Network Covert Channels: Review of Current State and Analysis of Viability of the use of X.509 Certificates for Covert Communications

The popularity of computer-based smuggling has increased as a result of organizations taking measures to prevent traditional means of data exfiltration. Most organizations depend on broad and heterogeneous communication networks, which provide numerous possibilities for malicious users to smuggle sensitive private information out of their boundaries. They can achieve that objective with the use of network covert channels, that apart from carrying the data outside of the organization, hide the fact that the communication is taking place. This study provides a comprehensive, up to date review of the current state of research in the field of network covert channels: hidden communication channels that abuse legitimate network communication channels. It also presents a novel technique to establish such channels based on the use Digital Certificates, along with an informal framework to exfiltrate data making use of the technique. It involves the use of the Transport Secure Layer protocol, a network protocol normally used to provide confidentiality and integrity services to applications. Several detection and prevention mechanisms and methodologies exist or have been proposed to counter the threats posed by this hidden communication channels. They are also identified and discussed in this work, explaining their applicability and limitations