| Initial publication | A. Mileva, A. Velinov, L. Hartmann et al. in [1]. |
| Illustration | The Artificial Reconnections Pattern employs artificial (forced) reconnections to transfer secret messages. The covert sender influences connection states of third-party nodes in a way that their connections to either a central element (e.g., an MQTT broker or a server) or a peer (in a peer-to-peer network) are terminated and then established again (i.e., a reconnect is performed). The covert receiver must be capable of monitoring these reconnects, e.g., either by compromising the central/peer element or in a passive network observer situation, like a MitM location. Encoding works by assigning secret values to third-party, so that a reconnect of a particular node represents the transfer of the secret symbol assigned to that node. Another scenario for this pattern can also be a chatroom or a gaming server with a large number of clients that reconnect automatically after being disconnected (source: [1]). |
| Context | Network Covert Timing Channels -> Protocol-aware |
| Evidence | see [1] and [2] |
| Implementation |
References:
[1] Aleksandra Mileva, Aleksandar Velinov, Laura Hartmann, Steffen Wendzel, Wojciech Mazurczyk: Comprehensive Analysis of MQTT 5.0 Susceptibility to Network Covert Channels, Computers & Security, Elsevier, 2021.
[2] Sebastian Zillien, Steffen Wendzel: Reconnection-based Covert Channels in Wireless Networks. In: Proc. 36th IFIP TC-11 International Information Security and Privacy Conference (IFIP SEC 2021). Springer, 2021.
Keine Kommentare:
Kommentar veröffentlichen