Sebastian Zander,Grenville Armitage,Philip Branch

DOI: https://doi.org/10.1109/comst.2007.4317620

2007-01-01

Abstract:Covert channels are used for the secret transfer of information. Encryption only protects communication from being decoded by unauthorised parties, whereas covert channels aim to hide the very existence of the communication. Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols. The huge amount of data and vast number of different protocols in the Internet seems ideal as a high-bandwidth vehicle for covert communication. This article is a survey of the existing techniques for creating covert channels in widely deployed network and application protocols. We also give an overview of common methods for their detection, elimination, and capacity limitation, required to improve security in future computer networks.

computer science, information systems,telecommunications

Ammar T. Zahary,Nesmah A. Al-Khulaidi,Muneer A. S Hazaa,Adel A. Nasser

DOI: https://doi.org/10.1109/eSmarTA59349.2023.10293582

2023-10-10

Abstract:The use of covert communications has become more widespread recently as a solution to the information security issue. Information security can be partially solved by the discovery and creation of covert routes. Covert channel use is still in its early phases, even though information security concerns are growing as a result of quick technology advancements. As a result, several problems and concerns need to be resolved, and the future plan is foggy. This paper seeks to give a thorough comparison of earlier and more recent attempts in this field. It offers a survey of the literature on the drawbacks and gaps in conventional detection techniques, emphasizing the most recent techniques for discovering and creating these covert channels while carefully considering machine learning and deep learning-based detection techniques. Additionally, it broadens the topic to cover the crucial function that these channels play in technology. Timing channels, storage channels, and hybrid channels are just a few of the ways covert channels may be utilized to transfer data. They can be used to get around security measures like intrusion detection systems and firewalls. Additionally, they may be used to steal confidential data from a system, including passwords, credit card numbers, and intellectual property. System security is seriously threatened by covert channels, and more study on covert channel production and detection is required to stay up with the changing threat environment.

Engineering,Computer Science

Muawia A. Elsadig,Ahmed Gafar

DOI: https://doi.org/10.1109/access.2022.3164392

IF: 3.9

2022-01-01

IEEE Access

Abstract:The advanced development of computer networks and communication technologies has made covert communications easier to construct, faster, undetectable and more secure than ever. A covert channel is a path through which secret messages can be leaked by violating a system security policy. The detection of such dangerous, unwatchable, and hidden threats is still one of the most challenging aspects. This threat exploits methods that are not dedicated to communication purposes, meaning that traditional security measures fail to detect its existence. This review has introduced a brief introduction of covert channel definitions, types and developments, with a particular focus on detection techniques using machine learning (ML) approaches. It provides a thorough review of the most common covert channels and ML techniques that are used to counter them, as well as addressing their achievements and limitations. In addition, this paper introduces a comparative experimental study for some common ML approaches that are commonly used in this field. Accordingly, the performance of these classifiers was evaluated and reported. The paper concludes that our information is still at risk, nothing is said to be secured and more work on the detection of covert channels is required.

computer science, information systems,telecommunications,engineering, electrical & electronic

Luca Caviglione

DOI: https://doi.org/10.3390/app11041641

2021-02-11

Applied Sciences

Abstract:Network covert channels are increasingly used to endow malware with stealthy behaviors, for instance to exfiltrate data or to orchestrate nodes of a botnet in a cloaked manner. Unfortunately, the detection of such attacks is difficult as network covert channels are often characterized by low data rates and defenders do not know in advance where the secret information has been hidden. Moreover, neutralization or mitigation are hard tasks, as they require to not disrupt legitimate flows or degrade the quality perceived by users. As a consequence, countermeasures are tightly coupled to specific channel architectures, leading to poorly generalizable and often scarcely scalable approaches. In this perspective, this paper investigates trends and challenges in the development of countermeasures against the most popular network covert channels. To this aim, we reviewed the relevant literature by considering approaches that can be effectively deployed to detect general injection mechanisms or threats observed in the wild. Emphasis has been put on enlightening trajectories that should be considered when engineering mitigation techniques or planning the research to face the increasing wave of information-hiding-capable malware. Results indicate that many works are extremely specialized and an effective strategy for taming security risks caused by network covert channels may benefit from high-level and general approaches. Moreover, mechanisms to prevent the exploitation of ambiguities should be already considered in early design phases of both protocols and services.

Yogesh Heda,Rinku Shah

DOI: https://doi.org/10.1109/conecct.2015.7383926

2015-07-01

Abstract:Secret communication via network has always been an area of interest for attackers. Secrete communication provide a way to discovers and leak information such that system security policies are violated. Covert channel concept for passing data secretly over a communication network existed from many years. Covert channel designer are continuously improving design techniques which create difficult to detect such channels. These channels are different from encryption and steganography. Use of covert attack may be a serious security threat as they can be used for malicious activities. Covert channels exist in most of communication system and allow individual to communicate secretly. It has not only attracted the trusted parties to communicate with each other secretly but has also attracted the hackers/attackers. Existing literature suggests that it is difficult to detect and prevent covert channel communication using traditional accuracy systems. This paper presents detailed survey of existing covert channel design, detection and prevention techniques. The author also presents the classification and comparison of the covert channel design and detection techniques.

Anjan K,Jibi Abraham,Mamatha Jadhav,Mamatha Jadhav V

DOI: https://doi.org/10.48550/arXiv.1101.0104

2010-12-30

Cryptography and Security

Abstract:Computer network is unpredictable due to information warfare and is prone to various attacks. Such attacks on network compromise the most important attribute, the privacy. Most of such attacks are devised using special communication channel called "Covert Channel". The word "Covert" stands for hidden or non-transparent. Network Covert Channel is a concealed communication path within legitimate network communication that clearly violates security policies laid down. The non-transparency in covert channel is also referred to as trapdoor. A trapdoor is unintended design within legitimate communication whose motto is to leak information. Subliminal channel, a variant of covert channel works similarly except that the trapdoor is set in a cryptographic algorithm. A composition of covert channel with subliminal channel is the "Hybrid Covert Channel". Hybrid covert channel is homogenous or heterogeneous mixture of two or more variants of covert channels either active at same instance or at different instances of time. Detecting such malicious channel activity plays a vital role in removing threat to the legitimate network. In this paper, we present a study of multi-trapdoor covert channels and introduce design of a new detection engine for hybrid covert channel in transport layer visualized in TCP and SSL.

Mrinal Ashish Khadse,Dhananjay Manohar Dakhane

DOI: https://doi.org/10.1002/cpe.8316

2024-10-28

Concurrency and Computation Practice and Experience

Abstract:A covert network channel is a communication channel in which the message is secretly transmitted to the recipient. Sometimes, covert network channels are vulnerable to multiple attacks. Therefore, the message must be properly secure. In most cases, the covert channel is used to ensure data protection and allow users to freely access the Internet. In this paper, several recent studies are reviewed on covert network channels and examine the existing works from 2015 to 2024. This review article also discusses the undetectability and reliability of different types of covert network channels. Furthermore, a detailed description of the covert network channel's ability to hide in containers is provided. Existing research on covert network channels explains a few techniques for detecting attacks in secret data communication. However, several machine learning and deep learning techniques have been discussed in this article. Additionally, this article describes the accuracy of detection through an overview of current technologies. In addition, various countermeasures to prevent attacks in covert channels are also discussed in detail. However, in this case, the bandwidth limitations, data set limitations, and covert channel capacity are clearly defined, which will help future researchers build covert network channels and detect attacks. Finally, this work considers the challenges faced by covert network channels and the future scope of application.

computer science, theory & methods, software engineering

Anjan K,Srinath N K,Jibi Abraham

DOI: https://doi.org/10.48550/arXiv.1506.04931

2015-06-16

Cryptography and Security

Abstract:Covert channels is a vital setup in the analysing the strength of security in a network.Covert Channel is illegitimate channelling over the secured channel and establishes a malicious conversation.The trapdoor set in such channels proliferates making covert channel sophisticated to detect their presence in network firewall.This is due to the intricate covert scheme that enables to build robust covert channel over the network.From an attacker's perspective this will ameliorate by placing multiple such trapdoors in different protocols in the rudimentary protocol stack. This leads to a unique scenario of Hybrid Covert Channel, where different covert channel trapdoors exist at the same instance of time in same layer of protocol stack. For detection agents to detect such event is complicated due to lack of knowledge over the different covert schemes. To improve the knowledge of the detection engine to detect the hybrid covert channel scenario it is required to explore all possible clandestine mediums used in the formation of such channels. This can be explored by different schemes available and their entropy impact on hybrid covert channel. The environment can be composed of resources and subject under at-tack and subject which have initiated the attack (attacker). The paper sets itself an objective to understand the different covert schemes and the attack scenario (modelling) and possibilities of covert mediums along with metric for detection.

Serdar Cabuk,Carla E. Brodley,Clay Shields

DOI: https://doi.org/10.1145/1513601.1513604

2009-04-01

ACM Transactions on Information and System Security

Abstract:A covert channel can occur when an attacker finds and exploits a shared resource that is not designed to be a communication mechanism. A network covert channel operates by altering the timing of otherwise legitimate network traffic so that the arrival times of packets encode confidential data that an attacker wants to exfiltrate from a secure area from which she has no other means of communication. In this article, we present the first public implementation of an IP covert channel, discuss the subtle issues that arose in its design, and present a discussion on its efficacy. We then show that an IP covert channel can be differentiated from legitimate channels and present new detection measures that provide detection rates over 95%. We next take the simple step an attacker would of adding noise to the channel to attempt to conceal the covert communication. For these noisy IP covert timing channels, we show that our online detection measures can fail to identify the covert channel for noise levels higher than 10%. We then provide effective offline search mechanisms that identify the noisy channels.

Steffen Wendzel

DOI: https://doi.org/10.48550/arXiv.0809.1949

2011-05-15

Abstract:Covert channel techniques are used by attackers to transfer data in a way prohibited by the security policy. There are two main categories of covert channels: timing channels and storage channels. This paper introduces a new storage channel technique called a protocol channel. A protocol channel switches one of at least two protocols to send a bit combination to a destination. The main goal of a protocol channel is that packets containing covert information look equal to all other packets within a network, what makes a protocol channel hard to detect.

Cryptography and Security

Jiahao Cao,Kun Sun,Qi Li,Mingwei Xu,Zijie Yang,Kyung Joon Kwak,Jason Li

DOI: https://doi.org/10.1007/978-3-030-37228-6_21

2019-01-01

Abstract: Software-Defined Networking (SDN) enables diversified network functionalities with plentiful applications deployed on a logically-centralized controller. In order to work properly, applications are naturally provided with much information on SDN. However, this paper shows that malicious applications can exploit basic SDN mechanisms to build covert channels to stealthily leak out valuable information to end hosts, which can bypass network security policies and break physical network isolation. We design two types of covert channels with basic SDN mechanisms. The first type is a high-rate covert channel that exploits SDN proxy mechanisms to transmit covert messages to colluding hosts inside SDN. The second type is a low-rate covert channel that exploits SDN rule expiry mechanisms to transmit covert messages from SDN applications to any host on the Internet. We develop the prototypes of both covert channels in a real SDN testbed consisting of commercial hardware switches and an open source controller. Evaluations show that the covert channels successfully leak out a TLS private key from the controller to a host inside SDN at a rate of 200 bps with 0% bit error rate, or to a remote host on the Internet at a rate of 0.5 bps with less than 3% bit error rate. In addition, we discuss possible countermeasures to mitigate the covert channel attacks.

Ivan Miketic,Krithika Dhananjay,Emre Salman

DOI: https://doi.org/10.3390/s23042081

IF: 3.9

2023-02-13

Sensors

Abstract:In this paper, first, a broad overview of existing covert channel communication-based security attacks is provided. Such covert channels establish a communication link between two entities that are not authorized to share data. The secret data is encoded into different forms of signals, such as delay, temperature, or hard drive location. These signals and information are then decoded by the receiver to retrieve the secret data, thereby mitigating some of the existing security measures. The important steps of covert channel attacks are described, such as data encoding, communication protocol, data decoding, and models to estimate communication bandwidth and bit error rate. Countermeasures against covert channels and existing covert channel detection techniques are also summarized. In the second part of the paper, the implications of such attacks for emerging packaging technologies, such as 2.5D/3D integration are discussed. Several covert channel threat models for 2.5D/3D ICs are also proposed.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Hanaa Nafea,Kashif Kifayat,Qi Shi,Kashif Naseer Qureshi,Bob Askwith

DOI: https://doi.org/10.1109/access.2019.2961609

IF: 3.9

2020-01-01

IEEE Access

Abstract:Cyber-attacks are causing losses amounted to billions of dollars every year due to data breaches and Vulnerabilities. The existing tools for data leakage prevention and detection are often bypassed by using various different types of sophisticated techniques such as network steganography for stealing the data. This is due to several weaknesses which can be exploited by a threat actor in of existing detection systems. The weaknesses are high time and memory training complexities as well as large training datasets. These challenges become worse when the amount of generated data increasing in every second in many realms. In addition, the number of false positives is high which make them inaccurate. Finally, there is a lack of a framework catering the needs such as raising alerts as well as data monitoring and updating/adapting of a threshold value used for checking the data packets for covert data. In order to overcome these weaknesses, this paper proposes a novel framework that includes elements such as continuous data monitoring, threshold maintenance, and alert notification. This paper also proposes a model based on statistical measures to detects covert data leakages, especially for non-linear chaotic data. The main advantage of proposed model is its capability to provide results with tolerance/threshold values much more efficiently. Experiment are indicated that the proposed framework has low false positives and outperforms over various existing techniques in terms of accuracy and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Steffen Wendzel,Sebastian Zander,Bernhard Fechner,Christian Herdin

DOI: https://doi.org/10.1145/2684195

IF: 16.6

2015-04-16

ACM Computing Surveys

Abstract:Network covert channels are used to hide communication inside network protocols. Various techniques for covert channels have arisen in the past few decades. We surveyed and analyzed 109 techniques developed between 1987 and 2013 and show that these techniques can be reduced to only 11 different patterns. Moreover, the majority (69.7%) of techniques can be categorized into only four different patterns (i.e., most techniques we surveyed are similar). We represent the patterns in a hierarchical catalog using a pattern language. Our pattern catalog will serve as a base for future covert channel novelty evaluation. Furthermore, we apply the concept of pattern variations to network covert channels. With pattern variations, the context of a pattern can change. For example, a channel developed for IPv4 can automatically be adapted to other network protocols. We also propose the pattern-based covert channel optimizations pattern hopping and pattern combination. Finally, we lay the foundation for pattern-based countermeasures: whereas many current countermeasures were developed for specific channels, a pattern-oriented approach allows application of one countermeasure to multiple channels. Hence, future countermeasure development can focus on patterns, and the development of real-world protection against covert channels is greatly simplified.

computer science, theory & methods

Simone Soderi,Rocco De Nicola

DOI: https://doi.org/10.1007/978-981-99-9614-8_11

2024-04-24

Abstract:Covert channel networks are a well-known method for circumventing the security measures organizations put in place to protect their networks from adversarial attacks. This paper introduces a novel method based on bit-rate modulation for implementing covert channels between devices connected over a wide area network. This attack can be exploited to exfiltrate sensitive information from a machine (i.e., covert sender) and stealthily transfer it to a covert receiver while evading network security measures and detection systems. We explain how to implement this threat, focusing specifically on covert channel networks and their potential security risks to network information transmission. The proposed method leverages bit-rate modulation, where a high bit rate represents a '1' and a low bit rate represents a '0', enabling covert communication. We analyze the key metrics associated with covert channels, including robustness in the presence of legitimate traffic and other interference, bit-rate capacity, and bit error rate. Experiments demonstrate the good performance of this attack, which achieved 5 bps with excellent robustness and a channel capacity of up to 0.9239 bps/Hz under different noise sources. Therefore, we show that bit-rate modulation effectively violates network security and compromises sensitive data.

Cryptography and Security,Information Theory,Networking and Internet Architecture

Jing Tian,Gang Xiong,Zhen Li,Gaopeng Gou

DOI: https://doi.org/10.1155/2020/8892896

IF: 1.968

2020-08-05

Security and Communication Networks

Abstract:In order to protect user privacy or guarantee free access to the Internet, the network covert channel has become a hot research topic. It refers to an information channel in which the messages are covertly transmitted under the network environment. In recent years, many new construction schemes of network covert channels are proposed. But at the same time, network covert channel has also received the attention of censors, leading to many attacks. The network covert channel refers to an information channel in which the messages are covertly transmitted under the network environment. Many users exploit the network covert channel to protect privacy or guarantee free access to the Internet. Previous construction schemes of the network covert channel are based on information steganography, which can be divided into CTCs and CSCs. In recent years, there are some covert channels constructed by changing the transmission network architecture. On the other side, some research work promises that the characteristics of emerging network may better fit the construction of the network covert channel. In addition, the covert channel can also be constructed by changing the transmission network architecture. The proxy and anonymity communication technology implement this construction scheme. In this paper, we divide the key technologies for constructing network covert channels into two aspects: communication content level (based on information steganography) and transmission network level (based on proxy and anonymity communication technology). We give an comprehensively summary about covert channels at each level. We also introduce work for the three new types of network covert channels (covert channels based on streaming media, covert channels based on blockchain, and covert channels based on IPv6). In addition, we present the attacks against the network covert channel, including elimination, limitation, and detection. Finally, the challenge and future research trend in this field are discussed.

computer science, information systems,telecommunications

Steffen Wendzel,Sebastian Zander,Bernhard Fechner,Christian Herdin

DOI: https://doi.org/10.1145/2684195

2015-03-20

Abstract:Network covert channels are used to hide communication inside network protocols. Within the last decades, various techniques for covert channels arose. We surveyed and analyzed 109 techniques developed between 1987 and 2013 and show that these techniques can be reduced to only 11 different patterns. Moreover, the majority (69.7%) of techniques can be categorized in only four different patterns, i.e. most of the techniques we surveyed are very similar. We represent the patterns in a hierarchical catalog using a pattern language. Our pattern catalog will serve as a base for future covert channel novelty evaluation. Furthermore, we apply the concept of pattern variations to network covert channels. With pattern variations, the context of a pattern can change. For example, a channel developed for IPv4 can automatically be adapted to other network protocols. We also propose the pattern-based covert channel optimizations pattern hopping and pattern combination. Finally, we lay the foundation for pattern-based countermeasures: While many current countermeasures were developed for specific channels, a pattern-oriented approach allows to apply one countermeasure to multiple channels. Hence, future countermeasure development can focus on patterns, and the development of real-world protection against covert channels is greatly simplified.

Cryptography and Security

Xinying Chen,Jianping An,Zehui Xiong,Chengwen Xing,Nan Zhao,F. Richard Yu,Arumugam Nallanathan

DOI: https://doi.org/10.1109/comst.2023.3263921

IF: 35.6

2023-01-01

IEEE Communications Surveys & Tutorials

Abstract:Information security has always been a critical issue in wireless networks. Apart from other secure techniques, covert communication emerges as a potential solution to security for wireless networks owing to its high-security level. In covert communication networks, the transmitter hides the transmitted signals into environmental or artificial noise by introducing randomness to avoid detection at the warden. By eliminating the existence of transmitted signals at the warden, information security can be preserved more solidly than other secure transmission techniques, i.e., without noticing the existence. Due to the promising security protection, covert communication has been successfully utilized in tremendous wireless communication scenarios. However, fundamental challenges in its practical implementation still exist, e.g., the effectiveness of randomness utilization, the low signal-to-interference-plus-noise ratio at legitimate users, etc. In this survey, we demonstrate a comprehensive review concentrating on the applications, solutions, and future challenges of covert communications. Specifically, the covert principle and research categories are first introduced. Then, the applications in the networks with different topologies and the effective covert techniques in the existing literature are reviewed. We also discuss the potential implementation of covert communications in future networks and the open challenges.

computer science, information systems,telecommunications