Sonntag, 25. Januar 2015

A new way to describe covert channels: A Pattern-based Survey and Categorization of Network Covert Channel Techniques

A new article on network steganography got published:

Steffen Wendzel, Sebastian Zander, Bernhard Fechner, Christian Herdin:
Pattern-based Survey and Categorization of Network Covert Channel Techniques,
ACM Computing Surveys (CSUR), vol. 47(3), 2015.

Network covert channels are used to hide communication inside network protocols. Within the last decades, various techniques for covert channels arose. We surveyed and analyzed 109 techniques developed between 1987 and 2013 and show that these techniques can be reduced to only 11 different patterns. Moreover, the majority (69.7%) of techniques can be categorized in only four different patterns, i.e. most of the techniques we surveyed are very similar. We represent the patterns in a hierarchical catalog using a pattern language. Our pattern catalog will serve as a base for future covert channel novelty evaluation as the catalog will be available online. Furthermore, we apply the concept of pattern variations to network covert channels. With pattern variations, the context of a pattern can change. For example, a channel developed for IPv4 can automatically be adapted to other network protocols. We also propose the pattern-based covert channel optimizations pattern hopping and pattern combination. Finally, we lay the foundation for pattern-based countermeasures: While many current countermeasures were developed for specific channels, a pattern-oriented approach allows to apply one countermeasure to multiple channels. Hence, future countermeasure development can focus on patterns, and the development of real-world protection against covert channels is greatly simplified.

A new website will from now on deal with the pattern-based approach in network information hiding and additional research is in progress.

Keine Kommentare:

Kommentar veröffentlichen