Efficient, secure and covert channel capacity bounded protocols for multilevel security cross-domain environments - an experimental system

The communication in MLS cross-domain environments faces many challenges. The three most important challenges are efficient key management, privacy preserving and covert channel. We propose an Efficient, Secure and Covert Channel Capacity Bounded Protocol which has three algorithms that addresses these challenges: The Efficient Attribute-based Fine-Grained Authentication (EAFA) algorithm, Anonymous Authentication (A2) algorithm and Limiting Covert Channel Capacity (LC3) algorithm. We implemented a prototype of the ESC3B protocol and measured the performance and efficiency of the system

Limiting DNS covert channels and network validated DNS

Despite the variety and number of network security devices and policies available, sensitive data, such as intellectual property and business data, can still be surreptitiously sent via the Internet to unscrupulous receivers. Furthermore, few security mechanisms address securing or limiting covert channels. This study defines a framework for determining a rule set to minimize covert channel capacity on the DNS protocol specifically. The information and techniques used in this study may be useful in aiding security professionals and developers with enforcing security policies on DNS and other Internet protocols.;This research resulted in the development of a rudimentary tool, referred to as NV-DNS, capable of detecting and effectively limiting the capability of covert channels in DNS communication packets

Information Leakage as a Model for Quality of Anonymity Networks

Measures for anonymity in systems must be on one hand simple and concise, and on the other hand reflect the realities of real systems. Such systems are heterogeneous, as are the ways they are used, the deployed anonymity measures, and finally the possible attack methods. Implementation quality and topologies of the anonymity measures must be considered as well. We therefore propose a new measure for the anonymity degree, that takes into account these various. We model the effectiveness of single mixes or of mix networks in terms of information leakage, and we measure it in terms of covert channel capacity. The relationship between the anonymity degree and information leakage is described, and an example is shown

Information Leakage as a Model for Quality of Anonymity Networks

Measures for anonymity in systems must be on one hand simple and concise, and on the other hand reflect the realities of real systems. Such systems are heterogeneous, as are the ways they are used, the deployed anonymity measures, and finally the possible attack methods. Implementation quality and topologies of the anonymity measures must be considered as well. We therefore propose a new measure for the anonymity degree, that takes into account these various. We model the effectiveness of single mixes or of mix networks in terms of information leakage, and we measure it in terms of covert channel capacity. The relationship between the anonymity degree and information leakage is described, and an example is shown

Unified Description for Network Information Hiding Methods

Until now hiding methods in network steganography have been described in arbitrary ways, making them difficult to compare. For instance, some publications describe classical channel characteristics, such as robustness and bandwidth, while others describe the embedding of hidden information. We introduce the first unified description of hiding methods in network steganography. Our description method is based on a comprehensive analysis of the existing publications in the domain. When our description method is applied by the research community, future publications will be easier to categorize, compare and extend. Our method can also serve as a basis to evaluate the novelty of hiding methods proposed in the future.Comment: 24 pages, 7 figures, 1 table; currently under revie

Exploração de Covert Channels de Rede sobre comunicações IEEE 802.15.4

The advancements in information and communication technology in the past decades have been converging into a new communication paradigm in which everything is expected to be interconnected with the heightened pervasiveness and ubiquity of the Internet of Things (IoT) paradigm. As these technologies mature, they are increasingly finding its way into more sensitive domains, such as Medical and Industrial IoT, in which safety and cyber-security are paramount. While the number of deployed IoT devices continues to increase annually, up to tens of billions of connected devices, IoT devices continue to present severe cyber-security vulnerabilities, which are worsened by challenges such as scalability, heterogeneity, and their often scarce computing capacity. Network covert channels are increasingly being used to support malware with stealthy behaviours, aiming at exfiltrating data or to orchestrate nodes of a botnet in a cloaked fashion. Nevertheless, the attention to this problem regarding underlying and pervasive IoT protocols such as the IEEE 802.15.4 has been scarce. Therefore, in this Thesis, we aim at analysing the performance and feasibility of such covertchannel implementations upon the IEEE 802.15.4 protocol to support the development of new mechanisms and add-ons that can effectively contribute to improve the current state of-art of IoT systems which rely on such, or similar underlying communication technologies.Os avanços nas tecnologias de informação e comunicação nas últimas décadas têm convergido num novo paradigma de comunicação, onde se espera que todos os intervenientes estejam interconectados pela ubiquidade do paradigma da Internet of Things (Internet das Coisas). Com a maturação destas tecnologias, elas têm-se vindo a infiltrar em domínios cada vez mais sensíveis, como nas aplicações médicas e industriais, onde a confiabilidade da informação e cyber-segurança são um fator crítico. Num contexto onde o número de dispositivos IoT continua a aumentar anualmente, já na ordem das dezenas de biliões de dispositivos interconectados, estes continuam, contudo, a apresentar severas vulnerabilidades no campo da cyber-segurança, sendo que os desafios como a escalabilidade, heterogeneidade e, na maioria das vezes, a sua baixa capacidade de processamento, tornam ainda mais complexa a sua resolução de forma permanente. Os covert channels de rede são cada vez mais um meio de suporte a malwares que apresentam comportamentos furtivos, almejando a extração de informação sensível ou a orquestração de nós de uma botnet de uma forma camuflada. Contudo, a atenção dada a este problema em protocolos de rede IoT abrangentes como o IEEE 802.15.4, tem sido escassa. Portanto, nesta tese, pretende-se elaborar uma análise da performance e da viabilidade da implementação de covert channels em modelos de rede onde figura o protocolo IEEE 802.15.4 de forma a suportar o desenvolvimento de novos mecanismos e complementos que podem efetivamente contribuir para melhorar a ciber-segurança de sistemas IoT que dependem do suporte destas tecnologias de comunicação

Quantitative analysis of the leakage of confidential data

Basic information theory is used to analyse the amount of confidential information which may be leaked by programs written in a very simple imperative language. In particular, a detailed analysis is given of the possible leakage due to equality tests and if statements. The analysis is presented as a set of syntax-directed inference rules and can readily be automated

Studying Maximum Information Leakage Using Karush-Kuhn-Tucker Conditions

When studying the information leakage in programs or protocols, a natural question arises: "what is the worst case scenario?". This problem of identifying the maximal leakage can be seen as a channel capacity problem in the information theoretical sense. In this paper, by combining two powerful theories: Information Theory and Karush-Kuhn-Tucker conditions, we demonstrate a very general solution to the channel capacity problem. Examples are given to show how our solution can be applied to practical contexts of programs and anonymity protocols, and how this solution generalizes previous approaches to this problem