Network Management in Non-classified Data Hiding System Using Master Resident over Hidden Layer, Journal of Telecommunications and Information Technology, 2011, nr 1

The paper presents a practical implementation of the non-classified data hiding system (NDHS) understood asa military platform for information warfare that takes advantage of the hidden data transmission for voice connections inorder to gain informational lead over a potential enemy. The NDHS performs here as a botnet network that is managedby the hidden transmission controller referred to as the master resident. Research studies are dedicated to investigationof various connections in heterogeneous links as well as functionalities of such components as hidden protocol bridges andthe master resident

A MAC layer covert channel in 802.11 networks

Covert channels in modern communication networks are a source of security concerns. Such channels can be used to facilitate command and control of botnets or inject malicious contents into unsuspected end-user devices or network nodes. The vast majority of the documented covert channels make use of the upper layers of the Open Systems Interconnection (OSI) model. In this thesis, we present a new covert channel in IEEE 802.11 networks, making use of the Protocol Version field in the Medium Access Control (MAC) header. This is achieved by forging modified Clear To Send (CTS) and Acknowledgment (ACK) frames. Forward error correction mechanisms and interleaving were implemented to increase the proposed channel's robustness to error. A laboratory implementation of the proposed channel is presented by developing the necessary code in Python, operating in a Linux environment. We present the results of tests conducted on the proposed channel, including measurements of channel errors, available data rate for transmission, and level of covertness.http://archive.org/details/amaclayercovertc1094548138Lieutenant, Portuguese NavyApproved for public release; distribution is unlimited

Behavioral Mimicry Covert Communication

Covert communication refers to the process of communicating data through a channel that is neither designed, nor intended to transfer information. Traditionally, covert channels are considered as security threats in computer systems and a great deal of attention has been given to countermeasures for covert communication schemes. The evolution of computer networks led the communication community to revisit the concept of covert communication not only as a security threat but also as an alternative way of providing security and privacy to communication networks. In fact, the heterogeneous structure of computer networks and the diversity of communication protocols provide an appealing setting for covert channels. This dissertation is an exploration on a novel design methodology for undetectable and robust covert channels in communication networks. Our new design methodology is based on the concept of behavioral mimicry in computer systems. The objective is to design a covert transmitter that has enough degrees of freedom to behave like an ordinary transmitter and react normally to unpredictable network events, yet it has the ability to modulate a covert message over its behavioral fingerprints in the network. To this end, we argue that the inherent randomness in communication protocols and network environments is the key in finding the proper medium for network covert channels. We present a few examples on how random behaviors in communication protocols lead to discovery of suitable shared resources for covert channels. The proposed design methodology is tested on two new covert communication schemes, one is designed for wireless networks and the other one is optimized for public communication networks (e.g., Internet). Each design is accompanied by a comprehensive analysis from undetectability, achievable covert rate and reliability perspectives. In particular, we introduced turbo covert channels, a family of extremely robust model-based timing covert channels that achieve provable polynomial undetectability in public communication networks. This means that the covert channel is undetectable against any polynomial-time statistical test that analyzes samples of the covert traffic and the legitimate traffic of the network. Target applications for the proposed covert communication schemes are discussed including detailed practical scenarios in which the proposed channels can be implemented

Journal of Telecommunications and Information Technology, 2011, nr 1

kwartalni