Abstract
This article proposes and implements a network covert channel called InCC capable of hiding information on the Internet, which is designed to produce a undetectable communication channel between systems. This network channel is fully transparent to any network analysis and for hence to any interception and inspection on a network. InCC is capable to send messages on the same production network without compromising the existence of source and destination. By using techniques like encryption, address spoofing, signature poisoning and traffic analysis, the channel is able to hide the flows on the network without implicating the source and destination.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
5200.28-STD, D.: Trusted Computer System Evaluation Criteria. Dod Computer Security Center (1985)
Llamas, D., Miller, A., Allison, C.: An evaluation framework for the analysis of covert channels in the tcp/ip protocol suite. In: ECIW, pp. 205–214. Academic Conferences Limited, Reading (2005)
Zander, S., Armitage, G.J., Branch, P.: A survey of covert channels and countermeasures in computer network protocols. IEEE Commun. Surv. Tutorials 9, 44–57 (2007)
Sellke, S.H., Wang, C.C., Bagchi, S., Shroff, N.B.: Tcp/ip timing channels: theory to implementation. In: INFOCOM, pp. 2204–2212. IEEE (2009)
Nussbaum, L., Neyron, P., Richard, O.: On robust covert channels inside DNS. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 51–62. Springer, Heidelberg (2009)
Rios, R., Onieva, J.A., Lopez, J.: HIDE_DHCP: covert communications through network configuration messages. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 162–173. Springer, Heidelberg (2012)
Freire, E.P., Ziviani, A., Salles, R.M.: On metrics to distinguish skype flows from http traffic. J. Netw. Syst. Manage. 17, 53–72 (2009)
Dittmann, J., Hesse, D., Hillert, R.: Steganography and steganalysis in voice-over ip scenarios: operational aspects and first experiences with a new steganalysis tool set. In: Delp, E.J., Wong, P.W. (eds.) Security, Steganography, and Watermarking of Multimedia Contents. Proceedings of SPIE, vol. 5681, pp. 607–618. SPIE (2005)
Liu, Y., Ghosal, D., Armknecht, F., Sadeghi, A.-R., Schulz, S., Katzenbeisser, S.: Hide and seek in time — robust covert timing channels. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 120–135. Springer, Heidelberg (2009)
Zhang, D., Askarov, A., Myers, A.C.: Predictive mitigation of timing channels in interactive systems. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS ’11, pp. 563–574. ACM, New York (2011)
Zander, S., Armitage, G.J., Branch, P.: An empirical evaluation of ip time to live covert channels. In: ICON, pp. 42–47. IEEE (2007)
Luo, X., Chan, E.W.W., Chang, R.K.C.: Clack: a network covert channel based on partial acknowledgment encoding. In: ICC, pp. 1–5. IEEE (2009)
Wendzel, S., Zander, S.: Detecting protocol switching covert channels. In: 37th Annual IEEE Conference on Local Computer Networks, pp. 280–283 (2012)
Mazurczyk, W., Szczypiorski, K.: Steganography in handling oversized ip packets. CoRR abs/0907.0313 (2009)
Lucena, N.B., Pease, J., Yadollahpour, P., Chapin, S.J.: Syntax and semantics-preserving application-layer protocol steganography. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 164–179. Springer, Heidelberg (2004)
Fu, X., Guan, Y., Graham, B., Bettati, R., Zhao, W.: Using parasite flows to camouflage flow traffic. In: Proceedings of the 2002 IEEE Workshop on Information Assurance (2002)
Burnett, S., Feamster, N., Vempala, S.: Chipping away at censorship firewalls with user-generated content. In: Proceedings of the 19th USENIX Conference on Security, USENIX Security’10, pp. 29–29. USENIX Association, Berkeley (2010)
Miklosovic, S.: Pa018 - term project - port knocking enhancements (2011). http://www.portknocking.org/view/resources
Degraaf, R., Aycock, J., Jacobson, M.: Improved port knocking with strong authentication. In: Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005), pp. 409–418. Springer (2005)
Tariq, M., Baig, M.S., Saeed, M.T.: Associating the authentication and connection-establishment phases in passive authorization techniques (2008)
Rcf4557: The rc4-hmac kerberos encryption types used by microsoft windows (2006). http://www.ietf.org/rfc/rfc4757.txt
Snort: Snort (2013). http://www.snort.org/
OpenDPI: Opendpi (2013). http://www.opendpi.org/opendpi.org/index.html
Rfc2246: The tls protocol (1999). http://www.ietf.org/rfc/rfc2246.txt
BitTorrent: The bittorrent protocol specification, version 11031 (2013). http://bittorrent.org/beps/bep_0003.html
Klein, A.: Attacks on the rc4 stream cipher. Des. Codes Crypt. 48, 269–286 (2008)
Mantin, I.: Predicting and distinguishing attacks on RC4 keystream generator. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 491–506. Springer, Heidelberg (2005)
Paul, S., Preneel, B.: A new weakness in the rc4 keystream generator and an approach to improve the security of the cipher, pp. 245–259 (2004)
Tcpdump: Tcpdump (2013). http://www.tcpdump.org/
Hippie: Hi-performance protocol identification engine (2013). http://sourceforge.net/projects/hippie/
Battlefield: Battlefield (2013). http://www.battlefield.com/
Acknowledgements
This work has been partially funded by Vulcano project (ref 442808215-8215-4-9) funded by Spanish ministry of Science and Innovation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Giralte, L.C., de Diego, I.M., Conde, C., Cabello, E. (2014). InCC: Evading Interception and Inspection by Mimicking Traffic in Network Flows. In: Obaidat, M., Filipe, J. (eds) E-Business and Telecommunications. ICETE 2013. Communications in Computer and Information Science, vol 456. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44788-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-662-44788-8_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44787-1
Online ISBN: 978-3-662-44788-8
eBook Packages: Computer ScienceComputer Science (R0)