Starten Sie Ihre Suche...


Durch die Nutzung unserer Webseite erklären Sie sich damit einverstanden, dass wir Cookies verwenden. Weitere Informationen

Hunting Shadows: Towards Packet Runtime-based Detection Of Computational Intensive Reversible Covert Channels

ARES 2021: The 16th International Conference on Availability, Reliability and Security. New York: ACM 2021 S. 1 - 15

Erscheinungsjahr: 2021

Publikationstyp: Buchbeitrag (Konferenzbeitrag)

Sprache: Englisch

Doi/URN: 10.1145/3465481.3470085

Volltext über DOI/URN

GeprüftBibliothek

Inhaltszusammenfassung


The appearance of novel ideas for network covert channels leads to an urge for developing new detection approaches. One of these new ideas are reversible network covert channels that are able to restore the original overt information without leaving any direct evidence of their appearance. Some of these reversible covert channels are based upon computational intensive operations, like for example encoding hidden information in the authentication hashes of a hash chain based one-time password....The appearance of novel ideas for network covert channels leads to an urge for developing new detection approaches. One of these new ideas are reversible network covert channels that are able to restore the original overt information without leaving any direct evidence of their appearance. Some of these reversible covert channels are based upon computational intensive operations, like for example encoding hidden information in the authentication hashes of a hash chain based one-time password. For such a covert channel implementation, the hash function has to be called repeatedly to extract the hidden message and to restore the original information. In this paper, we investigate the influence of repeated MD5 and SHA3 hash operations on the runtime of an authentication request-response. We first define two alphabets, one which leads to the fewest hash operations and one which leads to the most hash operations to be performed. Further, for each alphabet, we carry out three experiments. One without a covert channel, one with a covert channel altering all hashes, and finally, one with a covert channel altering every second hash. We further investigate the detection rates of computational intensive reversible covert channels for all scenarios by applying a threshold-based detection upon the average packet runtime without encoded covert information. Finally, we describe countermeasures and the limitations of this detection approach.» weiterlesen» einklappen

  • network steganography anomaly detection reversible steganography covert channel network security OTP hash chains

Autoren


Schmidbauer, Tobias (Autor)

Klassifikation


DFG Fachgebiet:
Informatik

DDC Sachgruppe:
Informatik

Verknüpfte Personen