Montag, 16. Dezember 2019

Tiny extension to the hiding patterns taxonomy

As I have mentioned several times in the past, "hiding patterns" are a unified way to describe new hiding methods for network covert channels. We published a pattern-based taxonomy of these hiding techniques a couple of years ago, see here for a brief introduction and the latest version of this taxonomy.

In one recent paper (Covert Channels in MQTT-based Internet of Things, IEEE ACCESS, Vol. 7, 2019), we added a new sub-pattern to the list of hiding patterns, namely PS11.c Value Influencing.

This pattern is actually a special form of the "Value Modulation" pattern. The Value Modulation pattern is pretty simple. Let us assume you have some network protocol header field that can take several allowed values. You can simply select one of these values per packet to encode a hidden message.

The new sub-pattern forms a special form of above mentioned Value Modulation: the value is not directly modified but influenced by manipulating some other value or by manipulating the surrounding network environment. We discovered this pattern when we analyzed possible covert channels in MQTT (a popular network protocol for IoT communications).

Anyway, I hope the new sub-pattern is of interest to some of my readers.

