1 / 14

Covert Data Channels

Covert Data Channels. When Insiders Attack. Overview. Introduction Covert Storage Channels Covert Timing Channels Channel Operation Channel Detection Discussion. Ping. Ping. Ping. Ping. Introduction. Altering otherwise normal network traffic to secretly transmit information.

fadhila
Download Presentation

Covert Data Channels

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Covert Data Channels When Insiders Attack

  2. Overview • Introduction • Covert Storage Channels • Covert Timing Channels • Channel Operation • Channel Detection • Discussion Ping Ping Ping Ping

  3. Introduction • Altering otherwise normal network traffic to secretly transmit information

  4. Covert Storage Channels • Data is written to and read from sections of network packets not intended for data transmission. • Altering packet payload data is usually considered subliminal instead of covert. • Use space in protocol headers

  5. Covert Timing Channels • Alter the timing of otherwise legitimate network traffic to transmit data • Two types of timing channels: Active and Passive • IP Covert Timing Channels • Time-Replay Timing Channels • JitterBug

  6. Channel Operation • Efficacy • Contention noise • Jitter • Speed • US Constitution • 7620 words, 45703 characters, 14298 zip • 1 Mbps line, 85 packets per second

  7. Channel Detection • Similarity • Compressibility • Entropy

  8. Discussion • How could IP spoofing be used with covert channels? • What protocols might be useable even on an extremely locked down network?

  9. References [1] Gianvecchio, S. and Wang, H. 2007. Detecting covert timing channels: an entropy-based approach. In Proceedings of the 14th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 28 - 31, 2007). CCS '07. ACM, New York, NY, pp. 307-316. [2] Cabuk, S., Brodley, C., and Shields, C. 2009. IP Covert Channel Detection. ACM Transactions on Information System Security, Volume 12, Issue 4 (Apr. 2009), pp. 1-29. [3] Thyer, J. 2008. Covert Data Storage Channel Using IP Packet Headers. Global Information Assurance Certification, Gold Certification, SANS Institute, pp. 1-53.

More Related