- can determine how exactly data can be covertly exchanged between sender and receiver, and
- which types stealthy data transmissions will be blocked/modified by an active warden (e.g. a firewall or a traffic normalizer).
Although the NEL phase was originally discussed in academia about ten years ago, no implementation was made available by other researchers. With NEL, we provide the first public implementation of a NEL phase on the basis of scapy and libpcap. NEL is written in C and runs best under Linux.
Countermeasures/Warden: We present and analyzed the first warden that is able to explicitly counter NEL-capable covert channels in (Mazurczyk et al., 2019). Our warden is what we call a dynamic warden, i.e. an active warden that can adjust its own behavior to the covert channel. Moreover do we introduce a novel taxonomy on wardens in the mentioned paper.
References and own publications:
- W. Mazurczyk, S. Wendzel, S. Zander et al. (2016): Information Hiding in Communication Networks, Wiley-IEEE press, 2016.
- S. Wendzel (2012): The Problem of Traffic Normalization Within a Covert Channel's Network Environment Learning Phase, Proc. Sicherheit 2012, LNI vol. 195, pp. 149-161, 2012.
- Wojciech Mazurczyk, Steffen Wendzel, Mehdi Chourib, Jörg Keller (2019): Countering Adaptive Network Covert Communication with Dynamic Wardens, Future Generation Computer Systems (FGCS), Vol. 94, pp. 712-725, Elsevier, 2019.
- F. V. Yarochkin, S. Y. Dai et al. (2008): Towards Adaptive Covert Communication System, Proc. 2008 14th IEEE Pacific Rim International Symposium on Dependable Computing, pp. 153-159, IEEE, 2008.