3,936 research outputs found
A Covert Channel Using Named Resources
A network covert channel is created that uses resource names such as
addresses to convey information, and that approximates typical user behavior in
order to blend in with its environment. The channel correlates available
resource names with a user defined code-space, and transmits its covert message
by selectively accessing resources associated with the message codes. In this
paper we focus on an implementation of the channel using the Hypertext Transfer
Protocol (HTTP) with Uniform Resource Locators (URLs) as the message names,
though the system can be used in conjunction with a variety of protocols. The
covert channel does not modify expected protocol structure as might be detected
by simple inspection, and our HTTP implementation emulates transaction level
web user behavior in order to avoid detection by statistical or behavioral
analysis.Comment: 9 page
Covert Ephemeral Communication in Named Data Networking
In the last decade, there has been a growing realization that the current
Internet Protocol is reaching the limits of its senescence. This has prompted
several research efforts that aim to design potential next-generation Internet
architectures. Named Data Networking (NDN), an instantiation of the
content-centric approach to networking, is one such effort. In contrast with
IP, NDN routers maintain a significant amount of user-driven state. In this
paper we investigate how to use this state for covert ephemeral communication
(CEC). CEC allows two or more parties to covertly exchange ephemeral messages,
i.e., messages that become unavailable after a certain amount of time. Our
techniques rely only on network-layer, rather than application-layer, services.
This makes our protocols robust, and communication difficult to uncover. We
show that users can build high-bandwidth CECs exploiting features unique to
NDN: in-network caches, routers' forwarding state and name matching rules. We
assess feasibility and performance of proposed cover channels using a local
setup and the official NDN testbed
A Covert Data Transport Protocol
Both enterprise and national firewalls filter network connections. For data
forensics and botnet removal applications, it is important to establish the
information source. In this paper, we describe a data transport layer which
allows a client to transfer encrypted data that provides no discernible
information regarding the data source. We use a domain generation algorithm
(DGA) to encode AES encrypted data into domain names that current tools are
unable to reliably differentiate from valid domain names. The domain names are
registered using (free) dynamic DNS services. The data transmission format is
not vulnerable to Deep Packet Inspection (DPI).Comment: 8 pages, 10 figures, conferenc
- …