Abstract
In recent years, malware is increasingly applying means of hidden communication. The emergence of network-capable stegomalware applies such methods to communication networks. In this paper, we introduce and evaluate two covert channels that utilize reconnections to transmit hidden information in WiFi networks. We implement these covert channels in the 802.11 protocol by abusing the authentication mechanism of these networks. Furthermore, we propose detection methods and countermeasures for both covert channels. Our implementation and quick-start guide are available as open source code on GitHub to aid replicability (https://github.com/NIoSaT/WiFi_Reconnection_CovertChannel).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A common attack on this process is the “deauthentication attack”, a type of denial of service attack. An attacker continuously sends spoofed deauthentication frames which force a client back into state 1. This effectively disables network access for this client as long as the attacker keeps sending these frames.
References
Carrara, B., Adams, C.: Out-of-band covert channels-a survey. ACM Comput. Surv. (CSUR) 49(2), 1–36 (2016). https://doi.org/10.1145/2938370
Carrega, A., Caviglione, L., Repetto, M., Zuppelli, M.: Programmable data gathering for detecting stegomalware. In: 2020 6th IEEE Conference on Network Softwarization (NetSoft), pp. 422–429 (2020). https://doi.org/10.1109/NetSoft48620.2020.9165537
Classen, J., Schulz, M., Hollick, M.: Practical covert channels for WiFi systems. In: 2015 IEEE Conference on Communications and Network Security (CNS), pp. 209–217, September 2015. https://doi.org/10.1109/CNS.2015.7346830
Fadlalla, Y.: Approaches to Resolving Covert Storage Channels in Multilevel Secure Systems. Ph.D. thesis, University of New Brunswick (1996)
Guri, M.: AIR-FI: Generating covert Wi-Fi signals from air-gapped computers. arXiv/CS.CR (2020)
Holloway, R., Beyah, R.: Covert DCF: A DCF-based covert timing channel in 802.11 networks. In: 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems, pp. 570–579. IEEE (2011)
Krätzer, C., Dittmann, J., Lang, A., Kühne, T.: WLAN steganography: a first practical review. In: Proceedings of the 8th Workshop on Multimedia and Security. MM&Sec 2006, New York, NY, USA, pp. 17–22. Association for Computing Machiner (2006). https://doi.org/10.1145/1161366.1161371
Mazurczyk, W., Wendzel, S.: Information hiding: challenges for forensic experts. Commun. ACM 61(1), 86–94 (2017). https://doi.org/10.1145/3158416
Mazurczyk, W., Wendzel, S., Cabaj, K.: Towards deriving insights into data hiding methods using pattern-based approach. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. ARES 2018. ACM (2018). https://doi.org/10.1145/3230833.3233261
Mileva, A., Velinov, A., Hartmann, L., Wendzel, S., Mazurczyk, W.: Comprehensive analysis of MQTT 5.0 susceptibility to network covert channels. Comput. Secur. 104 (2021). https://doi.org/10.1016/j.cose.2021.102207
Szczypiorski, K.: HICCUPS: hidden communication system for corrupted networks. In: International Multi-Conference on Advanced Computer Systems, pp. 31–40 (2003)
The aircrack project: airmon-ng monitor mode (2019). https://www.aircrack-ng.org/doku.php?id=airmon-ng&s[]=monitor
Wendzel, S., Zander, S., Fechner, B., Herdin, C.: Pattern-based survey and categorization of network covert channel techniques. ACM Comput. Surv. 47(3) (2015). https://doi.org/10.1145/2684195
Zander, S., Armitage, G., Branch, P.: Covert channels and countermeasures in computer network protocols. IEEE Commun. Mag. 45(12), 136–142 (2007). https://doi.org/10.1109/MCOM.2007.4395378
Zhao, H.: Covert channels in 802.11e wireless networks. In: 2014 Wireless Telecommunications Symposium, pp. 1–5 (2014). https://doi.org/10.1109/WTS.2014.6834991
Acknowledgements
The authors like to thank Laura Hartmann for providing her comments on this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 IFIP International Federation for Information Processing
About this paper
Cite this paper
Zillien, S., Wendzel, S. (2021). Reconnection-Based Covert Channels in Wireless Networks. In: Jøsang, A., Futcher, L., Hagen, J. (eds) ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, vol 625. Springer, Cham. https://doi.org/10.1007/978-3-030-78120-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-78120-0_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78119-4
Online ISBN: 978-3-030-78120-0
eBook Packages: Computer ScienceComputer Science (R0)
