Two new papers of us will appear (see below). A summary of my recent covert channel research work can be found here.
Paper #1: The Problem of Traffic Normalization Within a Covert Channel's Network Environment Learning Phase
This paper will appear at the SICHERHEIT'12 conference in Darmstadt.
Network covert channels can build cooperating environments within overlay networks.
Peers in such an overlay network can initiate connections with new peers and can build up new paths within the overlay network.
To communicate with new peers, it is required to determine protocols which can be used between the peers -- this process is called the Network Environment Learning Phase (NEL Phase).
We show that the NEL phase itself as well as two similar approaches are affected by traffic normalization, which leads to a two-army problem.
Solutions to overcome this not completely solvable problem are presented and analyzed. A proof of concept code was implemented to verify the approach.
Keywords: network covert storage channel, traffic normalization, active warden
Paper #2: Covert and Side Channels in Buildings and the Prototype of a Building-aware Active Warden
This paper will appear at the First IEEE International Workshop on Security and Forensics in Communication Systems (SFCS 2012),
Covert channels and side channels are barely discussed topics in the area of building automation. We show that both channels exist in buildings and define a building in the context of multilevel security (MLS). Additionally, we present a system called the building-aware active warden to eliminate covert/side storage channels in building automation systems (BAS).
Active wardens aim to remove malicious (covert) elements in communications and are a well-known means from the area of network covert channels and steganography. Within the last years, new models, such as the network-aware active warden, were developed.
The presented building-aware active warden is an adaption of the concept of a network-aware active warden to building automation. Building-aware active wardens modify or drop building automation commands as well as building information requests from users based on their security levels to enhance a building's security.
We extended an interoperable system for building automation supporting hardware from two vendors for the purpose of a building-aware active warden and for providing an unified application programming interface.
Keywords: building automation security, covert channel, side channel