A new paper will be published:
Jaspreet Kaur, Steffen Wendzel, Omar Eissa, Jernej Tonejc, Michael Meier:
Covert Channel-internal Control Protocols: Attacks and Defense,
in: Security and Communication Networks (SCN), Wiley (accepted).
Network covert channels have become a sophisticated means for transferring hidden information over the network. Covert channel-internal control protocols, also called micro protocols, have been introduced in the recent years to enhance capabilities of network covert channels. Micro protocols are usually placed within the hidden bits of a covert channel's payload and enable features such as reliable data transfer, session management, and dynamic routing for network covert channels. These features provide adaptive and stealthy covert communication channels. Some of the micro protocol based tools exhibit vulnerabilities and are susceptible to attacks. In this paper, we demonstrate some possible attacks on micro protocols which are capable of breaking the sophisticated covert channel communication or jeopardizing the identity of nodes in such a network. These attacks are based on the attacker's interaction with the micro protocol. We also present defense techniques which can safeguard micro protocols against such attacks. By using these techniques, micro protocol-based tools become immune to certain attacks and lead to robust covert communication. We present our results for two micro protocol-based tools: Ping Tunnel and Smart Covert Channel Tool.
Keywords: Covert channels, network steganography, cyber security, micro protocols, information hiding, ICMP tunneling, overlay routing, active warden, passive warden