Download
covert data channels n.
Skip this Video
Loading SlideShow in 5 Seconds..
Covert Data Channels PowerPoint Presentation
Download Presentation
Covert Data Channels

Covert Data Channels

114 Views Download Presentation
Download Presentation

Covert Data Channels

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Covert Data Channels When Insiders Attack

  2. Overview • Introduction • Covert Storage Channels • Covert Timing Channels • Channel Operation • Channel Detection • Discussion Ping Ping Ping Ping

  3. Introduction • Altering otherwise normal network traffic to secretly transmit information

  4. Covert Storage Channels • Data is written to and read from sections of network packets not intended for data transmission. • Altering packet payload data is usually considered subliminal instead of covert. • Use space in protocol headers

  5. Covert Timing Channels • Alter the timing of otherwise legitimate network traffic to transmit data • Two types of timing channels: Active and Passive • IP Covert Timing Channels • Time-Replay Timing Channels • JitterBug

  6. Channel Operation • Efficacy • Contention noise • Jitter • Speed • US Constitution • 7620 words, 45703 characters, 14298 zip • 1 Mbps line, 85 packets per second

  7. Channel Detection • Similarity • Compressibility • Entropy

  8. Discussion • How could IP spoofing be used with covert channels? • What protocols might be useable even on an extremely locked down network?

  9. References [1] Gianvecchio, S. and Wang, H. 2007. Detecting covert timing channels: an entropy-based approach. In Proceedings of the 14th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 28 - 31, 2007). CCS '07. ACM, New York, NY, pp. 307-316. [2] Cabuk, S., Brodley, C., and Shields, C. 2009. IP Covert Channel Detection. ACM Transactions on Information System Security, Volume 12, Issue 4 (Apr. 2009), pp. 1-29. [3] Thyer, J. 2008. Covert Data Storage Channel Using IP Packet Headers. Global Information Assurance Certification, Gold Certification, SANS Institute, pp. 1-53.