OpenCCD (Open Covert Channel Detection)
IntroductionCovert channels are hidden communication channels not designed for information transfer. A covert channel can be used to signal secret information within a network, i.e. it is possible to leak secret information (e.g. confidential business data as well as research secrets).
Within the last years, I spent a huge amount of time doing research in the area of covert channels. My research includes both, covert channel creation, as well as covert channel detection/prevention. I just finished my master's thesis on the analysis of covert channel detection/prevention methods and I additionally developed a new detection method for so called "protocol channels". I also wrote my diploma thesis on covert channels and I am now writing my PhD thesis in the area of covert channels as well.
IdeaWe have well-known intrusion detection systems (such as Snort) but there is currently no covert channel detection system available as a software solution. Thus, I started the development of an open source software with the aim to develop such a covert channel detection/prevention system able to work on network appliances. Covert channels can be used by intruders for information leakage. Therefore an information leakage protection is required. The importance of covert channels will raise within the next years (AT&T Chief Security Officer Ed Amoroso already mentioned that covert channel research must be resumed back in 2009).
Call for developersI spent the last months, evaluating the existing covert channel detection/prevention methods. It turned out that the time, required for the development of a detection software, is way too much for one developer. It requires at least a small team of /skilled/ developers to reach this aim within the next years. Thus, this project requires open source software developers (with specialization in network programming in the Linux/Unix/BSD environment), and that is why I wrote this call:
If you are interested in contributing to the first and open covert channel detection/prevention software, then let me know. The goal is to build an international team of experts, as well as to do additional research in that area.
Requested skills: Linux/Unix/BSD, C, TCP/IP, Monitoring, IDS, and, if possible: knowledge in the area of covert channels.
Project website: www.openccd.org
swendzel -at- ploetner-it -dot- de,
Jun, 3. 2011