Página 1 dos resultados de 81 itens digitais encontrados em 0.003 segundos

A New Sensors-Based Covert Channel on Android

Al-Haiqi, Ahmed; Ismail, Mahamod; Nordin, Rosdiadee
Fonte: Hindawi Publishing Corporation Publicador: Hindawi Publishing Corporation
Tipo: Artigo de Revista Científica
EN
Relevância na Pesquisa
46.71%
Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5–5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.

A Security Domain Model to Assess Software for Exploitable Covert Channels

Auguston, Mikhail; Levin, Timothy; Shaffer, Alan; Irvine, Cynthia E.
Fonte: Association for Computing Machinery (ACM) Publicador: Association for Computing Machinery (ACM)
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
56.45%
Within a multilevel secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control (MAC) policy enforcement mechanisms. These subjects are trusted not to conduct malicious activity or degrade system security. We present a formal definition for trusted subject behaviors, which depends upon a representation of information flow and control dependencies generated during a program execution. We describe a security Domain Model (DM) designed in the Alloy specification language for conducting static analysis of programs to identify illicit information flows, access control flaws and covert channel vulnerabilities. The DM is compiled from a representation of a target program, written in an intermediate Implementation Modeling Language (IML), and a specification of the security policy written in Alloy. The Alloy Analyzer tool is used to perform static analysis of the DM to detect potential security policy violations in the target program. In particular, since the operating system upon which the trusted subject runs has limited ability to control its actions, static analysis of trusted subject operations can contribute to the security of the system.

A New Covert Channel over Cellular Voice Channel in Smartphones

Aloraini, Bushra; Johnson, Daryl; Stackpole, Bill; Mishra, Sumita
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
46.84%
Investigating network covert channels in smartphones has become increasingly important as smartphones have recently replaced the role of traditional computers. Smartphones are subject to traditional computer network covert channel techniques. Smartphones also introduce new sets of covert channel techniques as they add more capabilities and multiple network connections. This work presents a new network covert channel in smartphones. The research studies the ability to leak information from the smartphones applications by reaching the cellular voice stream, and it examines the ability to employ the cellular voice channel to be a potential medium of information leakage through carrying modulated speech-like data covertly. To validate the theory, an Android software audio modem has been developed and it was able to leak data successfully through the cellular voice channel stream by carrying modulated data with a throughput of 13 bps with 0.018% BER. Moreover, Android security policies are investigated and broken in order to implement a user-mode rootkit that opens the voice channels by stealthily answering an incoming voice call. Multiple scenarios are conducted to verify the effectiveness of the proposed covert channel. This study identifies a new potential smartphone covert channel...

A Covert Channel Based on Web Read-time Modulation

Davis, Joshua
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
46.71%
A network covert channel is created that operates by modulating the time between web resource accesses, with an 'average web user' read-time used as a reference. While the covert channel may be classified as timing based, it does not operate by changing deterministic protocol attributes such as inter-packet delay, as do most timing based network covert channels. Instead, our channel communicates by modulating transaction level read-time, which in the web browsing case has significant non-deterministic components. The channel is thus immune to methods typically used to detect timing based network covert channels.

Design of Transport Layer Based Hybrid Covert Channel Detection Engine

K, Anjan; Abraham, Jibi; Jadhav V, Mamatha
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 30/12/2010
Relevância na Pesquisa
46.94%
Computer network is unpredictable due to information warfare and is prone to various attacks. Such attacks on network compromise the most important attribute, the privacy. Most of such attacks are devised using special communication channel called "Covert Channel". The word "Covert" stands for hidden or non-transparent. Network Covert Channel is a concealed communication path within legitimate network communication that clearly violates security policies laid down. The non-transparency in covert channel is also referred to as trapdoor. A trapdoor is unintended design within legitimate communication whose motto is to leak information. Subliminal channel, a variant of covert channel works similarly except that the trapdoor is set in a cryptographic algorithm. A composition of covert channel with subliminal channel is the "Hybrid Covert Channel". Hybrid covert channel is homogenous or heterogeneous mixture of two or more variants of covert channels either active at same instance or at different instances of time. Detecting such malicious channel activity plays a vital role in removing threat to the legitimate network. In this paper, we present a study of multi-trapdoor covert channels and introduce design of a new detection engine for hybrid covert channel in transport layer visualized in TCP and SSL.; Comment: 8 pages...

A Case Study on Covert Channel Establishment via Software Caches in High-Assurance Computing Systems

Schmidt, Wolfgang; Hanspach, Michael; Keller, Jörg
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 21/08/2015
Relevância na Pesquisa
46.75%
Covert channels can be utilized to secretly deliver information from high privileged processes to low privileged processes in the context of a high-assurance computing system. In this case study, we investigate the possibility of covert channel establishment via software caches in the context of a framework for component-based operating systems. While component-based operating systems offer security through the encapsulation of system service processes, complete isolation of these processes is not reasonably feasible. This limitation is practically demonstrated with our concept of a specific covert timing channel based on file system caching. The stability of the covert channel is evaluated and a methodology to disrupt the covert channel transmission is presented. While these kinds of attacks are not limited to high-assurance computing systems, our study practically demonstrates that even security-focused computing systems with a minimal trusted computing base are vulnerable for such kinds of attacks and careful design decisions are necessary for secure operating system architectures.; Comment: 12 pages, based upon the master's thesis of Schmidt

A Pattern-based Survey and Categorization of Network Covert Channel Techniques

Wendzel, Steffen; Zander, Sebastian; Fechner, Bernhard; Herdin, Christian
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
46.75%
Network covert channels are used to hide communication inside network protocols. Within the last decades, various techniques for covert channels arose. We surveyed and analyzed 109 techniques developed between 1987 and 2013 and show that these techniques can be reduced to only 11 different patterns. Moreover, the majority (69.7%) of techniques can be categorized in only four different patterns, i.e. most of the techniques we surveyed are very similar. We represent the patterns in a hierarchical catalog using a pattern language. Our pattern catalog will serve as a base for future covert channel novelty evaluation. Furthermore, we apply the concept of pattern variations to network covert channels. With pattern variations, the context of a pattern can change. For example, a channel developed for IPv4 can automatically be adapted to other network protocols. We also propose the pattern-based covert channel optimizations pattern hopping and pattern combination. Finally, we lay the foundation for pattern-based countermeasures: While many current countermeasures were developed for specific channels, a pattern-oriented approach allows to apply one countermeasure to multiple channels. Hence, future countermeasure development can focus on patterns...

A Covert Channel Using Named Resources

Davis, Joshua; Frost, Victor S.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 20/08/2014
Relevância na Pesquisa
46.66%
A network covert channel is created that uses resource names such as addresses to convey information, and that approximates typical user behavior in order to blend in with its environment. The channel correlates available resource names with a user defined code-space, and transmits its covert message by selectively accessing resources associated with the message codes. In this paper we focus on an implementation of the channel using the Hypertext Transfer Protocol (HTTP) with Uniform Resource Locators (URLs) as the message names, though the system can be used in conjunction with a variety of protocols. The covert channel does not modify expected protocol structure as might be detected by simple inspection, and our HTTP implementation emulates transaction level web user behavior in order to avoid detection by statistical or behavioral analysis.; Comment: 9 pages

A Covert channel in packet switching data networks

Yuan, Bo; Lutz, Peter
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Proceedings
EN_US
Relevância na Pesquisa
46.84%
This paper presents a covert communication channel that exists in virtually all forms of packet switching data networks. On the one hand, this covert channel, if used properly, can potentially enhance the overall security of data communications over networks. On the other hand, the covert channel can also potentially become a back door to access a destination computer, and hence becomes a security hazard to the computer. A simple protocol is specified for communications on the covert channel. A modified TFTP application is also presented to demonstrate how to use the covert channel to convey secret messages or to enhance the integrity of data communications. The application also illustrates a back door that leaks client’s data files without user notification. A sliding entropy method is also introduced to detect some cases of covert channels.; "A Covert channel in packet switching data networks," Proceedings of The Second Upstate New York Workshop on Communications and Networking. Held in Rochester, New York: November 2005.

ICMP covert channel resiliency

Johnson, Daryl; Lutz, Peter; Yuan, Bo; Stokes, Kristian
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Proceedings
EN_US
Relevância na Pesquisa
56.69%
The ICMP protocol has been widely used and accepted as a covert channel. While the ICMP protocol is very simple to use, modern security approaches such as firewalls, deep-packet inspection and intrusion detection systems threaten the use of ICMP for a reliable means for a covert channel. This study explores the modern usefulness of ICMP with typical security measures in place. Existing ICMP covert channel solutions are examined for compliance with standard RFCs and resiliency with modern security approaches.

A Covert channel in RTP protocol

Johnson, Daryl; Yuan, Bo; Lutz, Peter; Forbes, Christopher
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
EN_US
Relevância na Pesquisa
56.8%
A new covert channel over the RTP protocol is designed and implemented by modifying the timestamp value in the RTP header. Due to the high frequency of RTP packets, the covert channel has a high bit-rate, theoretically up to 350 bps. The broad use of RTP for multimedia applications such as VoIP, provides abundant opportunities to such a covert channel to exist. By using the RTP header, many of the challenges present for covert channels using the RTP payload are avoided. A reference implementation of this covert channel is presented. Bit-rates of up to 325 bps were observed. The channel is very difficult to detect due to expected variations in the timestamp field and the flexible nature of RTP.

Behavior-based covert channel in cyberspace

Johnson, Daryl; Yuan, Bo; Lutz, Peter
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
EN_US
Relevância na Pesquisa
56.82%
Many covert channels take advantages of weaknesses, flaws, or unused data fields in network protocols. In this paper, a behavior-based covert channel, that takes advantages of behavior of an application, is presented along with a formal definition in the framework of finite state machines. The behavior-based covert channel is application specific and lies at the application layer of the network OSI model, which makes the detection of this type of covert channel much more difficult. A detailed sample implementation demonstrates an example of this type of covert channel in the form of a simple online two-person game. The potential of this type of covert channel is also discussed.

A HTTP cookie covert channel

Johnson, Daryl; Yuan, Bo; Lutz, Peter; Huba, William
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
EN_US
Relevância na Pesquisa
56.69%
This paper presents a new covert channel based on Google Analytic web cookies in HTTP protocol. The new covert channel is difficult to disrupt and is capable of reasonably high bandwidths. The Google Analytic framework is used by over half of the most popular web sites currently on the Internet; its ubiquitousness across the web implies a great impact of this covert channel.

A New covert channel over RTP

Forbes, Christopher
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
EN_US
Relevância na Pesquisa
56.83%
In this thesis, we designed and implemented a new covert channel over the RTP protocol. The covert channel modifies the timestamp value in the RTP header to send its secret messages. The high frequency of RTP packets allows for a high bitrate covert channel, theoretically up to 350 bps. The broad use of RTP for multimedia applications, including VoIP, provides plentiful opportunities to use this channel. By using the RTP header, many of the challenges present for covert channels using the RTP payload are avoided. Using the reference implementation of this covert channel, bitrates of up to 325 bps were observed. Speed decreases on less reliable networks, though message delivery was flawless with up to 1% RTP packet loss. The channel is very difficult to detect due to expected variations in the timestamp field and the flexible nature of RTP.

A Covert Channel Over Transport Layer Source Ports

Gimbi, James; Johnson, Daryl; Lutz, Peter; Yuan, Bo
Fonte: The 2012 International Conference on Security and Management Publicador: The 2012 International Conference on Security and Management
Tipo: Tese de Doutorado
EN_US
Relevância na Pesquisa
56.68%
Abstract – Covert communication is a rapidly expanding field of research with significant impact on the security theater. These communication methods, or “covert channels”, can be applied in a number of ways, including as a mechanism for an attacker to leak data from a monitored system or network. This paper sets out to contribute to this field by introducing a new covert channel which operates over transport layer protocols. The mechanism is flexible, covert, and has the potential to operate at relatively high bandwidth. In addition, this paper proposes a number of encoding schemes which can be used in conjunction with this channel to improve its bandwidth and covertness.

A Covert Channel in TTL Field of DNS Packets

Hoffman, Christopher; Johnson, Daryl; Yuan, Bo; Lutz, Peter
Fonte: The 2012 International Conference on Security and Management Publicador: The 2012 International Conference on Security and Management
Tipo: Tese de Doutorado
EN_US
Relevância na Pesquisa
56.58%
Abstract—Covert channels are used as a means of secretly transferring information when there is a need to hide the fact that communication is taking place. With the vast amount of traffic on the internet, network protocols have become a common vehicle for covert channels, typically hiding information in the header fields of packets. Domain name service (DNS) packets contain a 32-bit time to live (TTL) fields for each response record. This is the number of seconds the entry is valid for before caching servers remove the entry. There is no prescribed value for this field making it an ideal covert carrier.

Covert Channel in the BitTorrent Tracker Protocol

Desimone, Joseph; Johnson, Daryl; Yuan, Bo; Lutz, Peter
Fonte: The 2012 International Conference on Security and Management Publicador: The 2012 International Conference on Security and Management
Tipo: Tese de Doutorado
EN_US
Relevância na Pesquisa
56.77%
Covert channels have the unique quality of masking evidence that a communication has ever occurred between two parties. For spies and terrorist cells, this quality can be the difference between life and death. However, even the detection of communications in a botnet could be troublesome for its creators. To evade detection and prevent insights into the size and members of a botnet, covert channels can be used. A botnet should rely on covert channels built on ubiquitous protocols to blend in with legitimate traffic. In this paper, we propose a covert channel built on the BitTorrent peer-to-peer protocol. In a simple application, this covert channel can be used to discretely and covertly send messages between two parties. However, this covert channel can also be used to stealthily distribute commands or the location of a command and control server for use in a botnet.

UPnp Port Manipulation as a Covert Channel

Monette, Steven; Johnson, Daryl; Lutz, Peter; Yuan, Bo
Fonte: The 2012 International Conference on Security and Management Publicador: The 2012 International Conference on Security and Management
Tipo: Conference Proceeding
EN_US
Relevância na Pesquisa
56.45%
Port knocking traditionally has been a technique used from external connections to convey information to or request services from an internal private network [1]. UPnP as a standard allows for devices and services to open ports on network devices in order to enable functionality [2]. By combining these two techniques it is possible to port knock internally, opening ports for an intended viewer on an external network device. This paper proposes a covert channel using this technique to exfiltrate data or broadcast messages from a system behind a UPnP device to any Internet connected system.

Webpage Source Based Covert Channel

Madiraju, Tarun; Johnson, Daryl; Yuan, Bo; Lutz, Peter
Fonte: The 2012 International Conference on Security and Management Publicador: The 2012 International Conference on Security and Management
Tipo: Conference Proceeding
EN_US
Relevância na Pesquisa
56.72%
Covert Channels can be used for enabling hidden communication mechanisms that can facilitate secret message transfer. This paper presents a new covert channel based on the HTML source of a webpage. The new covert channel while featuring high bandwidth also demonstrates high imperceptibility as it doesn’t involve any modifications to the source or the visibility of the webpage and is independent of timing of page requests. The availability of page source for a webpage on the Internet makes this covert channel easy to implement and effective.

A Behavior Based Covert Channel within Anti-Virus Updates

Anthony, D.; Johnson, D.; Lutz, P.; Yuan, B.
Fonte: The 2012 International Conference on Security and Management Publicador: The 2012 International Conference on Security and Management
Tipo: Conference Proceeding
EN_US
Relevância na Pesquisa
56.75%
This paper presents a new behavior based covert channel utilizing the database update mechanism of anti-virus software. It is highly covert due to unattended, frequent, automatic signature database update operations performed by the software. The design of the covert channel is described; its properties are discussed and demonstrated by a reference implementation. This paper uses these points to strengthen the inclusion of behavior-based covert channels within standard covert channel taxonomy.