NEL Tool

In Network Steganography research, a covert channel is a stealthy communication channel, see (Mazurczyk et al., 2016) for an introduction. Some covert channels are capable of performing a so-called Network Environment Learning phase (or: NEL phase, see (Yarochkin et al., 2008) and (Wendzel, 2012). Such NEL-capable covert channels
  • can determine how exactly data can be covertly exchanged between sender and receiver, and
  • which types stealthy data transmissions will be blocked/modified by an active warden (e.g. a firewall or a traffic normalizer).
For instance, certain network packets of the covert channel may be blocked by an active warden as they set reserved header bits to '1' (a typical filter rule of an active warden could simply clear the bit to prevent a covert channel).

Although the NEL phase was originally discussed in academia about ten years ago, no implementation was made available by other researchers. With NEL, we provide the first public implementation of a NEL phase on the basis of scapy and libpcap. NEL is written in C and runs best under Linux.

Countermeasures/Warden: We present and analyzed the first warden that is able to explicitly counter NEL-capable covert channels in (Mazurczyk et al., 2019). Our warden is what we call a dynamic warden, i.e. an active warden that can adjust its own behavior to the covert channel. Moreover do we introduce a novel taxonomy on wardens in the mentioned paper.

References and own publications:

Keine Kommentare:

Kommentar veröffentlichen