a covert channel a covert channel
play

A covert channel A covert channel hiding data in in packet headers - PDF document

May 25, 2023 •184 likes •251 views

A covert channel A covert channel hiding data in in packet headers packet headers hiding data Craig Rowland s covert_tcp proof s covert_tcp proof- -of of- -concept program concept program Craig Rowland David Morgan Covert

  1. A covert channel A covert channel hiding data in in packet headers packet headers hiding data Craig Rowland’ ’s covert_tcp proof s covert_tcp proof- -of of- -concept program concept program Craig Rowland David Morgan Covert channels in general Covert channels in general � mechanisms that can serve as a communication channels though not designed for that � have 2 sides “high” and “low” that share access to a resource � high side modulates/writes, low side observes/reads 1

  2. Proof- -of of- -concept covert channel demo concept covert channel demo Proof � Named “covert_tcp” by Craig Rowland � client/sender and server/receiver roles � client places data in either – IP header’s “identification” field, or – TCP header’s “sequence number” field � server knows, fetches the data out http://www.firstmonday.org/Issues/issue2_5/rowland/ http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/528/449 IP packet header IP packet header 32 bits fields available for embedding steganographic data 2

  3. TCP packet (segment) header TCP packet (segment) header 32 bits fields available for embedding steganographic data Put ‘ ‘em em where they don where they don’ ’t belong t belong Put because you can because you can * * * fields available for embedding steganographic passengers 3

  4. The protocols don’ The protocols don ’t restrict t restrict � IP “identification” field’s value – “An internet header field carrying the identifying value assigned by the sender to aid in assembling the fragments of a datagram.” RFC 791, “Internet Protocol” � TCP “sequence number” field’s value – “When new connections are created, an initial sequence number (ISN) generator is employed which selects a new 32 bit ISN. The generator is bound to a ... clock ... [but] not tied to a global clock in the network, and TCPs may have different mechanisms for picking the ISN's.” RFC 793, Transmission Control Protocol Fields alternatively utilized Fields alternatively utilized OR 4

  5. Simultaneous screenshots Simultaneous screenshots client/sender (on 192.168.1.20) [root@V1 root]# ./covert_tcp -dest 192.168.1.132 -source 192.168.1.20 -source_port 1234 -dest_port 80 -file covert_data_to_send Covert TCP 1.0 (c)1996 Craig H. Rowland (crowland@psionic.com) file content: ABC Not for commercial use without permission. Destination Host: 192.168.1.132 Source Host : 192.168.1.20 Originating Port: 1234 Destination Port: 80 Encoded Filename: covert_data_to_send Encoding Type : IP ID server/receiver (on 192.168.1.132) Client Mode: Sending data. [root@clay ~]# ./covert_tcp -server -dest 192.168.1.132 -source 192.168.1.20 -file captured_data.txt Covert TCP 1.0 (c)1996 Craig H. Rowland Sending Data: A (crowland@psionic.com) Sending Data: B Not for commercial use without permission. Sending Data: C Listening for data from IP: 192.168.1.20 [root@V1 root] Listening for data bound for local port: Any Port Decoded Filename: captured_data.txt Decoding Type Is: IP packet ID Server Mode: Listening for data. Receiving Data: A Receiving Data: B Receiving Data: C Packet dump seen at server Packet dump seen at server -- using IP identification field -- using IP identification field Letter Ascii code A 65 65 x 256 = 16640 B 66 66 x 256 = 16896 C 67 67 x 256 = 17152 D 68 etc etc 5

  6. Simultaneous screenshots Simultaneous screenshots client/sender (on 192.168.1.20) [root@V1 root]# ./covert_tcp -seq -dest 192.168.1.132 -source 192.168.1.20 -source_port 1234 -dest_port 80 -file covert_data_to_send Covert TCP 1.0 (c)1996 Craig H. Rowland (crowland@psionic.com) Not for commercial use without permission. Destination Host: 192.168.1.132 Source Host : 192.168.1.20 Originating Port: 1234 Destination Port: 80 Encoded Filename: covert_data_to_send Encoding Type : IP Sequence Number server/receiver (on 192.168.1.132) Client Mode: Sending data. [root@clay ~]# ./covert_tcp -seq -server -dest 192.168.1.132 -source 192.168.1.20 -file captured_data.txt Sending Data: A Covert TCP 1.0 (c)1996 Craig H. Rowland Sending Data: B (crowland@psionic.com) Sending Data: C Not for commercial use without permission. [root@V1 root] Listening for data from IP: 192.168.1.20 Listening for data bound for local port: Any Port Decoded Filename: captured_data.txt Decoding Type Is: IP Sequence Number Server Mode: Listening for data. Receiving Data: A Receiving Data: B Receiving Data: C Packet dump seen at server Packet dump seen at server -- using TCP sequence number field using TCP sequence number field -- 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Abusing the Windows WiFi native API to create a covert channel Andrs Blanco Ezequiel Gutesman

Abusing the Windows WiFi native API to create a covert channel Andrs Blanco Ezequiel Gutesman

Abusing the Windows WiFi native API to create a covert channel Andrs Blanco Ezequiel Gutesman 1 Outline Covert Channels Attack Vectors and Scenarios IEEE 802.11 Fundamentals Covert Channel Design Implementation

766 views • 38 slides
Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy US DoD 1985 Basically a

1.04k views • 67 slides
VMS SAN Technology Spring 2002 John Covert 3C01 Fibre Channel Fibre Channel Fibre Channel

VMS SAN Technology Spring 2002 John Covert 3C01 Fibre Channel Fibre Channel Fibre Channel

VMS SAN Technology Spring 2002 John Covert 3C01 Fibre Channel Fibre Channel Fibre Channel ANSI standard network and storage interconnect OpenVMS, and most others, use it for SCSI storage TCI/IP and VIA also possible 1.06

460 views • 19 slides
I DPID It My Way! A Covert Timing Channel in Software-Defined Networks Robert Kro sche,

I DPID It My Way! A Covert Timing Channel in Software-Defined Networks Robert Kro sche,

I DPID It My Way! A Covert Timing Channel in Software-Defined Networks Robert Kro sche, Kashyap Thimmaraju , Liron Schiff and Stefan Schmid IFIP Networking 2018 14-16 May, 2018, Zurich, Switzerland 1 Outline 1. Motivation 2. Covert

999 views • 95 slides
Covert channel detection using flow-data Guido Pineda Reyes MSc. Systems and Networking

Covert channel detection using flow-data Guido Pineda Reyes MSc. Systems and Networking

Covert channel detection using flow-data Guido Pineda Reyes MSc. Systems and Networking Engineering University of Amsterdam July 3, 2014 Guido Pineda Reyes (UvA) Covert channel detection using flow-data July 3, 2014 1 / 46 Outline

594 views • 46 slides
Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

1.03k views • 66 slides
Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

562 views • 38 slides
Bankrupt Covert Channel: Turning Network Predictability into Vulnerability Dmitrii Ustiugov ,

Bankrupt Covert Channel: Turning Network Predictability into Vulnerability Dmitrii Ustiugov ,

Bankrupt Covert Channel: Turning Network Predictability into Vulnerability Dmitrii Ustiugov , Plamen Petrov, Siavash Katebzadeh, Boris Grot University of Edinburgh This work is supported by ARM Center of Excellence at University of Edinburgh

564 views • 30 slides
Covert Channel Detection Using Process Query Systems Annarita Giani Vincent Berk George Cybenko

Covert Channel Detection Using Process Query Systems Annarita Giani Vincent Berk George Cybenko

Covert Channel Detection Using Process Query Systems Annarita Giani Vincent Berk George Cybenko Institute for Security Technology Studies Thayer School of Engineering Dartmouth College Hanover, NH FLoCon 2005 1 MOTIVATION CNN.COM

234 views • 19 slides
May 26: Covert Channels Covert channels Composition of policies Problem

May 26: Covert Channels Covert channels Composition of policies Problem

May 26: Covert Channels Covert channels Composition of policies Problem Deterministic Noninterference Nondeducibility Generalized Noninterference Restrictiveness May 26, 2017 ECS 235B Spring Quarter 2017 Slide #1

370 views • 33 slides
Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks

Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks

Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks Aron Laszka 1 , 2 Benjamin Johnson 3 Jens Grossklags 1 1 Pennsylvania State University 2 Budapest University of Technology and Economics 3 University

867 views • 43 slides
SECURE SYSTEMS ENGINEERING ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPING The covert

SECURE SYSTEMS ENGINEERING ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPING The covert

SECURE SYSTEMS ENGINEERING ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPING The covert channel traces are online You get always 5 traces from the unmodified app 5 traces from Other student submissions My own implementation

971 views • 63 slides
CHANNEL ALLOCATION Channel Language Translation Channel Translation Language Channel 1 German

CHANNEL ALLOCATION Channel Language Translation Channel Translation Language Channel 1 German

CHANNEL ALLOCATION Channel Language Translation Channel Translation Language Channel 1 German Kanal 1 Deutsch Channel 2 English Channel 2 English Channel 3 Italian Canale 3 Italiano Channel 4 Spanish Canal 4 Espaol Channel 5

708 views • 34 slides
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/ { sjm217 , srl32 } Computer

915 views • 36 slides
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/ { sjm217 , srl32 } Computer

1.12k views • 37 slides
Hash-Based Indexes UMass Amherst March 6, 2008 Slides Courtesy of R. Ramakrishnan and J. Gehrke

Hash-Based Indexes UMass Amherst March 6, 2008 Slides Courtesy of R. Ramakrishnan and J. Gehrke

Hash-Based Indexes UMass Amherst March 6, 2008 Slides Courtesy of R. Ramakrishnan and J. Gehrke 1 Introduction As for any index, 3 alternatives for data entries k* : Data record with key value k < k , rid of data record with

649 views • 34 slides
2018 CRs Nick Amin September 2, 2018 Overview (1) Previously looked at 2017 CRs with an

2018 CRs Nick Amin September 2, 2018 Overview (1) Previously looked at 2017 CRs with an

2018 CRs Nick Amin September 2, 2018 Overview (1) Previously looked at 2017 CRs with an updated fake rate Have ntupled the latest golden JSON of 2018 data (35.5fb -1 ), so repeat the CR plotting with 2018 comparing against 2017 MC

355 views • 18 slides
Visualization Frameworks for Data Staging and In- Situ Environments David Pugmire Scientific

Visualization Frameworks for Data Staging and In- Situ Environments David Pugmire Scientific

Visualization Frameworks for Data Staging and In- Situ Environments David Pugmire Scientific Computing Group, Oak Ridge National Laboratory Thanks to: H. Abbasi, S. Ahern, C. Chang, J. Choi, S. Ku, S. Klasky, J. Kress, J. Logan, Q. Liu, J.

548 views • 52 slides
CS 343H: Honors AI Lecture 23: Kernels and clustering 4/15/2014 Kristen Grauman UT Austin

CS 343H: Honors AI Lecture 23: Kernels and clustering 4/15/2014 Kristen Grauman UT Austin

CS 343H: Honors AI Lecture 23: Kernels and clustering 4/15/2014 Kristen Grauman UT Austin Slides courtesy of Dan Klein, except where otherwise noted Announcements Office hours Kims office hours this week: Mon 11-12 and Thurs

896 views • 67 slides
Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The

Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The

Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The Humble Keylogger Malware Malicious Hardware In-Cable Devices Malicious Keyboards Supply Chain Attacks Malicious BIOS

591 views • 14 slides
Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer Security Transient execution and kernel isolation: Meltdown Day 11: Side Channels and Transient Execution Stephen McCamant Transient execution and kernel

496 views • 4 slides
COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to

COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to

COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to be problematic for Delft Lab on May 31st seems to be problematic for Twente Systems Security Covert Channels 2 14.05.2018 Prepare to vote 1

1.05k views • 50 slides
Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo

Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo

Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo Barradas PhD Stage: Planner Advisors: Prof. Lus Rodrigues & Prof. Nuno Santos Research Area: Privacy-Enhancing Technologies Diogo Barradas - EuroSys

395 views • 15 slides

More recommend