Samstag, 7. Juli 2012

Detecting Protocol Switching Covert Channels

A new paper of Sebastian Zander and me got accepted at the The 37th IEEE Conference on Local Computer Networks (LCN) in Florida. As usual, I will post an abstract here.

Steffen Wendzel, Sebastian Zander:
Detecting Protocol Switching Covert Channels,
in Proc. 37th IEEE Conf. on Local Computer Networks (LCN), Clearwater, Florida, 2012 (to appear).

The work presents the first detection technique for protocol switching covert channels (protocol channels). A summary on my recent covert channel research is available here.

Network covert channels enable hidden and security policy breaking communication. Within the last years, new techniques for such covert channels arose, including protocol switching covert channels (PSCCs). PSCCs transfer hidden information by sending network packets with different selected network protocols.

In this paper we present the first detection methods for PSCCs. We show that the number of packets between network protocol switches and the time between switches can be monitored to detect PSCCs with 98-99% accuracy for bit rates of 4 bits/second or higher.

