28,135 research outputs found
Unified Description for Network Information Hiding Methods
Until now hiding methods in network steganography have been described in
arbitrary ways, making them difficult to compare. For instance, some
publications describe classical channel characteristics, such as robustness and
bandwidth, while others describe the embedding of hidden information. We
introduce the first unified description of hiding methods in network
steganography. Our description method is based on a comprehensive analysis of
the existing publications in the domain. When our description method is applied
by the research community, future publications will be easier to categorize,
compare and extend. Our method can also serve as a basis to evaluate the
novelty of hiding methods proposed in the future.Comment: 24 pages, 7 figures, 1 table; currently under revie
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
In this paper we show how attackers can covertly leak data (e.g., encryption
keys, passwords and files) from highly secure or air-gapped networks via the
row of status LEDs that exists in networking equipment such as LAN switches and
routers. Although it is known that some network equipment emanates optical
signals correlated with the information being processed by the device
('side-channel'), intentionally controlling the status LEDs to carry any type
of data ('covert-channel') has never studied before. A malicious code is
executed on the LAN switch or router, allowing full control of the status LEDs.
Sensitive data can be encoded and modulated over the blinking of the LEDs. The
generated signals can then be recorded by various types of remote cameras and
optical sensors. We provide the technical background on the internal
architecture of switches and routers (at both the hardware and software level)
which enables this type of attack. We also present amplitude and frequency
based modulation and encoding schemas, along with a simple transmission
protocol. We implement a prototype of an exfiltration malware and discuss its
design and implementation. We evaluate this method with a few routers and
different types of LEDs. In addition, we tested various receivers including
remote cameras, security cameras, smartphone cameras, and optical sensors, and
also discuss different detection and prevention countermeasures. Our experiment
shows that sensitive data can be covertly leaked via the status LEDs of
switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per
LED
A Covert Channel Using Named Resources
A network covert channel is created that uses resource names such as
addresses to convey information, and that approximates typical user behavior in
order to blend in with its environment. The channel correlates available
resource names with a user defined code-space, and transmits its covert message
by selectively accessing resources associated with the message codes. In this
paper we focus on an implementation of the channel using the Hypertext Transfer
Protocol (HTTP) with Uniform Resource Locators (URLs) as the message names,
though the system can be used in conjunction with a variety of protocols. The
covert channel does not modify expected protocol structure as might be detected
by simple inspection, and our HTTP implementation emulates transaction level
web user behavior in order to avoid detection by statistical or behavioral
analysis.Comment: 9 page
BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations
It has been assumed that the physical separation (air-gap) of computers
provides a reliable level of security, such that should two adjacent computers
become compromised, the covert exchange of data between them would be
impossible. In this paper, we demonstrate BitWhisper, a method of bridging the
air-gap between adjacent compromised computers by using their heat emissions
and built-in thermal sensors to create a covert communication channel. Our
method is unique in two respects: it supports bidirectional communication, and
it requires no additional dedicated peripheral hardware. We provide
experimental results based on implementation of BitWhisper prototype, and
examine the channel properties and limitations. Our experiments included
different layouts, with computers positioned at varying distances from one
another, and several sensor types and CPU configurations (e.g., Virtual
Machines). We also discuss signal modulation and communication protocols,
showing how BitWhisper can be used for the exchange of data between two
computers in a close proximity (at distance of 0-40cm) at an effective rate of
1-8 bits per hour, a rate which makes it possible to infiltrate brief commands
and exfiltrate small amount of data (e.g., passwords) over the covert channel
Covert Wireless Communication with a Poisson Field of Interferers
In this paper, we study covert communication in wireless networks consisting
of a transmitter, Alice, an intended receiver, Bob, a warden, Willie, and a
Poisson field of interferers. Bob and Willie are subject to uncertain shot
noise due to the ambient signals from interferers in the network. With the aid
of stochastic geometry, we analyze the throughput of the covert communication
between Alice and Bob subject to given requirements on the covertness against
Willie and the reliability of decoding at Bob. We consider non-fading and
fading channels. We analytically obtain interesting findings on the impacts of
the density and the transmit power of the concurrent interferers on the covert
throughput. That is, the density and the transmit power of the interferers have
no impact on the covert throughput as long as the network stays in the
interference-limited regime, for both the non-fading and the fading cases. When
the interference is sufficiently small and comparable with the receiver noise,
the covert throughput increases as the density or the transmit power of the
concurrent interferers increases
A Taxonomy for Attack Patterns on Information Flows in Component-Based Operating Systems
We present a taxonomy and an algebra for attack patterns on component-based
operating systems. In a multilevel security scenario, where isolation of
partitions containing data at different security classifications is the primary
security goal and security breaches are mainly defined as undesired disclosure
or modification of classified data, strict control of information flows is the
ultimate goal. In order to prevent undesired information flows, we provide a
classification of information flow types in a component-based operating system
and, by this, possible patterns to attack the system. The systematic
consideration of informations flows reveals a specific type of operating system
covert channel, the covert physical channel, which connects two former isolated
partitions by emitting physical signals into the computer's environment and
receiving them at another interface.Comment: 9 page
- …