Dienstag, 22. August 2017

NEL: Implementation of a Network Environment Learning Phase (Research Tool)

When I started working on my PhD in 2009, I read a paper by Yarochkin et al. that proposed a so-called Network Environment Learning functionality for covert channels.

In Network Steganography research, a covert channel is a stealthy communication channel and some covert channels are capable of performing a so-called Network Environment Learning phase (or: NEL phase). Such NEL-capable covert channels
  • can determine how exactly data can be covertly exchanged between sender and receiver, and
  • which types stealthy data transmissions will be blocked/modified by an active warden (e.g. a firewall or a traffic normalizer).
For instance, certain network packets of the covert channel may be blocked by an active warden as they set reserved header bits to '1' (a typical filter rule of an active warden could simply clear the bit to prevent a covert channel).

Although the NEL phase was already discussed in academia in 2008, no implementation was made available and my requests for a demo or code remained unanswered by the authors of that paper. Anyway, I wanted to use a NEL phase for my PhD. During my doctorate, I published work that extended the concept of the NEL phase (see references below) to make it more sophisticated.

In 2016, we decided to work on a new research paper for which we needed such a NEL implementation. While my PhD was using only a very basic NEL concept that required lots of work by hand and was not fully automated, I now decided to implement a complete NEL phase for this new paper and release it to the public using an open source license even before our paper was published (uploaded the code on GitHub in mid-May).

In a Nutshell, this NEL tool provides the first public implementation of a NEL phase on the basis of scapy and libpcap. It is no master piece, it just works and allows to perform measurements in the sense that one can measure the effect of an active warden on the NEL phase. The NEL tool is written in C and runs best under Linux.

Further links:

References:

Keine Kommentare:

Kommentar veröffentlichen