Covert Channels and Anonymous Communication in Ad-hoc Networks

Ad-hoc wireless networks distinguish themselves from their traditional wired counterparts by three unique characteristics: mobility, lack of infrastructure, and shared wireless channel. These properties have gained popularity in various military and civilian applications, but have also introduced challenging problems in terms of ensuring satisfying network performance and network security. Ad hoc networks are a fertile ground for new threats and security problems. We start by demonstrating how new covert attacks can be launched by using the ad hoc network protocols. In particular, nodes in ad-hoc wireless networks have to cooperate with each other in order to accomplish many networking functions such as routing and channel access. We observe that covert information can be conveyed during the cooperation procedure. It is very difficult to eliminate or even detect these covert channels. Simulation results show that performance of these covert channels depends on various network characteristics. Anonymous communication has been considered as one possible way of fighting covert threats. In fact, anonymity and privacy by themselves have attracted intensive attention as important societal issues and desirable security features. One of the key components in most anonymous routing protocols is anonymous trapdoors, for which we propose a new construction scheme based on pairing-based cryptographies. More careful analysis has shown that anonymity could be in conflict with other secure properties and secure mechanisms, such as accountability and intrusion detection. We propose a solution that can flexibly trade off anonymity against accountability according to the needs of individual applications. The basic idea is to distribute the real identity of a given user among a set of pseudonyms in such a way that only a sufficient number of pseudonyms can lead to the recovery of the identity. Users authenticate each other anonymously under pseudonyms. When the number of times a user is caught misbehaving exceeds the threshold, the user's real identity can be recovered from the pseudonyms that had been used. Thus, accountability is enforced. As conclusion, we propose to jointly investigate and incorporate all different secure properties by using various secure mechanisms across multiple protocol layers of the network

Information Leakage Detection in Distributed Systems using Software Agents

Covert channel attacks utilize shared resources to indirectly transmit sensitive information to unauthorized parties. Current security mechanisms such as SELinux rely on tagging the filesystem with access control properties. However, such mechanisms do not provide strong protection against information laundering via covert channels. Colored Linux [20], an extension to SELinux, utilizes watermarking algorithms to “color” the contents of each file with their respective security classification to enhance resistance to information laundering attacks. In this paper, we propose a mobile agent-based approach to automate the process of detecting and coloring receptive hosts’ filesystems and monitoring the colored filesystem for instances of potential information leakage. Implementation details and execution results are included to illustrate the merits of the proposed approach

Name-passing calculi and crypto-primitives: A survey

The paper surveys the literature on high-level name-passing process calculi, and their extensions with cryptographic primitives. The survey is by no means exhaustive, for essentially two reasons. First, in trying to provide a coherent presentation of different ideas and techniques, one inevitably ends up leaving out the approaches that do not fit the intended roadmap. Secondly, the literature on the subject has been growing at very high rate over the years. As a consequence, we decided to concentrate on few papers that introduce the main ideas, in the hope that discussing them in some detail will provide sufficient insight for further reading

Improving Detection Method for Covert Channel in TCP/IP Network

ABSTRACT: Covert channels use stealth communications to compromise the security policies of systems. They constitute an important security threat since they can be used to exfiltrate confidential data from networks. TCP/IP protocols are used every day and are subject to covert channels problems. Covert channels are used for the secret transfer of information. Encryption only protects communication from being decoded by unauthorized parties, whereas covert channels aim to hide the very existence of the communication. Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols. The huge amount of data and vast number of different protocols in the Internet seems ideal as a high-bandwidth vehicle for covert communication. The aim of this paper is to give an overview of covert channels in TCP/IP networks. We briefly describe the TCP and IP protocols, the methods to set them up in TCP/IP networks; then we study the methods to detect covert channels