Abstract
Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in multilevel security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. We analyze a protocol extensively used today, the Dynamic Host Configuration Protocol (DHCP), in search of new forms of covert communication. From this analysis we observe several features that can be effectively exploited for subliminal data transmission. This results in the implementation of HIDE_DHCP, which integrates three covert channels that accommodate to different stealthiness and bandwidth requirements.
Chapter PDF
References
Brand, S.L.: Department of Defense Trusted Computer System Evaluation Criteria, “The Orange Book”. Tech. Rep. DoD 5200.28-STD, U.S. Department of Defense (1985), http://csrc.nist.gov/publications/history/dod85.pdf
Cabuk, S., Brodley, C.E., Shields, C.: IP Covert Timing Channels: Design and Detection. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 178–187. ACM Press, New York (2004)
Cabuk, S., Brodley, C.E., Shields, C.: IP Covert Channel Detection. ACM Trans. Inf. Syst. Secur. 12, 22:1–22:29 (2009)
Daemon9: Loki2 (the implementation) (1997), http://www.phrack.org/archives/51/P51-06
Droms, R.: RFC 2131 - Dynamic Host Configuration Protocols (1997), http://www.ietf.org/rfc/rfc2131.txt
Dyatlov, A.: Firepass - Gray-World.net Team (2003), http://gray-world.net/it/pr_firepass.shtml
Gianvecchio, S., Wang, H.: An entropy-based approach to detecting covert timing channels. IEEE Trans. Dependable Secur. Comput. 8, 785–797 (2011)
Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert Messaging through TCP Timestamps. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 194–208. Springer, Heidelberg (2003)
Girling, C.G.: Covert Channels in LAN‘s. IEEE Trans. Software Eng. 13(2), 292–296 (1987)
Gligor, V.D.: A Guide to Understanding Covert Channel Analysis of Trusted Systems, “The Light Pink Book”. Tech. Rep. NCSC-TG-030, U.S. National Computer Security Center (1993)
Handel, T.G., Sandford, M.T.: Hiding Data in the OSI Network Model. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 23–38. Springer, Heidelberg (1996)
ISC: DHCP - Internet Systems Consortium, Inc. (2011), http://www.isc.org/software/dhcp/
Kaminsky, D.: Tunneling Audio, Video, SSH and pretty much anything else over DNS (2004), http://www.doxpara.com/
Lampson, B.W.: A Note on the Confinement Problem. Commun. ACM 16(10), 613–615 (1973)
Li, S., Ephremides, A.: Covert channels in ad-hoc wireless networks. Ad Hoc Netw. 8, 135–147 (2010)
Lucena, N.B., Lewandowski, G., Chapin, S.J.: Covert Channels in IPv6. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 147–166. Springer, Heidelberg (2006)
Luo, X., Chan, E.W.W., Chang, R.K.C.: Cloak: A Ten-Fold Way for Reliable Covert Communications. In: Biskup, J., Lopez, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 283–298. Springer, Heidelberg (2007)
McHugh, J.: Covert Channels Analysis: A Chapter of the Handbook for the Computer Security Certification of Trusted Systems. Technical Memorandum 5540:062A, Naval Research Laboratory, Washington, D.C. (1996), http://www.windowsecurity.com/uplarticle/12/COVCHAN.pdf
Rowland, C.H.: Covert Channels in the TCP/IP protocol suite (1996), http://www.firstmonday.org/issues/issue2_5/rowland/
Shah, G., Molina, A., Blaze, M.: Keyboards and Covert Channels. In: USENIX-SS 2006: Proceedings of the 15th Conference on USENIX Security Symposium, pp. 59–75. USENIX Association, Berkeley (2006)
Stødle, D.: Ping Tunnel - Send TCP traffic over ICMP (2005), http://www.cs.uit.no/~daniels/PingTunnel/
Wolf, M.: Covert Channels in LAN Protocols. In: Berson, T.A., Beth, T. (eds.) LANSEC 1989. LNCS, vol. 396, pp. 91–101. Springer, Heidelberg (1989)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Rios, R., Onieva, J.A., Lopez, J. (2012). HIDE_DHCP: Covert Communications through Network Configuration Messages. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds) Information Security and Privacy Research. SEC 2012. IFIP Advances in Information and Communication Technology, vol 376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30436-1_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-30436-1_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30435-4
Online ISBN: 978-3-642-30436-1
eBook Packages: Computer ScienceComputer Science (R0)