Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 691Summer 2009Joe B. Taylor Covert Data Channels When Insiders Attack.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CS 691Summer 2009Joe B. Taylor Covert Data Channels When Insiders Attack."— Presentation transcript:

1 CS 691Summer 2009Joe B. Taylor Covert Data Channels When Insiders Attack

2 CS 691Summer 2009Joe B. Taylor Overview Introduction Covert Storage Channels Covert Timing Channels Channel Operation Channel Detection Discussion

3 CS 691Summer 2009Joe B. Taylor Introduction Altering otherwise normal network traffic to secretly transmit information DNSFTPSSHPingFTPHTTPSSHHTTPPingSSHPingHTTPSSHFTPDNSHTTPFTPHTTPDNSHTTPPing FTPSSHHTTPFTPHTTPPing

4 CS 691Summer 2009Joe B. Taylor Covert Storage Channels Data is written to and read from sections of network packets not intended for data transmission. Altering packet payload data is usually considered subliminal instead of covert. Use space in protocol headers

5 CS 691Summer 2009Joe B. Taylor

6 CS 691Summer 2009Joe B. Taylor Covert Timing Channels Alter the timing of otherwise legitimate network traffic to transmit data Two types of timing channels: Active and Passive IP Covert Timing Channels Time-Replay Timing Channels JitterBug

7 CS 691Summer 2009Joe B. Taylor

8 CS 691Summer 2009Joe B. Taylor Channel Operation Efficacy –Contention noise –Jitter Speed –US Constitution –7620 words, 45703 characters, 14298 zip –1 Mbps line, 85 packets per second Channel TypeData TypeMinutes TimingText72 TimingZip22 StorageText9 StorageZip3

9 CS 691Summer 2009Joe B. Taylor Channel Detection Similarity Compressibility Entropy

10 CS 691Summer 2009Joe B. Taylor

11 CS 691Summer 2009Joe B. Taylor

12 CS 691Summer 2009Joe B. Taylor Discussion How could IP spoofing be used with covert channels? What protocols might be useable even on an extremely locked down network?

13 CS 691Summer 2009Joe B. Taylor References [1]Gianvecchio, S. and Wang, H. 2007. Detecting covert timing channels: an entropy-based approach. In Proceedings of the 14th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 28 - 31, 2007). CCS '07. ACM, New York, NY, pp. 307-316. [2]Cabuk, S., Brodley, C., and Shields, C. 2009. IP Covert Channel Detection. ACM Transactions on Information System Security, Volume 12, Issue 4 (Apr. 2009), pp. 1-29. [3]Thyer, J. 2008. Covert Data Storage Channel Using IP Packet Headers. Global Information Assurance Certification, Gold Certification, SANS Institute, pp. 1-53.

14 CS 691Summer 2009Joe B. Taylor

Download ppt "CS 691Summer 2009Joe B. Taylor Covert Data Channels When Insiders Attack."

Similar presentations

6LoWPAN Extending IP to Low-Power WPAN 1 By: Shadi Janansefat CS441 Dr. Kemal Akkaya Fall 2011.

6LoWPAN Extending IP to Low-Power WPAN 1 By: Shadi Janansefat CS441 Dr. Kemal Akkaya Fall 2011.
XML Rewrite Attacks in The Context of SOAP Messages, Evaluating The Current Solutions AHMED ALGHAMDI CSCE 813.

XML Rewrite Attacks in The Context of SOAP Messages, Evaluating The Current Solutions AHMED ALGHAMDI CSCE 813.
Voice over IP: A growing cadre of criminals is hiding secret messages in voice data. From: Voice Over IP: The VoIP Steganography Threat. IEEE Spectrum.

Voice over IP: A growing cadre of criminals is hiding secret messages in voice data. From: "Voice Over IP: The VoIP Steganography Threat". IEEE Spectrum.
PHY Covert Channels: Can you see the Idles? Ki Suh Lee Cornell University Joint work with Han Wang, and Hakim Weatherspoon 1 첩자첩자 Chupja.

PHY Covert Channels: Can you see the Idles? Ki Suh Lee Cornell University Joint work with Han Wang, and Hakim Weatherspoon 1 첩자첩자 Chupja.
SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack 42 nd Hawaii International Conference on System Sciences, 2009. Electrical.

SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack 42 nd Hawaii International Conference on System Sciences, Electrical.
Western Michigan University Covert Timing Channels Omar Darwish Instructor: Professor Elise de Doncker.

Western Michigan University Covert Timing Channels Omar Darwish Instructor: Professor Elise de Doncker.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
SSH: An Internet Protocol By Anja Kastl IS 373 - World Wide Web Standards.

SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Fibre Channel Erin Keith CPE 401 Spring, 2011. Fibre Channel Storage Area Networks Overview Functionality Format Applications References.

Fibre Channel Erin Keith CPE 401 Spring, Fibre Channel Storage Area Networks Overview Functionality Format Applications References.
RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007.

RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007.
Detecting Early Signs of Insider Attack Using Role-Based Analysis and Classification Jeff Hinson, Fadi Mohsen, Joe Taylor CS 526 Spring 2009.

Detecting Early Signs of Insider Attack Using Role-Based Analysis and Classification Jeff Hinson, Fadi Mohsen, Joe Taylor CS 526 Spring 2009.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.

Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Similar presentations

Ads by Google