Filters








355 Hits in 2.5 sec

Covert Messaging through TCP Timestamps [chapter]

John Giffin, Rachel Greenstadt, Peter Litwack, Richard Tibbetts
2003 Lecture Notes in Computer Science  
We implement our protocol on a standard platform (Linux) exploiting a channel in a common communications system (TCP timestamps).  ...  Covert channels exist in most communications systems and allow individuals to communicate truly undetectably. However, covert channels are seldom used due to their complexity.  ...  It would be interesting to design a broadcast channel such that messages could be published covertly.  ... 
doi:10.1007/3-540-36467-6_15 fatcat:bkdotd4g6fa7zg76sgsu6ixgba

Covert channels in TCP/IP protocol stack - extended version-

Aleksandra Mileva, Boris Panajotov
2014 Open Computer Science  
For most of the covert channels its data bandwidth is given.  ...  AbstractWe give a survey of different techniques for hiding data in several protocols from the TCP/IP protocol stack. Techniques are organized according to affected layer and protocol.  ...  If they match the segment is sent immediately with generated TCP timestamp, otherwise it is delayed for one timestamp tick and TCP timestamp is incremented.  ... 
doi:10.2478/s13537-014-0205-6 fatcat:tkkyehibpbf3tl5x5bctsqkk6y

A survey of covert channels and countermeasures in computer network protocols

Sebastian Zander, Grenville Armitage, Philip Branch
2007 IEEE Communications Surveys and Tutorials  
Covert channels are used for the secret transfer of information.  ...  Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols.  ...  MODULATING TIMESTAMP FIELDS Giffin et al. developed a method for covert messaging through TCP timestamp header options, which are widely used to improve TCP performance [50] .  ... 
doi:10.1109/comst.2007.4317620 fatcat:vw2ow6ehrbcf3f3ry65xntriha

RTP Timestamp Steganography Detection Method

Wanxia Yang, Shanyu Tang, GuanPing Wang
2018 IETE Technical Review  
A histogram cosine similarity matching method for real-time transport protocol (RTP) timestamp difference vectors and a clustering method of the area between the best-fit curves of 2 RTP timestamp difference  ...  S.Y and W.G.P: RTP timestamp steganography detection method 4 to identify [3] .  ...  In addition, using IP identification (IPID), changes in information such as the IP lifetime and the TCP initial sequence number have followable patterns; this type of covert channel can be detected through  ... 
doi:10.1080/02564602.2018.1536528 fatcat:kilnf7vssne6vezcy6f2m2iyce

A COVERT CHANNEL IN RTP PROTOCOL

CHRISTOPHER FORBES, BO YUAN, DARYL JOHNSON, PETER LUTZ
2010 Computational Intelligence  
A new covert channel over the RTP protocol is designed and implemented by modifying the timestamp value in the RTP header.  ...  The channel is very difficult to detect due to expected variations in the timestamp field and the flexible nature of RTP.  ...  A timestamp was first employed to carry covert data in TCP protocol. 7 This channel carried 1 bit in the least significant bit of the TCP timestamp by delaying the packet creation.  ... 
doi:10.1142/9789814324700_0123 fatcat:6xsonljuorfqtlj6by6bjeeutq

Covert channels and countermeasures in computer network protocols [Reprinted from IEEE Communications Surveys and Tutorials]

S. Zander, G. Armitage, P. Branch
2007 IEEE Communications Magazine  
Covert channels are used for the secret transfer of information.  ...  covert channels for communication and coordination.  ...  Covert information can be inserted into the low order bits of timestamp fields. For example, covert data can be encoded into TCP timestamp header options [4] .  ... 
doi:10.1109/mcom.2007.4395378 fatcat:ln5uuk2ienezblonn3n7ofn3j4

Embedding Covert Channels into TCP/IP [chapter]

Steven J. Murdoch, Stephen Lewis
2005 Lecture Notes in Computer Science  
or the least significant bit of the TCP timestamp.  ...  A message can thus be hidden in such a way that an attacker cannot demonstrate its existence without knowledge of a secret key.  ...  Covert TCP creates all fields itself.  ... 
doi:10.1007/11558859_19 fatcat:qh6m6hgquvh2pb6tb5xqto3jva

A Protocol for Building Secure and Reliable Covert Channel

Baishakhi Ray, Shivakant Mishra
2008 2008 Sixth Annual Conference on Privacy, Security and Trust  
Though data transfer through covert channels is not unprecedented, existing covert channels have been restricted to covert transmission of only small amounts of data.  ...  This paper presents a secure and lightweight protocol for reliable data transfer through moderate bandwidth covert channels.  ...  Thus one can send up to 16 bits exploiting IP identification field, while up to 32 bits of covert data can be sent through TCP sequence number.  ... 
doi:10.1109/pst.2008.26 dblp:conf/pst/RayM08 fatcat:nyiptlmywfgzhjbku4dwbykro4

A Network Covert Channel Based on Packet Classification

Ping Dong, Huanyan Qian, Zhongjun Lu, Shaohua Lan
2012 International Journal of Network Security  
A network covert channel violates security rules and leaks information imperceptibly.  ...  With this method, covert information is encoded by modulating the varieties of packets on the Internet.  ...  Echo message, echo reply message, timestamp message and timestamp reply message have nonzero value, so we take these four types as available features, that is (8,0), (0,0), (13,0), (14,0).  ... 
dblp:journals/ijnsec/DongQLL12 fatcat:c5i6fulflfevhnhbev7tssef3a

Steganography of VoIP Streams [article]

Wojciech Mazurczyk, Krzysztof Szczypiorski
2008 arXiv   pre-print
The first one is network steganography solution which exploits free/unused protocols' fields and is known for IP, UDP or TCP protocols but has never been applied to RTP (Real-Time Transport Protocol) and  ...  The paper concerns available steganographic techniques that can be used for creating covert channels for VoIP (Voice over Internet Protocol) streams.  ...  SIP messages usually traverse through SIP network servers: proxies or redirects that help end-users to locate and reach each other.  ... 
arXiv:0805.2938v2 fatcat:24kzg3f5jzgotlxdycb2g5bciy

Covert Channels in SIP for VoIP Signalling [chapter]

Wojciech Mazurczyk, Krzysztof Szczypiorski
2008 Communications in Computer and Information Science  
We also estimate amount of data that can be transferred in signalling messages for typical IP telephony call.  ...  In this paper, we evaluate available steganographic techniques for SIP (Session Initiation Protocol) that can be used for creating covert channels during signaling phase of VoIP (Voice over IP) call.  ...  SIP messages usually traverse through SIP network servers: proxies or redirects that help end-users to locate and reach each other.  ... 
doi:10.1007/978-3-540-69403-8_9 fatcat:c2ip6jgoxzgzzkfjsocmfmy3hu

Steganography of VoIP Streams [chapter]

Wojciech Mazurczyk, Krzysztof Szczypiorski
2008 Lecture Notes in Computer Science  
SIP messages usually traverse through SIP network servers: proxies or redirects that allow end-users to locate and reach each other.  ...  RTP is usually used in conjunction with UDP (or rarely TCP) for transport of digital voice stream, c. Speech codecs e.g.  ...  , or control message).  ... 
doi:10.1007/978-3-540-88873-4_6 fatcat:um5ab4lqazbcjjyqwjsyxtv4j4

Sending Hidden Data via Google Suggest [article]

Piotr Bialczak, Wojciech Mazurczyk, Krzysztof Szczypiorski
2011 arXiv   pre-print
The traffic analysis was also performed to discover the occurrence of two TCP options: Window Scale and Timestamp which StegSuggest uses to operate.  ...  Then the message that shuts the covert channel is issued (Fig. 17) . When SR discovers such message he/she ceases to insert parts of the steganogram into original suggestions.  ...  However, proposed steganographic method, StegSuggest, modifies mainly two network protocols: con-tent of HTTP messages containing suggestions and TCP header options: Windows Scale (WS) and Timestamp (TS  ... 
arXiv:1107.4062v1 fatcat:4kjez74mfvb4znmpcsrc3hh534

Reporting Insider Threats via Covert Channels

David N. Muchene, Klevis Luli, Craig A. Shue
2013 2013 IEEE Security and Privacy Workshops  
In this work, we propose a covert channel in the Ethernet frame that allows a computer system to report activity inside other, unrelated network communication.  ...  We introduce the covert channel, incorporate it into a working prototype, and combine it with an intrusion detection system to show its promise for security event reporting.  ...  Message 3 is an altered version of Message 1 that includes a covert payload after the IP packet data. Message 4 is the transmission of the prior message from the kernel through the network interface.  ... 
doi:10.1109/spw.2013.30 dblp:conf/sp/MucheneLS13 fatcat:lu45lnqcd5gcjn6fuchuapndma

HIDE_DHCP: Covert Communications through Network Configuration Messages [chapter]

Ruben Rios, Jose A. Onieva, Javier Lopez
2012 IFIP Advances in Information and Communication Technology  
Usually, these tools take advantage of protocols widely used in most existing networks, such as TCP/IP [19] , HTTP [6] or DNS [13] .  ...  Covert channels are a form of hidden communication that may violate the integrity of systems.  ...  This work has been partially funded by the European Commission through the FP7 project NESSoS (FP7 256890) and the Spanish Ministry of Science and Innovation through the research projects: ARES (CSD2007  ... 
doi:10.1007/978-3-642-30436-1_14 fatcat:qu7mtfnqeraalboqhke37feigm
« Previous Showing results 1 — 15 out of 355 results