1 / 30

Covert Channels The Silence Must be Heard The Hidden Must be Seen The Secrets Must be Revealed

Armstrong Atlantic State University – Cyber & Homeland Security Institute. Covert Channels The Silence Must be Heard The Hidden Must be Seen The Secrets Must be Revealed By: Randy Grubb. Cyber Capabilities.

Download Presentation

Covert Channels The Silence Must be Heard The Hidden Must be Seen The Secrets Must be Revealed

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Armstrong Atlantic State University – Cyber & Homeland Security Institute Covert Channels The Silence Must be Heard The Hidden Must be Seen The Secrets Must be Revealed By: Randy Grubb

  2. Cyber Capabilities • By the turn of the century all known terrorist and criminal groups had a presence on the Internet. • Psychological Warfare • Propaganda • Data Mining • Fundraising/financing • Recruiting • Networking • Information sharing • Planning & coordination • Actual perpetration of their crimes

  3. Why the Internet? • Anonymous (real or perceived) • Encryption • Covert Channels/Steganography • Public libraries/Internet cafes/wireless access points • Anonymizers/Proxies (Tor) • Geographically Unbounded • People can communicate with one another from virtually anywhere in the world • More than 10,000 Internet Service Providers (ISP) worldwide • Some are sympathetic to the radical cause

  4. Why the Internet? • Largely unregulated • Developed as an open interoperable network • No central government authority • Most ISPs do not have the resources or desire to monitor web-site content • Inexpensive • Free web hosting • Free e-mail accounts

  5. Why the Internet? • US and coalition military actions since 9/11 have deprived terrorist organizations their base of operations and training camps. • These actions have dispersed terrorist organizations more widely. • With the Internet, terrorist organizations can control a worldwide movement without ever meeting. Source: Harvard Gazette: Terror Online and how to counteract it, Ruth Walker, 2004

  6. Netwar • Term given to an emerging mode of conflict dealing with the societal relationships between namely terrorists and criminal organizations. • Involves measures short of traditional warfare • Network forms of organization, doctrine, strategy and communication • Dispersed and decentralized manner

  7. Netwar • Small groups from points around the world utilizing network and Internet technology to: • Communicate • Coordinate • Act

  8. Is This a Secure Site?

  9. What are Covert Channels? • Covert Channels • Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy. • In short, covert channels transfer information using non-standard methods • Against the system design • Communication is obscured; unnoticed • Easily bypass current security tools & products

  10. What are Covert Channels? • Covert Channels allow multiple parties to communicate ‘unseen’ • They hide the fact that a communication is even occurring • Provides privacy and anonymity • Unlike encryption, where communication is obvious but obscured • Encryption is easily identified • Clear and visible indications of encryption

  11. Covert Channels • Covert Channels work because of human deficiencies • Eye sight • Hearing • Analysis skills • Lack of Interest • It’s not really a problem, doesn’t happen • Prove it to me • System Design Discrepancies • Components utilized in unintended manner

  12. Covert Channels • Many covert channels will elude detection simply because most individuals have never considered the possibility • Perception over rides reality

  13. Covert Channels • Covert Channels hide the fact that communication between two or more individuals is occurring.

  14. Potential Damage • Corporate Espionage • Loss of competitive advantage • Government or Military Activities • Increased threat to National Security • Terrorist Organizations • Criminal Activities • Transfer of pornography or commercial software • Financial Impact • Transfer of confidential financial data

  15. Known Covert Methods • Steganography • Images • Audio • Text Manipulation • TCP Covert Channels • Alternate Data Streams (ADS) • Deep or invisible web

  16. Tool Summary • Over 300 known tool variation and releases • Tools for every Operating System including DOS, Windows, UNIX/Linux, OS2, Mac • Wide variety of methodologies and features • Most software is freeware or shareware

  17. Origins of Steganography • What does Steganography Mean? • Pronounced “STEHG-uh-NAH-gru-fee” • From the Greek Roots • “Steganos” or Covered • “Graphie” or Writing • “Covered Writing” • First Known Usage • The early Greeks and Persians used several forms of covered writing to conceal the communication of secret or covert messages • Origins date back as far 2500 years ago

  18. Carrier + Payload = Covert Message • Carrier – The file that provides cover for and conceals the payload. Payload – The secret message or information that you wish to conceal or communicate. • Covert Message – The combination of the payload and the carrier. The covert message file should appear identical to the carrier. • Most current stego tools also encrypt the payload to increase security.

  19. Digital Images • Digital Images are created by software • Digital camera • Scanner • Graphics program • Digital Images are made up of pixels • Represented on a grid • The pixel is the smallest visual component • Resolution & representation • 640 x 480 – rows x columns • 75 dpi – number of dots per inch 1 Source: WetStone Technologies 1 http://www.library.cornell.edu/preservation/tutorial/intro/intro-01.html

  20. Digital Images • Color is represented in digital images by three different methods. • Paletted images • True color images • Compressed images

  21. Palette Images • Map to a pre-defined color on a table • Pixel represented by table lookup value 2 Source: WetStone Technologies 2http://www.webstyleguide.com/graphics/displays.html

  22. True Color Images • True Color images • Typically 24 bits • Most common format is RGB or Red – Green - Blue • 8 bits for each color byte (red, green, blue) • 16.7M possible colors 4 Source: WetStone Technologies 4http://www.webstyleguide.com/graphics/displays.html

  23. Least Significant Bit Steganography “The hiding of data within a digital carrier by slightly altering an insignificant characteristic of the carrier that does not appear to alter the normal rendering of the data” Hosmer, 1999 Source: WetStone Technologies

  24. Altering a True Color Image 2 Image source: www.wikipedia.com 2http://www.webstyleguide.com/graphics/displays.html

  25. 1 0 1 1 0 1 0 1 0 1 0 LSB Substitution – bit 0 LSB Substitution Individual Colors Before After Combined Color 0 RED Before After GREEN 1 1 0 0 0 1 1 0 1 1 1 0 0 0 0 1 BLUE Source: WetStone Technologies

  26. 1 0 1 1 0 1 0 1 0 1 0 LSB Substitution bit 0 and 1 LSB Substitution Individual Colors Before After Combined Color 1 RED Before After GREEN 1 1 0 0 0 1 0 0 1 1 1 0 0 0 1 1 BLUE Source: WetStone Technologies

  27. 0 1 0 LSB Substitution bits (0-3) LSB Substitution Individual Colors Before After Combined Color 1 0 1 1 1 0 1 0 1 RED Before After GREEN 1 1 0 0 1 0 0 0 1 1 1 0 1 1 1 1 BLUE Source: WetStone Technologies

  28. Color Differences Source: WetStone Technologies

  29. Color Differences Source: WetStone Technologies

  30. Color Differences Can you spot the modified pixel? Source: WetStone Technologies

More Related