145 research outputs found

    Network-aware Active Wardens in IPv6

    Get PDF
    Every day the world grows more and more dependent on digital communication. Technologies like e-mail or the World Wide Web that not so long ago were considered experimental, have first become accepted and then indispensable tools of everyday life. New communication technologies built on top of the existing ones continuously race to provide newer and better functionality. Even established communication media like books, radio, or television have become digital in an effort to avoid extinction. In this torrent of digital communication a constant struggle takes place. On one hand, people, organizations, companies and countries attempt to control the ongoing communications and subject them to their policies and laws. On the other hand, there oftentimes is a need to ensure and protect the anonymity and privacy of the very same communications. Neither side in this struggle is necessarily noble or malicious. We can easily imagine that in presence of oppressive censorship two parties might have a legitimate reason to communicate covertly. And at the same time, the use of digital communications for business, military, and also criminal purposes gives equally compelling reasons for monitoring them thoroughly. Covert channels are communication mechanisms that were never intended nor designed to carry information. As such, they are often able to act ``below\u27\u27 the notice of mechanisms designed to enforce security policies. Therefore, using covert channels it might be possible to establish a covert communication that escapes notice of the enforcement mechanism in place. Any covert channel present in digital communications offers a possibility of achieving a secret, and therefore unmonitored, communication. There have been numerous studies investigating possibilities of hiding information in digital images, audio streams, videos, etc. We turn our attention to the covert channels that exist in the digital networks themselves, that is in the digital communication protocols. Currently, one of the most ubiquitous protocols in deployment is the Internet Protocol version 4 (IPv4). Its universal presence and range make it an ideal candidate for covert channel investigation. However, IPv4 is approaching the end of its dominance as its address space nears exhaustion. This imminent exhaustion of IPv4 address space will soon force a mass migration towards Internet Protocol version 6 (IPv6) expressly designed as its successor. While the protocol itself is already over a decade old, its adoption is still in its infancy. The low acceptance of IPv6 results in an insufficient understanding of its security properties. We investigated the protocols forming the foundation of the next generation Internet, Internet Protocol version 6 (IPv6) and Internet Control Message Protocol (ICMPv6) and found numerous covert channels. In order to properly assess their capabilities and performance, we built cctool, a comprehensive covert channel tool. Finally, we considered countermeasures capable of defeating discovered covert channels. For this purpose we extended the previously existing notions of active wardens to equip them with the knowledge of the surrounding network and allow them to more effectively fulfill their role

    Enhanced Multimedia Exchanges over the Internet

    Get PDF
    Although the Internet was not originally designed for exchanging multimedia streams, consumers heavily depend on it for audiovisual data delivery. The intermittent nature of multimedia traffic, the unguaranteed underlying communication infrastructure, and dynamic user behavior collectively result in the degradation of Quality-of-Service (QoS) and Quality-of-Experience (QoE) perceived by end-users. Consequently, the volume of signalling messages is inevitably increased to compensate for the degradation of the desired service qualities. Improved multimedia services could leverage adaptive streaming as well as blockchain-based solutions to enhance media-rich experiences over the Internet at the cost of increased signalling volume. Many recent studies in the literature provide signalling reduction and blockchain-based methods for authenticated media access over the Internet while utilizing resources quasi-efficiently. To further increase the efficiency of multimedia communications, novel signalling overhead and content access latency reduction solutions are investigated in this dissertation including: (1) the first two research topics utilize steganography to reduce signalling bandwidth utilization while increasing the capacity of the multimedia network; and (2) the third research topic utilizes multimedia content access request management schemes to guarantee throughput values for servicing users, end-devices, and the network. Signalling of multimedia streaming is generated at every layer of the communication protocol stack; At the highest layer, segment requests are generated, and at the lower layers, byte tracking messages are exchanged. Through leveraging steganography, essential signalling information is encoded within multimedia payloads to reduce the amount of resources consumed by non-payload data. The first steganographic solution hides signalling messages within multimedia payloads, thereby freeing intermediate node buffers from queuing non-payload packets. Consequently, source nodes are capable of delivering control information to receiving nodes at no additional network overhead. A utility function is designed to minimize the volume of overhead exchanged while minimizing visual artifacts. Therefore, the proposed scheme is designed to leverage the fidelity of the multimedia stream to reduce the largest amount of control overhead with the lowest negative visual impact. The second steganographic solution enables protocol translation through embedding packet header information within payload data to alternatively utilize lightweight headers. The protocol translator leverages a proposed utility function to enable the maximum number of translations while maintaining QoS and QoE requirements in terms of packet throughput and playback bit-rate. As the number of multimedia users and sources increases, decentralized content access and management over a blockchain-based system is inevitable. Blockchain technologies suffer from large processing latencies; consequently reducing the throughput of a multimedia network. Reducing blockchain-based access latencies is therefore essential to maintaining a decentralized scalable model with seamless functionality and efficient utilization of resources. Adapting blockchains to feeless applications will then port the utility of ledger-based networks to audiovisual applications in a faultless manner. The proposed transaction processing scheme will enable ledger maintainers in sustaining desired throughputs necessary for delivering expected QoS and QoE values for decentralized audiovisual platforms. A block slicing algorithm is designed to ensure that the ledger maintenance strategy is benefiting the operations of the blockchain-based multimedia network. Using the proposed algorithm, the throughput and latency of operations within the multimedia network are then maintained at a desired level

    Unified Description for Network Information Hiding Methods

    Full text link
    Until now hiding methods in network steganography have been described in arbitrary ways, making them difficult to compare. For instance, some publications describe classical channel characteristics, such as robustness and bandwidth, while others describe the embedding of hidden information. We introduce the first unified description of hiding methods in network steganography. Our description method is based on a comprehensive analysis of the existing publications in the domain. When our description method is applied by the research community, future publications will be easier to categorize, compare and extend. Our method can also serve as a basis to evaluate the novelty of hiding methods proposed in the future.Comment: 24 pages, 7 figures, 1 table; currently under revie

    Bootstrapping Real-world Deployment of Future Internet Architectures

    Full text link
    The past decade has seen many proposals for future Internet architectures. Most of these proposals require substantial changes to the current networking infrastructure and end-user devices, resulting in a failure to move from theory to real-world deployment. This paper describes one possible strategy for bootstrapping the initial deployment of future Internet architectures by focusing on providing high availability as an incentive for early adopters. Through large-scale simulation and real-world implementation, we show that with only a small number of adopting ISPs, customers can obtain high availability guarantees. We discuss design, implementation, and evaluation of an availability device that allows customers to bridge into the future Internet architecture without modifications to their existing infrastructure

    A New Architecture for Application-aware Cognitive Multihop Wireless Networks

    Get PDF
    In this article, we propose a new architecture for AC-MWN. Cognitive radio is a technique to adaptively use the spectrum so that the resource can be used more efficiently in a low-cost way. A multihop wireless network can be deployed quickly and flexibly without fixed infrastructure. In our proposed new architecture, we study backbone routing schemes with network cognition, and a routing scheme with network coding and spectrum adaptation. A testbed is implemented to test the proposed schemes for AC-MWN. In addition to basic measurements, we implement a video streaming application based on the proposed AC-MWN architecture using cognitive radios. Preliminary results demonstrate that the proposed AC-MWN is applicable, and is valuable for future low-cost and flexible communication networks

    DYST (Did You See That?): An Amplified Covert Channel That Points To Previously Seen Data

    Full text link
    Covert channels are unforeseen and stealthy communication channels that enable manifold adversary scenarios. However, they can also allow the exchange of confidential information by journalists. All covert channels described until now therefore need to craft seemingly legitimate information flows for their information exchange, mimicking unsuspicious behavior. In this paper, we present DYST, which represents a new class of covert channels we call history covert channels jointly with the new paradigm of covert channel amplification. History covert channels can communicate almost exclusively by pointing to unaltered legitimate traffic created by regular network nodes. Only a negligible fraction of the covert communication process requires the transfer of actual covert channel information by the covert channel's sender. This allows, for the first time, an amplification of the covert channel's message size, i.e., minimizing the fraction of actually transferred secret data by a covert channel's sender in relation to the overall secret data being exchanged. We extend the current taxonomy for covert channels to show how history channels can be categorized. We describe multiple scenarios in which history covert channels can be realized, theoretically analyze the characteristics of these channels and show how their configuration can be optimized for different implementations. We further evaluate the robustness and detectability of history covert channels.Comment: 18 pages, rev

    Análisis de esteganografía sobre el protocolo IPv6 como alternativa para una comunicación segura de datos.

    Get PDF
    El presente trabajo de investigación tuvo como objetivo diseñar un mecanismo esteganográfico en el protocolo IPv6. Se realizó un análisis de su arquitectura y características para establecer una comunicación cifrada, hasta llegar al despliegue de dos escenarios de pruebas donde se implementó el mecanismo y se validó su funcionalidad. Se empleó el tipo de investigación experimental y aplicativa; por medio de herramientas de simulación como GNS3, VIRTUALBOX y KALI-LINUX con la aplicación WIRESHARK; se implementó dos escenarios que demostraron el uso y aplicación de los protocolos DNS y SIP usando IPv6 en la capa de red. Se aprovechó dos características que posee el protocolo; la capacidad de autoconfiguración de la porción de ID de interfaz (aleatoria de 64 bits y EUI-64) con una máscara /64 y la gran cantidad de direcciones disponibles. Luego se diseñó un estegograma en la dirección global unicast de los emisores, que facilitó la incrustación de mensajes ocultos entre dos o más nodos. Para la evaluación del mecanismo se consideraron los parámetros de capacidad esteganográfica, probabilidad de detectabilidad, coste esteganográfico y robustez. La prueba de hipótesis de esta investigación consideró la probabilidad de detectabilidad como variable adecuada sobre la que se basó el criterio de decisión. Se utilizó la distribución estadística T-Student para la demostración de la hipótesis planteada y se concluyó que “existe evidencia estadística que la proporción de direcciones IPv6 utilizadas en el mecanismo de esteganografía tienen una probabilidad de detección menor al 50% con un nivel de significancia del 5%. Finalmente se presentó un mecanismo esteganográfico que utilizó la técnica de sustitución, basado en el paradigma “Modificar con precaución” en las direcciones IPv6 con una capacidad máxima de 1792 caracteres usando 256 direcciones.The present research work had as objective to design a stenographic mechanism in the IPv6 protocol. An analysis of its architecture and its characteristics was carried out to stablish an encrypted communication, until reach to the deployment of two tests scenarios where the mechanism was implemented and its functionality was validated. An experimental and applicative kind of researching was used; through simulation tools like GNS3, VIRTUALBOX and KALI-LINUX with the application WIRESHARK; two scenarios which proved the use and application of the DNS and SIP protocols using IPV6 in the network layer were implemented. It was seized two of the characteristics that the protocol has; the auto configuration capacity of the portion of the interface ID (aleatory of 64 bits and EUI-64) with a mask /64 and the great amount of possible directions. Then a steganogram in the unicast global direction of the emitters was designed, which made it easy the incrustation of hidden messages between two or more nodes. For the evaluation of the mechanism the stenographic capacity parameters, the detectability probability, the stenographic cost and sturdiness were considered. The hypothesis test of this researching considered the detectability probability like a suitable variable, on which, the decision criteria was based. It was used the statistic distribution T-student for the demonstration of the hypothesis raised and it was concluded that “there is statistic evidence that the proportion of directions IPv6 used in the steganogram mechanism have a detection probability less than 50% with a level of significance of the 5%. Finally, it was presented a stenographic mechanism, which used the substitution technique based on the paradigm “Modify with caution” in the directions IPv6 with a maximum capacity of 1792 characters using 256 directions
    corecore