| Initial publication | S. Wendzel, S. Zander, B. Fechner, C. Herdin in [1] |
| Illustration | The covert channel selects one of the n values that a header element can contain to encode a hidden message. |
| Context | Network Covert Storage Channels → Modification of Non-Payload → Structure Preserving → Modification of an Attribute |
| Evidence |
See [1] for more evidence entries. |
| Implementation | Covert Channels Evaluation Framework (CCHEF) CCEAP |
PS11.a. Case Pattern (previously known as P6a)
| Initial publication | S. Wendzel, S. Zander, B. Fechner, C. Herdin in [1] |
| Illustration | The covert channel uses case-modification of letters in header elements to encode hidden data. |
| Context | Network Covert Storage Channels → Modification of Non-Payload → Structure Preserving → Modification of an Attribute → Value Modulation |
| Evidence | A. Dyatlov and S. Castro. 2005. Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the HTTP protocol. Technical Report. Gray-World.net. R. Patuck and J. Hernandez-Castro. 2013. Steganography using the Extensible Messaging and Presence Protocol (XMPP). CoRR abs/1310.0524 (2013). [1] provides additional examples of possible case pattern-based techniques. |
| Implementation | ? |
PS11.b. Least Significant Bit (LSB) Pattern (previously known as P6b)
| Initial publication | S. Wendzel, S. Zander, B. Fechner, C. Herdin in [1] |
| Illustration | The covert channel uses the least significant bit(s) of header elements to encode hidden data. |
| Context | Network Covert Storage Channels → Modification of Non-Payload → Structure Preserving → Modification of an Attribute → Value Modulation |
| Evidence | T. G. Handel and M. T. Sandford, II. 1996. Hiding Data in the OSI Network Model. In Proc. First Interna- tional Workshop on Information Hiding. Springer, London, UK, 23–38. J. Giffin, R. Greenstadt, P. Litwack, and R. Tibbetts. 2003. Covert messaging through TCP timestamps. In Proc. 2nd International Conference on Privacy Enhancing Technologies. Springer, 194–208. R. Rios, J.A. Onieva, and J. Lopez. 2012. HIDE DHCP: Covert Communications Through Network Configu- ration Messages. In Proc. IFIP TC 11 27th International Information Security Conference. Springer. More evidence entries are provided in [1]. |
| Implementation | Covert Channels Evaluation Framework (CCHEF) |
PS11.c. Value Influencing Pattern
| Initial publication | A. Velinov, A. Mileva, S. Wendzel, W. Mazurczyk (2019) in [2] |
| Illustration | The covert channel sender (directly or indirectly) influences some (out of n possible) values in a way that a covert channel receiver can determine the value. In other words, the value is not directly written, but influence by altering another value or surrounding networking conditions. |
| Context | Network Covert Storage Channels → Modification of Non-Payload → Structure Preserving → Modification of an Attribute → Value Modulation |
| Evidence | see [2] |
| Implementation | - |
References:
[1] S. Wendzel, S. Zander, B. Fechner, C. Herdin: Pattern-based Survey and Categorization of Network Covert Channel Techniques, ACM Computing Surveys, Vol. 47, Issue 3, pp. 50:1-26, ACM, 2015.
An early version of the article is available here: download.
[2] A. Velinov, A. Mileva, S. Wendzel, W. Mazurczyk: Covert Channels in MQTT-based Internet of Things, IEEE ACCESS, Vol. 7, pp. 161899-161915, 2019.
Keine Kommentare:
Kommentar veröffentlichen