIMENT!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.