8,145 research outputs found
Covert Ephemeral Communication in Named Data Networking
In the last decade, there has been a growing realization that the current
Internet Protocol is reaching the limits of its senescence. This has prompted
several research efforts that aim to design potential next-generation Internet
architectures. Named Data Networking (NDN), an instantiation of the
content-centric approach to networking, is one such effort. In contrast with
IP, NDN routers maintain a significant amount of user-driven state. In this
paper we investigate how to use this state for covert ephemeral communication
(CEC). CEC allows two or more parties to covertly exchange ephemeral messages,
i.e., messages that become unavailable after a certain amount of time. Our
techniques rely only on network-layer, rather than application-layer, services.
This makes our protocols robust, and communication difficult to uncover. We
show that users can build high-bandwidth CECs exploiting features unique to
NDN: in-network caches, routers' forwarding state and name matching rules. We
assess feasibility and performance of proposed cover channels using a local
setup and the official NDN testbed
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
In this paper we show how attackers can covertly leak data (e.g., encryption
keys, passwords and files) from highly secure or air-gapped networks via the
row of status LEDs that exists in networking equipment such as LAN switches and
routers. Although it is known that some network equipment emanates optical
signals correlated with the information being processed by the device
('side-channel'), intentionally controlling the status LEDs to carry any type
of data ('covert-channel') has never studied before. A malicious code is
executed on the LAN switch or router, allowing full control of the status LEDs.
Sensitive data can be encoded and modulated over the blinking of the LEDs. The
generated signals can then be recorded by various types of remote cameras and
optical sensors. We provide the technical background on the internal
architecture of switches and routers (at both the hardware and software level)
which enables this type of attack. We also present amplitude and frequency
based modulation and encoding schemas, along with a simple transmission
protocol. We implement a prototype of an exfiltration malware and discuss its
design and implementation. We evaluate this method with a few routers and
different types of LEDs. In addition, we tested various receivers including
remote cameras, security cameras, smartphone cameras, and optical sensors, and
also discuss different detection and prevention countermeasures. Our experiment
shows that sensitive data can be covertly leaked via the status LEDs of
switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per
LED
An ensemble model to detect packet length covert channels
Covert channel techniques have enriched the way to commit dangerous and unwatched attacks. They exploit ways that are not intended to convey information; therefore, traditional security measures cannot detect them. One class of covert channels that difficult to detect, mitigate, or eliminate is packet length covert channels. This class of covert channels takes advantage of packet length variations to convey covert information. Numerous research articles reflect the useful use of machine learning (ML) classification approaches to discover covert channels. Therefore, this study presented an efficient ensemble classification model to detect such types of attacks. The ensemble model consists of five machine learning algorithms representing the base classifiers. The base classifiers include naive Bayes (NB), decision tree (DT), support vector machine (SVM), k-nearest neighbor (KNN), and random forest (RF). Whereas, the logistic regression (LR) classifier was employed to aggregate the outputs of the base classifiers and thus to generate the ensemble classifier output. The results showed a good performance of our proposed ensemble classifier. It beats all single classification algorithms, with a 99.3% accuracy rate and negligible classification errors
- …