Presentation is loading. Please wait.

Presentation is loading. Please wait.

Covert Channels in IPv6 Norka B. Lucena, Grzegorz Lewandowski, and Steve J. Chapin Syracuse University PET 2005, Cavtat, Croatia May 31 st, 2005.

Published byRosamund Harvey Modified over 8 years ago

Similar presentations

Presentation on theme: "Covert Channels in IPv6 Norka B. Lucena, Grzegorz Lewandowski, and Steve J. Chapin Syracuse University PET 2005, Cavtat, Croatia May 31 st, 2005."— Presentation transcript:

1 Covert Channels in IPv6 Norka B. Lucena, Grzegorz Lewandowski, and Steve J. Chapin Syracuse University PET 2005, Cavtat, Croatia May 31 st, 2005

2 PET 2005 Lucena, Lewandowski, Chapin2 Outline IPv6 Overview Covert Channels Description Active Wardens Analysis Conclusions

3 PET 2005 Lucena, Lewandowski, Chapin3 IPv6 Overview Header structure has a fixed length: 40 bytes Header does not present five of the fields from IPv4: header length, identification, flags, fragment offset, and checksum A full implementation includes six headers: Hop-by-hop Options Routing Fragment Destination Options Authentication (AH) Encapsulating Security Payload (ESP)

4 PET 2005 Lucena, Lewandowski, Chapin4 Covert Channels Covert channel as a communication path that allows transferring information in a way that violates a security policy Concerned only with network storage channels Adversary model allows Alice and Bob to be or not be the same as the Sender and Receiver A specification-based analysis of 22 covert channels

5 PET 2005 Lucena, Lewandowski, Chapin5 IPv6 Header: Hop Limit Setting an initial hop limit value and modifying it appropriately in subsequent packets Version (4 bits) Version (4 bits) Traffic Class (1 byte) Traffic Class (1 byte) Flow Label (20 bits) Flow Label (20 bits) Payload Length (2 bytes) Payload Length (2 bytes) Next Header (1 byte) Next Header (1 byte) Hop Limit (1 byte) Hop Limit (1 byte) Source Address (16 bytes) Source Address (16 bytes) Destination Address (16 bytes) Destination Address (16 bytes) Hop Limit (1 byte)

6 PET 2005 Lucena, Lewandowski, Chapin6 IPv6 Header: Hop Limit Alice sets an initial value, h, for the hop limit h h -  0 h +  1 AliceBob Alice signals a 0 decreasing by  the hop count relatively to the previous packet Alice signals a 1 increasing the same value by  Bandwidth: Bandwidth: n packets, n – 1 bits

7 PET 2005 Lucena, Lewandowski, Chapin7 Hop-by-Hop Options Header: Jumbograms Using Jumbograms as means of covert communication in two ways: Modifying an existing jumbogram length to append covert data Converting a regular datagram into a jumbogram to fill in the extra bytes with hidden content Next Header (1 byte) Next Header (1 byte) Hop Limit (1 byte) Hop Limit (1 byte) Option Type (1 byte) Option Type (1 byte) Option Data Length (1 byte) Option Data Length (1 byte) Option Data (Variable length or specified in the Option Data length field) Option Data (Variable length or specified in the Option Data length field) Next Header (1 byte) Next Header (1 byte) Hop Limit (1 byte) Hop Limit (1 byte) Option Type = C2 (1 byte) Option Type = C2 (1 byte) Option Data Length = 4 (1 byte) Option Data Length = 4 (1 byte) Jumbo Payload Length (4 bytes) Jumbo Payload Length (4 bytes)

8 PET 2005 Lucena, Lewandowski, Chapin8 Hop-by-Hop Options Header: Jumbograms AliceBob Bandwidth: Bandwidth: Varies C24 1011010101010111.. Alice sets the payload length of the IPv6 header to 0 Alice sets the option type of the Hop-by-Hop header to C2 Alice sets the option data length of the Hop-by-Hop header to 4

9 PET 2005 Lucena, Lewandowski, Chapin9 Routing Header: Routing Type 0 Fabricating “addresses” out of arbitrary data meaningful only to the covert communicating agents Next Header (1 byte) Next Header (1 byte) Header Extension Length (1 byte) Header Extension Length (1 byte) Routing Type = 0 (1 byte) Routing Type = 0 (1 byte) Segment Left (1 byte) Segment Left (1 byte) Reserved (4 bytes) Reserved (4 bytes) Addresses (16 bytes each) Addresses (16 bytes each)

10 PET 2005 Lucena, Lewandowski, Chapin10 Routing Header: Routing Type 0 AliceBob Bandwidth: Bandwidth: Up to 2048 bytes/per packet Alice takes inserts two fake addresses into the routing header Alice modifies the header extension length field accordingly Alice does not modify the original value of the segments left field 402 10111001 10010011 … 10000001 11011001 … 802 10101111 00011110 … 01110010 00110111 … 10111001 10010011 … 10000001 11011001 …

11 PET 2005 Lucena, Lewandowski, Chapin11 Active Wardens Stateless Active Warden Knows the protocol syntax and semantics and attempts to verify them “Sees” one packet at a time Performs at two levels of diligence Stateful Active Warden Registers already-observed semantic conditions Network-aware Active Warden Is a stateful active warden Is also a network topologist

12 PET 2005 Lucena, Lewandowski, Chapin12 Conclusions Provide awareness of the existence of at least 22 covert channels in IPv6 Generate discussion toward harmful means of covert communication Help to understand potential attacks that exploit IPv6 traffic to take appropriate countermeasures Raise issues for considerations by implementors of IPv6 protocol stacks and firewalls Introduce three types of active wardens: stateless, stateful, and network-aware

13 PET 2005 Lucena, Lewandowski, Chapin13 Any Questions?

14 PET 2005 Lucena, Lewandowski, Chapin14 Thank You All!

Download ppt "Covert Channels in IPv6 Norka B. Lucena, Grzegorz Lewandowski, and Steve J. Chapin Syracuse University PET 2005, Cavtat, Croatia May 31 st, 2005."

Similar presentations

Ch 20. Internet Protocol (IP). 20.1 Internetworking PHY and data link layers operate locally.

Ch 20. Internet Protocol (IP) Internetworking PHY and data link layers operate locally.
Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
IPv6. Major goals 1.support billions of hosts, even with inefficient address space allocation. 2.reduce the size of the routing tables. 3.simplify the.

IPv6. Major goals 1.support billions of hosts, even with inefficient address space allocation. 2.reduce the size of the routing tables. 3.simplify the.
CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.

CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
IPv6 Tutorial Module 1: IPv6 Protocol Structure Dan Campbell, President Millennia Systems, Inc.

IPv6 Tutorial Module 1: IPv6 Protocol Structure Dan Campbell, President Millennia Systems, Inc.
IPv4 - The Internet Protocol Version 4

IPv4 - The Internet Protocol Version 4
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.

1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.
IPv6 Header & Extensions Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.

IPv6 Header & Extensions Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
Lesson 4 The IPv6 Header.

Lesson 4 The IPv6 Header.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 27 IPv6 Protocol.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 27 IPv6 Protocol.
Network Layer Packet Forwarding IS250 Spring 2010

Network Layer Packet Forwarding IS250 Spring 2010
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.

The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
Chapter 5 The Network Layer.

Chapter 5 The Network Layer.
1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.

1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.
1 Version Traffic Class Flow Label Payload Length Next Header Hop Limit Source Address Destination Address 0 4 12 16 24 31 IPv6 Header.

1 Version Traffic Class Flow Label Payload Length Next Header Hop Limit Source Address Destination Address IPv6 Header.

Similar presentations

Ads by Google