a covert channel a covert channel
play

A covert channel A covert channel hiding data in in packet headers - PDF document

May 25, 2023 •184 likes •251 views

A covert channel A covert channel hiding data in in packet headers packet headers hiding data Craig Rowland s covert_tcp proof s covert_tcp proof- -of of- -concept program concept program Craig Rowland David Morgan Covert

  1. A covert channel A covert channel hiding data in in packet headers packet headers hiding data Craig Rowland’ ’s covert_tcp proof s covert_tcp proof- -of of- -concept program concept program Craig Rowland David Morgan Covert channels in general Covert channels in general � mechanisms that can serve as a communication channels though not designed for that � have 2 sides “high” and “low” that share access to a resource � high side modulates/writes, low side observes/reads 1

  2. Proof- -of of- -concept covert channel demo concept covert channel demo Proof � Named “covert_tcp” by Craig Rowland � client/sender and server/receiver roles � client places data in either – IP header’s “identification” field, or – TCP header’s “sequence number” field � server knows, fetches the data out http://www.firstmonday.org/Issues/issue2_5/rowland/ http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/528/449 IP packet header IP packet header 32 bits fields available for embedding steganographic data 2

  3. TCP packet (segment) header TCP packet (segment) header 32 bits fields available for embedding steganographic data Put ‘ ‘em em where they don where they don’ ’t belong t belong Put because you can because you can * * * fields available for embedding steganographic passengers 3

  4. The protocols don’ The protocols don ’t restrict t restrict � IP “identification” field’s value – “An internet header field carrying the identifying value assigned by the sender to aid in assembling the fragments of a datagram.” RFC 791, “Internet Protocol” � TCP “sequence number” field’s value – “When new connections are created, an initial sequence number (ISN) generator is employed which selects a new 32 bit ISN. The generator is bound to a ... clock ... [but] not tied to a global clock in the network, and TCPs may have different mechanisms for picking the ISN's.” RFC 793, Transmission Control Protocol Fields alternatively utilized Fields alternatively utilized OR 4

  5. Simultaneous screenshots Simultaneous screenshots client/sender (on 192.168.1.20) [root@V1 root]# ./covert_tcp -dest 192.168.1.132 -source 192.168.1.20 -source_port 1234 -dest_port 80 -file covert_data_to_send Covert TCP 1.0 (c)1996 Craig H. Rowland (crowland@psionic.com) file content: ABC Not for commercial use without permission. Destination Host: 192.168.1.132 Source Host : 192.168.1.20 Originating Port: 1234 Destination Port: 80 Encoded Filename: covert_data_to_send Encoding Type : IP ID server/receiver (on 192.168.1.132) Client Mode: Sending data. [root@clay ~]# ./covert_tcp -server -dest 192.168.1.132 -source 192.168.1.20 -file captured_data.txt Covert TCP 1.0 (c)1996 Craig H. Rowland Sending Data: A (crowland@psionic.com) Sending Data: B Not for commercial use without permission. Sending Data: C Listening for data from IP: 192.168.1.20 [root@V1 root] Listening for data bound for local port: Any Port Decoded Filename: captured_data.txt Decoding Type Is: IP packet ID Server Mode: Listening for data. Receiving Data: A Receiving Data: B Receiving Data: C Packet dump seen at server Packet dump seen at server -- using IP identification field -- using IP identification field Letter Ascii code A 65 65 x 256 = 16640 B 66 66 x 256 = 16896 C 67 67 x 256 = 17152 D 68 etc etc 5

  6. Simultaneous screenshots Simultaneous screenshots client/sender (on 192.168.1.20) [root@V1 root]# ./covert_tcp -seq -dest 192.168.1.132 -source 192.168.1.20 -source_port 1234 -dest_port 80 -file covert_data_to_send Covert TCP 1.0 (c)1996 Craig H. Rowland (crowland@psionic.com) Not for commercial use without permission. Destination Host: 192.168.1.132 Source Host : 192.168.1.20 Originating Port: 1234 Destination Port: 80 Encoded Filename: covert_data_to_send Encoding Type : IP Sequence Number server/receiver (on 192.168.1.132) Client Mode: Sending data. [root@clay ~]# ./covert_tcp -seq -server -dest 192.168.1.132 -source 192.168.1.20 -file captured_data.txt Sending Data: A Covert TCP 1.0 (c)1996 Craig H. Rowland Sending Data: B (crowland@psionic.com) Sending Data: C Not for commercial use without permission. [root@V1 root] Listening for data from IP: 192.168.1.20 Listening for data bound for local port: Any Port Decoded Filename: captured_data.txt Decoding Type Is: IP Sequence Number Server Mode: Listening for data. Receiving Data: A Receiving Data: B Receiving Data: C Packet dump seen at server Packet dump seen at server -- using TCP sequence number field using TCP sequence number field -- 6

Recommend

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Abusing the Windows WiFi native API to create a covert channel Andrs Blanco Ezequiel Gutesman

Abusing the Windows WiFi native API to create a covert channel Andrs Blanco Ezequiel Gutesman

Abusing the Windows WiFi native API to create a covert channel Andrs Blanco Ezequiel Gutesman 1 Outline Covert Channels Attack Vectors and Scenarios IEEE 802.11 Fundamentals Covert Channel Design Implementation

766 views • 38 slides
Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy US DoD 1985 Basically a

1.04k views • 67 slides
VMS SAN Technology Spring 2002 John Covert 3C01 Fibre Channel Fibre Channel Fibre Channel

VMS SAN Technology Spring 2002 John Covert 3C01 Fibre Channel Fibre Channel Fibre Channel

VMS SAN Technology Spring 2002 John Covert 3C01 Fibre Channel Fibre Channel Fibre Channel ANSI standard network and storage interconnect OpenVMS, and most others, use it for SCSI storage TCI/IP and VIA also possible 1.06

460 views • 19 slides
I DPID It My Way! A Covert Timing Channel in Software-Defined Networks Robert Kro sche,

I DPID It My Way! A Covert Timing Channel in Software-Defined Networks Robert Kro sche,

I DPID It My Way! A Covert Timing Channel in Software-Defined Networks Robert Kro sche, Kashyap Thimmaraju , Liron Schiff and Stefan Schmid IFIP Networking 2018 14-16 May, 2018, Zurich, Switzerland 1 Outline 1. Motivation 2. Covert

999 views • 95 slides
Covert channel detection using flow-data Guido Pineda Reyes MSc. Systems and Networking

Covert channel detection using flow-data Guido Pineda Reyes MSc. Systems and Networking

Covert channel detection using flow-data Guido Pineda Reyes MSc. Systems and Networking Engineering University of Amsterdam July 3, 2014 Guido Pineda Reyes (UvA) Covert channel detection using flow-data July 3, 2014 1 / 46 Outline

594 views • 46 slides
Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

1.03k views • 66 slides
Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

562 views • 38 slides
Bankrupt Covert Channel: Turning Network Predictability into Vulnerability Dmitrii Ustiugov ,

Bankrupt Covert Channel: Turning Network Predictability into Vulnerability Dmitrii Ustiugov ,

Bankrupt Covert Channel: Turning Network Predictability into Vulnerability Dmitrii Ustiugov , Plamen Petrov, Siavash Katebzadeh, Boris Grot University of Edinburgh This work is supported by ARM Center of Excellence at University of Edinburgh

564 views • 30 slides
Covert Channel Detection Using Process Query Systems Annarita Giani Vincent Berk George Cybenko

Covert Channel Detection Using Process Query Systems Annarita Giani Vincent Berk George Cybenko

Covert Channel Detection Using Process Query Systems Annarita Giani Vincent Berk George Cybenko Institute for Security Technology Studies Thayer School of Engineering Dartmouth College Hanover, NH FLoCon 2005 1 MOTIVATION CNN.COM

234 views • 19 slides
May 26: Covert Channels Covert channels Composition of policies Problem

May 26: Covert Channels Covert channels Composition of policies Problem

May 26: Covert Channels Covert channels Composition of policies Problem Deterministic Noninterference Nondeducibility Generalized Noninterference Restrictiveness May 26, 2017 ECS 235B Spring Quarter 2017 Slide #1

370 views • 33 slides
Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks

Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks

Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks Aron Laszka 1 , 2 Benjamin Johnson 3 Jens Grossklags 1 1 Pennsylvania State University 2 Budapest University of Technology and Economics 3 University

867 views • 43 slides
SECURE SYSTEMS ENGINEERING ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPING The covert

SECURE SYSTEMS ENGINEERING ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPING The covert

SECURE SYSTEMS ENGINEERING ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPING The covert channel traces are online You get always 5 traces from the unmodified app 5 traces from Other student submissions My own implementation

971 views • 63 slides
CHANNEL ALLOCATION Channel Language Translation Channel Translation Language Channel 1 German

CHANNEL ALLOCATION Channel Language Translation Channel Translation Language Channel 1 German

CHANNEL ALLOCATION Channel Language Translation Channel Translation Language Channel 1 German Kanal 1 Deutsch Channel 2 English Channel 2 English Channel 3 Italian Canale 3 Italiano Channel 4 Spanish Canal 4 Espaol Channel 5

708 views • 34 slides
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/ { sjm217 , srl32 } Computer

915 views • 36 slides
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/ { sjm217 , srl32 } Computer

1.12k views • 37 slides
Channel design Channel coverage Intensive Selective Exclusive Channel

Channel design Channel coverage Intensive Selective Exclusive Channel

PLANNING A B2B MARKETING CHANNEL STRATEGY Channel design Channel coverage Intensive Selective Exclusive Channel management decisions Selecting suitable channel partners Managing and motivating channel partners

560 views • 29 slides
Treating Interference as Noise is Optimal for Covert Communication over Interference Channels

Treating Interference as Noise is Optimal for Covert Communication over Interference Channels

Treating Interference as Noise is Optimal for Covert Communication over Interference Channels Kang-Hee Cho and Si-Hyeon Lee School of Electrical Engineering KAIST 2020 ISIT 1 / 14 Covert Communication ^ Y n W Decoder X n W P n Encoder

386 views • 15 slides
PHY Covert Channels: Can you see the Idles? Ki

PHY Covert Channels: Can you see the Idles? Ki

PHY Covert Channels: Can you see the Idles? Ki Suh Lee Chupja Cornell University Joint work with Han Wang, and Hakim Weatherspoon 1

627 views • 38 slides
Channel Assignment and Channel Hopping in IEEE 802.11 Operating Channels for 802.11b Europe

Channel Assignment and Channel Hopping in IEEE 802.11 Operating Channels for 802.11b Europe

Channel Assignment and Channel Hopping in IEEE 802.11 Operating Channels for 802.11b Europe (ETSI) channel 1 channel 7 channel 13 2400 2412 2442 2472 2483.5 [MHz] 22 MHz US (FCC)/Canada (IC) channel 1 channel 6 channel 11 2400

572 views • 44 slides
1 Simultaneous interpretation EN channel 1 FR channel 2 ES channel 3 DE channel 4 2 The Future

1 Simultaneous interpretation EN channel 1 FR channel 2 ES channel 3 DE channel 4 2 The Future

EUROPEAN AFFAIRS COMMITTEE The Future of Health in the European Union Brussels, November 15th, 2018 #AIM20yearsBxl #FutureHealthEU 1 Simultaneous interpretation EN channel 1 FR channel 2 ES channel 3 DE channel 4 2 The Future of Health in

299 views • 9 slides
PSUDP: A PASSIVE APPROACH TO NETWORK-WIDE COVERT COMMUNICATION KENTON BORN

PSUDP: A PASSIVE APPROACH TO NETWORK-WIDE COVERT COMMUNICATION KENTON BORN

PSUDP: A PASSIVE APPROACH TO NETWORK-WIDE COVERT COMMUNICATION KENTON BORN KENTON.BORN@GMAIL.COM Black Hat USA 2010 GREATEST CAPTCHA EVER Las Vegas, casino floor Wi-Fi (4/6/10) ROADMAP DNS Refresher Covert Channels DNS Tunnels My

435 views • 42 slides
Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems

Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems

Side Channels Covert Channels References Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems (ICS), Mid Sweden University, Sundsvall. 1st May 2017 Daniel Bosk MIUN ICS Side Channels and Covert

689 views • 32 slides
COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to

COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to

COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to be problematic for Delft Lab on May 31st seems to be problematic for Twente Systems Security Covert Channels 2 14.05.2018 Prepare to vote 1

1.05k views • 50 slides

More recommend