Professional Documents
Culture Documents
Covert Channels
Covert Channels
John Dabney
Covert Channels
“. . . any communication channel that can
be exploited by a process to transfer
information in a manner that violates the
system's security policy.
- National Institute of Standards and Technology
“a path of communication that was not
designed to be used for communication.”
- Matt Bishop
Steganography
“the practice of concealing information in
channels that superficially appear benign.”
“While cryptography is about protecting
the content of messages, steganography
is about concealing their very existence.” –
Fabien Petitcolas
Properties
Existence
Hide the fact that communication is taking place
Bandwidth
Unused
Detectability
Evaluation
Ease of implementation
Range
Permissibility
Probability of detection
Anonymity
“Unobservable”
“Unlinkable”
Usage
Network
Wireless - Corrupted headers
Modifying header fields
Optional/mandatory – bits used infrequently raise
risk of detection
Modifying existing traffic
Audio and Video stenograms
Encryption
Canary trap and Digital watermarking
An example
http://www.petitcolas.net/fabien/
steganography/image%5Fdowngrading/
64 KB hidden
129 KB hidden
194 KB hidden
258 KB hidden
323 KB hidden
388 KB “hidden”
452 KB “hidden”
Detection
Comparison with original
Artifacts from applications used to hide
information
Statistical analysis
Wireless - High error rates
Mitigation
Not complete elimination
Isolation
Bandwidth - time
Randomness/Uniformity
Compression
Changing formats
Disabling certain traffic
Questions?
?
Bibliography
Bishop, Matt. Introduction to Computer Security. Massachusetts: Pearson Education, Inc., 2005.
“Canary Trap.” Wikipedia. http://en.wikipedia.org/wiki/Canary_trap. April 26, 2007.
“Covert Channels.” Wikipedia. http://en.wikipedia.org/wiki/Covert_channel. April 26, 2007.
Dunbar, Bret. A detailed look at Steganographic Techniques and their use in an Open-Systems
Environment. SANS Institute. 01/18/2002
http://www.sans.org/reading_room/papers/download.php?
id=677&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5
629. April 26, 2007.
Owens, Mark. A Discussion of Covert Channels and Steganography. SANS/GIAC GSEC 1.3.
March 19, 2002.
http://www.sans.org/reading_room/papers/download.php?id=678&c=29cae459acbc32dac569453
048050082&portal=67dfc17e34bed372c83983ad0cbd5629
. April 26, 2007.
Petitcolas, Fabien. “the information hiding homepage digital watermarking and steganography.”
(Nov. 2006) Fabien a. p. petitcolas. http://www.petitcolas.net/fabien/steganography/image
%5Fdowngrading/ April 26, 2007.
Sbrusch, Raymond. Network Covert Channels: Subversive Secrecy. SANS Institute.
http://www.sans.org/reading_room/papers/download.php?id=1660&c=29cae459acbc32dac56945
3048050082&portal=67dfc17e34bed372c83983ad0cbd5629
. April 26, 2007
“Steganography.” Wikipedia. http://en.wikipedia.org/wiki/Steganography. April 26, 2007.
Wingate, Jim. The Perfect Dead Drop: The Use of Cyberspace for Covert Communications.
BackBone Security.com. http://www.infosec-technologies.com/steganograph.pdf. April 26, 2007.