covert channels
Download
Skip this Video
Download Presentation
Covert Channels

Loading in 2 Seconds...

play fullscreen
1 / 17

Covert Channels - PowerPoint PPT Presentation


  • 203 Views
  • Uploaded on

Covert Channels. John Dabney. Covert Channels. “. . . any communication channel that can be exploited by a process to transfer information in a manner that violates the system\'s security policy. National Institute of Standards and Technology

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Covert Channels' - emmett


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
covert channels

Covert Channels

John Dabney

covert channels1
Covert Channels
  • “. . . any communication channel that can be exploited by a process to transfer information in a manner that violates the system\'s security policy.
      • National Institute of Standards and Technology
  • “a path of communication that was not designed to be used for communication.” - Matt Bishop
steganography
Steganography
  • “the practice of concealing information in channels that superficially appear benign.”
  • “While cryptography is about protecting the content of messages, steganography is about concealing their very existence.” – Fabien Petitcolas
properties
Properties
  • Existence
    • Hide the fact that communication is taking place
  • Bandwidth
    • Unused
    • Detectability
  • Evaluation
    • Ease of implementation
    • Range
    • Permissibility
    • Probability of detection
    • Anonymity
      • “Unobservable”
      • “Unlinkable”
usage
Usage
  • Network
    • Wireless - Corrupted headers
    • Modifying header fields
      • Optional/mandatory – bits used infrequently raise risk of detection
    • Modifying existing traffic
  • Audio and Video stenograms
  • Encryption
  • Canary trap and Digital watermarking
an example
An example
  • http://www.petitcolas.net/fabien/steganography/image%5Fdowngrading/
detection
Detection
  • Comparison with original
  • Artifacts from applications used to hide information
  • Statistical analysis
  • Wireless - High error rates
mitigation
Mitigation
  • Not complete elimination
  • Isolation
  • Bandwidth - time
  • Randomness/Uniformity
  • Compression
  • Changing formats
  • Disabling certain traffic
bibliography
Bibliography
  • Bishop, Matt. Introduction to Computer Security. Massachusetts: Pearson Education, Inc., 2005.
  • “Canary Trap.” Wikipedia. http://en.wikipedia.org/wiki/Canary_trap. April 26, 2007.
  • “Covert Channels.” Wikipedia. http://en.wikipedia.org/wiki/Covert_channel. April 26, 2007.
  • Dunbar, Bret. A detailed look at Steganographic Techniques and their use in an Open-Systems Environment. SANS Institute. 01/18/2002http://www.sans.org/reading_room/papers/download.php?id=677&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629. April 26, 2007.
  • Owens, Mark. A Discussion of Covert Channels and Steganography. SANS/GIAC GSEC 1.3. March 19, 2002. http://www.sans.org/reading_room/papers/download.php?id=678&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629. April 26, 2007.
  • Petitcolas, Fabien. “the information hiding homepage digital watermarking and steganography.” (Nov. 2006) Fabien a. p. petitcolas. http://www.petitcolas.net/fabien/steganography/image%5Fdowngrading/ April 26, 2007.
  • Sbrusch, Raymond. Network Covert Channels: Subversive Secrecy. SANS Institute. http://www.sans.org/reading_room/papers/download.php?id=1660&c=29cae459acbc32dac569453048050082&portal=67dfc17e34bed372c83983ad0cbd5629. April 26, 2007
  • “Steganography.” Wikipedia. http://en.wikipedia.org/wiki/Steganography. April 26, 2007.
  • Wingate, Jim. The Perfect Dead Drop: The Use of Cyberspace for Covert Communications. BackBone Security.com. http://www.infosec-technologies.com/steganograph.pdf. April 26, 2007.
ad