3 research outputs found
Network Covert Channels: Review of Current State and Analysis of Viability of the use of X.509 Certificates for Covert Communications
The popularity of computer-based smuggling has increased as a result of
organizations taking measures to prevent traditional means of data
exfiltration. Most organizations depend on broad and heterogeneous
communication networks, which provide numerous possibilities for malicious
users to smuggle sensitive private information out of their boundaries. They
can achieve that objective with the use of network covert channels, that apart
from carrying the data outside of the organization, hide the fact that the
communication is taking place. This study provides a comprehensive, up to date
review of the current state of research in the field of network covert
channels: hidden communication channels that abuse legitimate network
communication channels. It also presents a novel technique to establish such
channels based on the use Digital Certificates, along with an informal
framework to exfiltrate data making use of the technique. It involves the use
of the Transport Secure Layer protocol, a network protocol normally used to
provide confidentiality and integrity services to applications.
Several detection and prevention mechanisms and methodologies exist or have
been proposed to counter the threats posed by this hidden communication
channels. They are also identified and discussed in this work, explaining
their applicability and limitations