Crafting Web Counters into Covert Channels

International Federation for Information Processing Digital Library; New Approaches for Security, Privacy and Trust in Complex Environments; 01/2007; DOI: 10.1007/978-0-387-72367-9_29
Source: OAI

ABSTRACT Almost all the previously proposed network storage channels write covert messages in the packets protocol fields. In contrast, we present in this paper a new network storage channel WebShare that uses the plentiful, public Web counters for storage. Therefore, the physical locations of the WebShare encoder and decoder are not restricted to a single path. To make WebShare practical, we have addressed a number of thorny issues, such as the noise introduced by other legitimate Web requests, and synchronization between encoder and decoder. For the proof-of-concept purpose, we have experimented a WebShare prototype in the Internet, and have showed that it is practically feasible even when the Web counter and the encoder/decoder are separated by more than 20 router hops. Full Text at Springer, may require registration or fee

1 Bookmark
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Various effective network covert channels have recently demonstrated the feasibility of encoding messages into the timing or content of individual network objects, such as data packets and request messages. However, we show in this paper that more robust and stealthy network covert channels can be devised by exploiting the relationship of the network objects. In particular, we propose a combinatorial approach for devising a wide spectrum of covert channels which can meet different objectives based on the channel capacity and channel undetectability. To illustrate the approach, we design WebLeaks and ACKLeaks, two novel covert channels which can leak information through the data and acknowledgment traffic in a web session. We implement both channels and deploy them on the PlanetLab nodes for evaluation. Besides the channel capacity, we apply the state-of-the-art detection schemes to evaluate their camouflage capability. The experiment results show that their capacity can be boosted up by our combinatorial approach, and at the same time they can effectively evade the detection.
    Proceedings of the 2011 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2011, Hong Kong, China, June 27-30 2011; 01/2011
  • Source
    Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, 6th February - 9th February 2011; 01/2011

Full-text (3 Sources)

Available from
May 20, 2014