Abstract
Covert Channels constitute an important security threat because they are used to ex-filtrate sensitive information, to disseminate malicious code, and, more alarmingly, to transfer instructions to a criminal (or terrorist). This work presents zero day vulnerabilities and weak-nesses, that we discovered, in the Short Message Service (SMS) protocol, that allow the embedding of high capacity covert channels. We show that an intruder, by exploiting these SMS vulnerabilities, can bypass the existing security infrastructure (including firewalls, intrusion detection systems, content filters) of a sensitive organization and the primitive content filtering software at an SMS Center (SMSC). We found that the SMS itself, along with its value added services (like picture SMS, ring tone SMS), appears to be much more susceptible to security vulnerabilities than other services in IP-based networks. To demonstrate the effectiveness of covert channels in SMS, we have used our tool GeheimSMS that practically embeds data bytes (not only secret, but also hidden) by composing the SMS in Protocol Description Unit (PDU) mode and transmitting it from a mobile device using a serial or Bluetooth link. The contents of the overt (benign) message are not corrupted; hence the secret communication remains unsuspicious during the transmission and reception of SMS. Our experiments on active cellular networks show that 1 KB of a secret message can be transmitted in less than 3 minutes by sending 26 SMS without raising an alarm over suspicious activity.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
National Computer Security Center, US DoD: Trusted computer system evaluation criteria. Technical Report, DOD 5200.28-STD (December 1985)
Ahsan, K., Kundur, D.: Practical data hiding in TCP/IP. In: Proc. of the 9th Workshop on Multimedia & Security, pp. 25–34. ACM, Texas (2002)
Rowland, C.: Covert channels in the TCP/IP protocol suite. First Monday 2(5-5) (1997)
Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert messaging through TCP. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 194–208. Springer, Heidelberg (2003)
Murdoch, S., Lewis, S.: Embedding covert channels into TCP/IP. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 247–261. Springer, Heidelberg (2005)
Fisk, G., et al.: Eliminating steganography in internet traffic with active wardens. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 18–35. Springer, Heidelberg (2003)
Bauer, M.: New covert channels in http: adding unwitting web browsers to anonymity sets. In: Proc. of the 2003 ACM Workshop on Privacy in the Electronic Society, pp. 72–78. ACM, NY (2003)
Mazurczyk, W., Kotulski, Z.: New VoIP traffic security scheme with digital watermarking. Computer Safety, Reliability, and Security, 170–181 (2006)
Lucena, N., Pease, J., Yadollahpour, P., Chapin, S.: Syntax and semantics-preserving application-layer protocol steganography. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 164–179. Springer, Heidelberg (2005)
Zou, X., Li, Q., Sun, S., Niu, X.: The Research on Information Hiding Based on Command Sequence of FTP Protocol. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds.) KES 2005. LNCS (LNAI), vol. 3683, pp. 1079–1085. Springer, Heidelberg (2005)
Lampson, B.: A note on the confinement problem. Communications of the ACM 16(10), 613–615 (1973)
Portio-Research: Mobile Messaging Future (2010-2014), http://www.portioresearch.com/
GSM-ETSI: 03.40. Technical realization of the Short Message Service (SMS) (1998), http://www.3gpp.org/ftp/Specs/html-info/0340.htm
Simmons, G.J.: The prisoners problem and the subliminal channel. In: Proc. of Advances in Cryptology (CRYPTO), pp. 51–67 (1984)
Le Bodic, G.: Mobile Messaging technologies and services: SMS, EMS and MMS. John Wiley Sons Inc., Chichester (2005)
The Trusted System Evaluation Criteria. Fred Cohen Associates, http://all.net/books/orange/chap8.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rafique, M.Z., Khan, M.K., Alghatbar, K., Farooq, M. (2011). Embedding High Capacity Covert Channels in Short Message Service (SMS). In: Park, J.J., Lopez, J., Yeo, SS., Shon, T., Taniar, D. (eds) Secure and Trust Computing, Data Management and Applications. STA 2011. Communications in Computer and Information Science, vol 186. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22339-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-22339-6_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22338-9
Online ISBN: 978-3-642-22339-6
eBook Packages: Computer ScienceComputer Science (R0)