PT15. Artificial Reconnections

Initial publication A. Mileva, A. Velinov, L. Hartmann et al. in [1].
Illustration The Artificial Reconnections Pattern employs artificial (forced) reconnections
to transfer secret messages. The covert sender influences connection states of
third-party nodes in a way that their connections to either a central element
(e.g., an MQTT broker or a server) or a peer (in a peer-to-peer network)
are terminated and then established again (i.e., a reconnect is performed).
The covert receiver must be capable of monitoring these reconnects, e.g.,
either by compromising the central/peer element or in a passive network
observer situation, like a MitM location.
Encoding works by assigning secret values to third-party, so that a reconnect
of a particular node represents the transfer of the secret symbol assigned to
that node. Another scenario for this pattern can also be a chatroom or a
gaming server with a large number of clients that reconnect automatically
after being disconnected (source: [1]).
Context Network Covert Timing Channels -> Protocol-aware
Evidence see [1] and [2]


[1] Aleksandra Mileva, Aleksandar Velinov, Laura Hartmann, Steffen Wendzel, Wojciech Mazurczyk: Comprehensive Analysis of MQTT 5.0 Susceptibility to Network Covert Channels, Computers & Security, Elsevier, 2021.

[2] Sebastian Zillien, Steffen Wendzel: Reconnection-based Covert Channels in Wireless Networks. In: Proc. 36th IFIP TC-11 International Information Security and Privacy Conference (IFIP SEC 2021). Springer, 2021.

Keine Kommentare:

Kommentar veröffentlichen