Presentation is loading. Please wait.

Presentation is loading. Please wait.

COVERT STORAGE CHANNEL MODULE

Published byNatália Amaral Modified over 5 years ago

Similar presentations

Presentation on theme: "COVERT STORAGE CHANNEL MODULE"— Presentation transcript:

1 COVERT STORAGE CHANNEL MODULE
Xenia Mountrouidou College of Charleston Xiangyang Li Johns Hopkins University Information Security Institute

2 Outline Start reserving your topology Learning Goals Audience
Background Variations

3 Reserve topology Go to: https://goo.gl/KTOVfA
Use the Rspec: berPaths/files/csc_lab_rspec.txt

4 Learning Goals Generate regular traffic based on a distribution
Generate covert storage traffic channel traffic with TCP flag manipulation Analyze the TCP packets Detect the presence of covert storage traffic in a network using entropy Use Wireshark, GENI

5 Audience CS majors Some background work is needed

6 Background Linux, SFTP and Wireshark Covert Storage Channels TCP Flags
GENI

7 What are Covert Storage Channels?
A Covert Storage Channel is a communications channel that is hidden within the medium of legitimate communications channel. Covert channels manipulate a communications medium in an unexpected or unconventional way by using resources that are not meant for communication in order to transmit information in an undetectable manner. How do we use TCP Flags as carriers? A Covert Storage Channel uses the TCP Flag (TF) header field in a network packet, a six-bit field used to set up TCP connection for transmitting messages. The two communicating parties, start exchanging messages based on pre-agreed coding scheme.

8 TCP Flags as Carriers

9 How Cybercrime Exploits Covert Storage Channels
Researchers focus on methods to more reliable CSC channels for the need of privacy and protection of communication parties. Conspirators seek advanced steganographic tools for purposes of: Data Exfiltration Command Control

10 CSC Lab for non-CS Majors
Draw Topology Generate regular traffic Use TCP flag manipulation Generate covert storage channel traffic Detect the presence of covert storage traffic Experiments on GENI GENI: Virtual laboratory for networking and distributed systems research and education

11 Simulating Covert Storage Channels
Real machines Small Network CSC traffic Regular traffic You control all these!

12 Variations GENI Desktop Usage of different TCP header field as CSC
Usage of Split-Join Network for transmitting CSC traffic

13 Questions? LET’S EXPERIMENT!

Download ppt "COVERT STORAGE CHANNEL MODULE"

Similar presentations

Western Michigan University Covert Timing Channels Omar Darwish Instructor: Professor Elise de Doncker.

Western Michigan University Covert Timing Channels Omar Darwish Instructor: Professor Elise de Doncker.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Embedding Covert Channels into TCP/IP

Embedding Covert Channels into TCP/IP
Covert Channels John Dabney. Covert Channels   “... any communication channel that can be exploited by a process to transfer information in a manner.

Covert Channels John Dabney. Covert Channels   “... any communication channel that can be exploited by a process to transfer information in a manner.
Information Hiding: Covert Channels Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.

Information Hiding: Covert Channels Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.
VPN Protocol. -2--2- What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.

VPN Protocol What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.
CIS 450 – Network Security Chapter 16 – Covering the Tracks.

CIS 450 – Network Security Chapter 16 – Covering the Tracks.
Covert Channels Thomas Arnold CSCI 5235/Summer 2010 7/12/2010.

Covert Channels Thomas Arnold CSCI 5235/Summer /12/2010.
Model-Based Covert Timing Channels: Automated Modeling and Evasion Steven Gianvecchio 1, Haining Wang 1, Duminda Wijesekera 2, and Sushil Jajodia 2 1 College.

Model-Based Covert Timing Channels: Automated Modeling and Evasion Steven Gianvecchio 1, Haining Wang 1, Duminda Wijesekera 2, and Sushil Jajodia 2 1 College.
Class 16 Deniable Authentication CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Class 16 Deniable Authentication CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF

Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
CMSC 691 IAUMBC Analysis and Detection of Network Covert Channels Sweety Chauhan CMSC 691 IA 30 th Nov. 2005

CMSC 691 IAUMBC Analysis and Detection of Network Covert Channels Sweety Chauhan CMSC 691 IA 30 th Nov. 2005
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.

Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Implementation of Steganographic Techniques Danny Friedheim pd. 2.

Implementation of Steganographic Techniques Danny Friedheim pd. 2.
1 Effectiveness of Physical and Virtual Carrier Sensing in IEEE 802.11 Wireless Ad Hoc Networks Fu-Yi Hung and Ivan Marsic WCNC 2007.

1 Effectiveness of Physical and Virtual Carrier Sensing in IEEE Wireless Ad Hoc Networks Fu-Yi Hung and Ivan Marsic WCNC 2007.
Mike Switlick. Overview What is a covert channel? Storage / Timing Requirements Bunratty attack Covert_tcp Questions.

Mike Switlick. Overview What is a covert channel? Storage / Timing Requirements Bunratty attack Covert_tcp Questions.

Similar presentations

Ads by Google