The following list represents the latest pattern collection that was published in [1], and improved by [2] and [3]. Additional minor updates were provided by [4-6]. Each pattern comprises a number (pattern ID), the authors and publication reference where the pattern was first published*, a brief illustration of the pattern's use, a context (where can the pattern be found in the hierarchy of patterns) and a link to publications which provide evidence for the existence of the pattern.
* Please note that the author of a pattern is not necessarily the inventor of a particular hiding technique. Instead he/she is the one who recognized the pattern within different hiding techniques. The authors of the particular hiding techniques are listed in the `Evidence' attribute of each pattern.
![Latest Version of the Hiding Patterns Hierarchy (based on [1]; updated by [2], [3], [4], [5] and [6]), version: Mar-25-2022.](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLN0YClzkctzz-w6kJVLn-SU7TWVNnqOKgTClhEPP_OYxX3we1W11CWPy2XIy024YXOL9ry2JexmESPV7rkhobhPG8JR4QuOW0T7gBCCZMe-dTStaBp7LQm6zKJeKXyuXIY9bUZd5drFH2CdyOVnaKOetQby0BuVz3iYlckKh3hck4CSFhBdK0Fv-Kgg/s1024/Patterns_Taxonomy_2021_04_14_CoAP_Paper.jpg "Latest Version of the Hiding Patterns Hierarchy (based on [1]; updated by [2], [3], [4], [5] and [6]), version: Mar-25-2022.")
version: Mar-25-2022.
Protocol-agnostic Covert Timing Channel Patterns:
PT1. Inter-packet Times
PT2. Message Timing
PT3. Rate/Throughput
Protocol-aware Covert Timing Channel Patterns:
PT10. Artificial Loss
PT11. Message Ordering (PDU Order)
PT12. Retransmission
PT13. Frame Collisions
PT14. Temperature
PT15. Artificial Reconnections (NEW)
PT16. Artificial Resets (NEW)
Structure Modifying Covert Storage Channel Patterns:
PS1. Size Modulation
PS2. Sequence, incl. sub-patterns
PS3. Add Redundancy
Structure Preserving Covert Storage Channel Patterns:
PS10. Random Value
PS11. Value Modulation, incl. sub-patterns (UPDATED)
PS12. Reserved/Unused
User-data Agnostic Covert Storage Channel Patterns:
PS20. Payload Field Size Modulation (derived from PS1)
PS21. User-data Corruption
User-data Aware Covert Storage Channel Patterns:
PS30. Modify Redundancy
PS31. User-data Value Modulation and Reserved/Unused
Video Introduction to Patterns: https://www.youtube.com/watch?v=0ztPHur0LUY
Implementation: Most of these patterns, excluding the payload-specific patterns, can be created with the CCEAP tool.
References:
[1] S. Wendzel, S. Zander, B. Fechner, C. Herdin: Pattern-based Survey and Categorization of Network Covert Channel Techniques, ACM Computing Surveys, Vol. 47, Issue 3, pp. 50:1-26, ACM, 2015.
An early version of the article is available here: download.
[2] W. Mazurczyk, S. Wendzel, S. Zander, A. Houmansadr, K. Szczypiorski: Information Hiding in Communication Networks, Wiley, 2016. Chapters 3 and 8 contain discussions on hiding patterns, basically on
the basis of [1] but with an extension of timing-based
patterns.
[3] W. Mazurczyk, S. Wendzel, K. Cabaj: Towards Deriving Insights into Data Hiding Methods Using Pattern-based Approach, in Proc. Second International Workshop on Criminal Use of Information Hiding (CUING 2018) at ARES, pp. 10:1-10:10, ACM, 2018.
[4] A. Velinov, A. Mileva, S. Wendzel, W. Mazurczyk: Covert Channels in MQTT-based Internet of Things, IEEE ACCESS, Vol. 7, pp. 161899-161915, 2019.
[5] A. Mileva, A. Velinov, L. Hartmann, S. Wendzel, W. Mazurczyk: Comprehensive Analysis of MQTT 5.0 Susceptibility to Network Covert Channels, Computers & Security, Elsevier, 2021.
[6] L. Hartmann, S. Zillien, S. Wendzel: Reset- and Reconnection-based Covert Channels in CoAP. In: Proc. European Interdisciplinary Cybersecurity Conference (EICC), 2021.
Keine Kommentare:
Kommentar veröffentlichen