Covert Channels in IPv6 Norka B. Lucena, Grzegorz Lewandowski, and Steve J. Chapin Syracuse University PET 2005, Cavtat, Croatia May 31 st, 2005.

Slides:



Advertisements
Similar presentations
Ch 20. Internet Protocol (IP) Internetworking PHY and data link layers operate locally.
Advertisements

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
IPv6. Major goals 1.support billions of hosts, even with inefficient address space allocation. 2.reduce the size of the routing tables. 3.simplify the.
CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
IPv6 Tutorial Module 1: IPv6 Protocol Structure Dan Campbell, President Millennia Systems, Inc.
IPv4 - The Internet Protocol Version 4
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.
IPv6 Header & Extensions Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
Lesson 4 The IPv6 Header.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 27 IPv6 Protocol.
Network Layer Packet Forwarding IS250 Spring 2010
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
Chapter 5 The Network Layer.
1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.
1 Version Traffic Class Flow Label Payload Length Next Header Hop Limit Source Address Destination Address IPv6 Header.
CS 6401 IPv6 Outline Background Structure Deployment.
Internet Protocol (IP)
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
Introduction to IPv6 Presented by:- ASHOK KUMAR MAHTO(09-026) & ROHIT KUMAR(09-034), BRANCH -ECE.
TCP/IP Protocols Contains Five Layers
The New Internet Protocol
CSC 600 Internetworking with TCP/IP Unit 7: IPv6 (ch. 33) Dr. Cheer-Sun Yang Spring 2001.
Internet Protocol Formats. IP (V4) Packet byte 0 byte1 byte 2 byte 3 data... – up to 65 K including heading info Version IHL Serv. Type Total Length Identifcation.
Protocol Steganography Norka Lucena and Steve Chapin Syracuse University May 27, 2004.
Chapter 20 Network Layer: Internet Protocol
4: Network Layer4b-1 IPv6 r Initial motivation: 32-bit address space completely allocated by r Additional motivation: m header format helps speed.
Introduction to IPv6 ECE4110. Problems with IPv4 32-bit addresses give about 4,000,000 addresses IPv4 Addresses WILL run out at some point – Some predicted.
Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.
A Bandwidth Estimation Method for IP Version 6 Networks Marshall Crocker Department of Electrical and Computer Engineering Mississippi State University.
Chapter 27 IPv6 Protocol.
Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Internet Protocol Version 4 VersionHeader Length Type of Service Total Length IdentificationFragment Offset Time to LiveProtocolHeader Checksum Source.
1 Figure 3-5: IP Packet Total Length (16 bits) Identification (16 bits) Header Checksum (16 bits) Time to Live (8 bits) Flags Protocol (8 bits) 1=ICMP,
Authentication Header ● RFC 2402 ● Services – Connectionless integrity – Data origin authentication – Replay protection – As much header authentication.
Copyright 1999, S.D. Personick. All Rights Reserved. Telecommunications Networking II Lecture 35 Emerging Protocols Tanenbaum: pp
CSCI 465 D ata Communications and Networks Lecture 25 Martin van Bommel CSCI 465 Data Communications & Networks 1.
1 IPv6: Packet Structures Dr. Rocky K. C. Chang 29 January, 2002.
Lect1..ppt - 01/06/05 CDA 6505 Network Architecture and Client/Server Computing Lecture 3 TCP and IP by Zornitza Genova Prodanoff.
Chapter 3 TCP and IP 1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Internet.
IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.
Network Layer Protocols COMP 3270 Computer Networks Computing Science Thompson Rivers University.
IP Fragmentation. Network layer transport segment from sending to receiving host on sending side encapsulates segments into datagrams on rcving side,
IPv4 IPv4 The Internet Protocol version 4 (IPv4) is the delivery mechanism used by the TCP/IP protocols. Datagram Fragmentation Checksum Options Topics.
1 Introduction IETF RFC1752 – a specification for a next-generation IP (IPng) IETF RFC2460 – IPv6 specification Designed to accommodate the highest speed.
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Internet Protocol Version 6 Specifications
Chapter 3 TCP and IP Chapter 3 TCP and IP.
The New Internet Protocol
Seminar report on IPv4 & IPv6
Chapter Outline 27.1 Introduction 27.2 Packet Format
Carrying IPSEC Authentication and ESP Headers Across SCPS-NP Networks
IPv6 / IP Next Generation
The New Internet Protocol
Internet Protocol (IP)
Practical IPv6 Filtering
Guide to TCP/IP Fourth Edition
Chapter 27 IPv6 Protocol TCP/IP Protocol Suite
Chapter 27 IPv6 Protocol TCP/IP Protocol Suite
Chapter 20. Network Layer: IP
Chapter 15. Internet Protocol
Refs: Chapter 10, Appendix A
IPv6, MPLS.
NET 323D: Networks Protocols
Presentation transcript:

Covert Channels in IPv6 Norka B. Lucena, Grzegorz Lewandowski, and Steve J. Chapin Syracuse University PET 2005, Cavtat, Croatia May 31 st, 2005

PET 2005 Lucena, Lewandowski, Chapin2 Outline IPv6 Overview Covert Channels Description Active Wardens Analysis Conclusions

PET 2005 Lucena, Lewandowski, Chapin3 IPv6 Overview Header structure has a fixed length: 40 bytes Header does not present five of the fields from IPv4: header length, identification, flags, fragment offset, and checksum A full implementation includes six headers: Hop-by-hop Options Routing Fragment Destination Options Authentication (AH) Encapsulating Security Payload (ESP)

PET 2005 Lucena, Lewandowski, Chapin4 Covert Channels Covert channel as a communication path that allows transferring information in a way that violates a security policy Concerned only with network storage channels Adversary model allows Alice and Bob to be or not be the same as the Sender and Receiver A specification-based analysis of 22 covert channels

PET 2005 Lucena, Lewandowski, Chapin5 IPv6 Header: Hop Limit Setting an initial hop limit value and modifying it appropriately in subsequent packets Version (4 bits) Version (4 bits) Traffic Class (1 byte) Traffic Class (1 byte) Flow Label (20 bits) Flow Label (20 bits) Payload Length (2 bytes) Payload Length (2 bytes) Next Header (1 byte) Next Header (1 byte) Hop Limit (1 byte) Hop Limit (1 byte) Source Address (16 bytes) Source Address (16 bytes) Destination Address (16 bytes) Destination Address (16 bytes) Hop Limit (1 byte)

PET 2005 Lucena, Lewandowski, Chapin6 IPv6 Header: Hop Limit Alice sets an initial value, h, for the hop limit h h -  0 h +  1 AliceBob Alice signals a 0 decreasing by  the hop count relatively to the previous packet Alice signals a 1 increasing the same value by  Bandwidth: Bandwidth: n packets, n – 1 bits

PET 2005 Lucena, Lewandowski, Chapin7 Hop-by-Hop Options Header: Jumbograms Using Jumbograms as means of covert communication in two ways: Modifying an existing jumbogram length to append covert data Converting a regular datagram into a jumbogram to fill in the extra bytes with hidden content Next Header (1 byte) Next Header (1 byte) Hop Limit (1 byte) Hop Limit (1 byte) Option Type (1 byte) Option Type (1 byte) Option Data Length (1 byte) Option Data Length (1 byte) Option Data (Variable length or specified in the Option Data length field) Option Data (Variable length or specified in the Option Data length field) Next Header (1 byte) Next Header (1 byte) Hop Limit (1 byte) Hop Limit (1 byte) Option Type = C2 (1 byte) Option Type = C2 (1 byte) Option Data Length = 4 (1 byte) Option Data Length = 4 (1 byte) Jumbo Payload Length (4 bytes) Jumbo Payload Length (4 bytes)

PET 2005 Lucena, Lewandowski, Chapin8 Hop-by-Hop Options Header: Jumbograms AliceBob Bandwidth: Bandwidth: Varies C Alice sets the payload length of the IPv6 header to 0 Alice sets the option type of the Hop-by-Hop header to C2 Alice sets the option data length of the Hop-by-Hop header to 4

PET 2005 Lucena, Lewandowski, Chapin9 Routing Header: Routing Type 0 Fabricating “addresses” out of arbitrary data meaningful only to the covert communicating agents Next Header (1 byte) Next Header (1 byte) Header Extension Length (1 byte) Header Extension Length (1 byte) Routing Type = 0 (1 byte) Routing Type = 0 (1 byte) Segment Left (1 byte) Segment Left (1 byte) Reserved (4 bytes) Reserved (4 bytes) Addresses (16 bytes each) Addresses (16 bytes each)

PET 2005 Lucena, Lewandowski, Chapin10 Routing Header: Routing Type 0 AliceBob Bandwidth: Bandwidth: Up to 2048 bytes/per packet Alice takes inserts two fake addresses into the routing header Alice modifies the header extension length field accordingly Alice does not modify the original value of the segments left field … … … … … …

PET 2005 Lucena, Lewandowski, Chapin11 Active Wardens Stateless Active Warden Knows the protocol syntax and semantics and attempts to verify them “Sees” one packet at a time Performs at two levels of diligence Stateful Active Warden Registers already-observed semantic conditions Network-aware Active Warden Is a stateful active warden Is also a network topologist

PET 2005 Lucena, Lewandowski, Chapin12 Conclusions Provide awareness of the existence of at least 22 covert channels in IPv6 Generate discussion toward harmful means of covert communication Help to understand potential attacks that exploit IPv6 traffic to take appropriate countermeasures Raise issues for considerations by implementors of IPv6 protocol stacks and firewalls Introduce three types of active wardens: stateless, stateful, and network-aware

PET 2005 Lucena, Lewandowski, Chapin13 Any Questions?

PET 2005 Lucena, Lewandowski, Chapin14 Thank You All!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.