Covert Channels John Dabney
Covert Channels “... any communication channel that can be exploited by a process to transfer information in a manner that violates the system's security policy. - - National Institute of Standards and Technology “a path of communication that was not designed to be used for communication.” - Matt Bishop
Steganography “ ” “the practice of concealing information in channels that superficially appear benign.” “While cryptography is about protecting the content of messages, steganography is about concealing their very existence.” – Fabien Petitcolas
Properties Existence Hide the fact that communication is taking place Bandwidth Unused Detectability Evaluation Ease of implementation Range Permissibility Probability of detection Anonymity “Unobservable” “Unlinkable”
Usage Network Wireless - Corrupted headers Modifying header fields Optional/mandatory – bits used infrequently raise risk of detection Modifying existing traffic Audio and Video stenograms Encryption Canary trap and Digital watermarking
An example aphy/image%5Fdowngrading/
64 KB hidden
129 KB hidden
194 KB hidden
258 KB hidden
323 KB hidden
388 KB “hidden”
452 KB “hidden”
Detection Comparison with original Artifacts from applications used to hide information Statistical analysis Wireless - High error rates
Mitigation Not complete elimination Isolation Bandwidth - time Randomness/Uniformity Compression Changing formats Disabling certain traffic
Questions? ????
Bibliography Bishop, Matt. Introduction to Computer Security. Massachusetts: Pearson Education, Inc., “Canary Trap.” Wikipedia. April 26, “Covert Channels.” Wikipedia. April 26, Dunbar, Bret. A detailed look at Steganographic Techniques and their use in an Open-Systems Environment. SANS Institute. 01/18/ &portal=67dfc17e34bed372c83983ad0cbd5629. April 26, &portal=67dfc17e34bed372c83983ad0cbd5629 Owens, Mark. A Discussion of Covert Channels and Steganography. SANS/GIAC GSEC 1.3. March 19, &portal=67dfc17e34bed372c83983ad0cbd5629. April 26, &portal=67dfc17e34bed372c83983ad0cbd5629 Petitcolas, Fabien. “the information hiding homepage digital watermarking and steganography.” (Nov. 2006) Fabien a. p. petitcolas. April 26, Sbrusch, Raymond. Network Covert Channels: Subversive Secrecy. SANS Institute &portal=67dfc17e34bed372c83983ad0cbd5629. April 26, &portal=67dfc17e34bed372c83983ad0cbd5629 “Steganography.” Wikipedia. April 26, Wingate, Jim. The Perfect Dead Drop: The Use of Cyberspace for Covert Communications. BackBone Security.com. April 26,