covert channels
play

COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING - PowerPoint PPT Presentation

Jun 08, 2023 •542 likes •1.05k views

COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to be problematic for Delft Lab on May 31st seems to be problematic for Twente Systems Security Covert Channels 2 14.05.2018 Prepare to vote 1

  1. COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL>

  2. HOUSEKEEPLING ▪ Lab on May 30th seems to be problematic for Delft ▪ Lab on May 31st seems to be problematic for Twente Systems Security – Covert Channels 2 14.05.2018

  3. Prepare to vote 1 Go to sh shakeq.com This presentation has been loaded without the Shakespeak add-in. Want to download the add-in for free? Go to 2 Log in with System http://shakespeak.com/en/free-download/. Voting is anonymous 30.04.2018

  4. For Delft: Will moving the lab from May 30th help you A. Yes, to May 31st B. Yes, to June 1st C. No The question will open when you start your session and slideshow. Close d Internet This text box will be used to describe the different message sending methods. # Votes: 8 TXT TXT The applicable explanations will be inserted after you have started a session.

  5. For Delft: Will moving the lab from May 30th help you A. Yes, to May 31st 25.0% B. Yes, to June 1st 50.0% C. No 25.0% Close d Internet This text box will be used to describe the different message sending methods. TXT TXT The applicable explanations will be inserted after you have started a session.

  6. For Twente: Will movnig the lab from May 31st help you? A. Yes, to May 30st B. Yes, to June 1st C. No The question will open when you start your session and slideshow. Close d # Votes: Internet This text box will be used to describe the different message sending methods. TXT TXT The applicable explanations will be inserted after you have started a session. 29

  7. For Twente: Will movnig the lab from May 31st help you? A. Yes, to May 30st 17.2% B. Yes, to June 1st 27.6% C. No 55.2% Close d Internet This text box will be used to describe the different message sending methods. TXT TXT The applicable explanations will be inserted after you have started a session.

  8. COVERT CHANNEL A channel not intended for information transfer at all Systems Security – Covert Channels 8 14.05.2018

  9. CHANNELS FOR INFORMATION TRANSFER Systems Security – Covert Channels 9 14.05.2018

  10. WHAT WAS PROBABLY NOT INTENDED Systems Security – Covert Channels 10 14.05.2018

  11. TYPES OF COVERT CHANNELS ▪ There is an existing channel you are aware of ▪ Variations in that channel allow you to embed additional information ▪ You are not even aware that this channel exists Systems Security – Covert Channels 11 14.05.2018

  12. COVERT CHANNELS VS. SIDE CHANNELS Covert channels are A side channel is more or „used“ by a (malicious) less the unintentional device or program to leakage of information from transmit information in a a device or program that way that makes them can be observed by an hard to detect. adversary. Systems Security – Covert Channels 12 14.05.2018

  13. TYPICAL COVERT CHANNELS ▪ System state (load, global settings, shared resources) ▪ Network protocols ▪ Protocol features and freedom of choice ▪ Radio protocols ▪ Hidden transmissions in existing radio protocols ▪ Previously unknown transmission features ▪ Light ▪ Sound Systems Security – Covert Channels 13 14.05.2018

  14. EXAMPLE SYSTEM LOAD ▪ Two docker containers running on a local system ▪ Both are isolated from each other ▪ Container 1 spawns a lot of processes ▪ Container 2 sees a high system load ▪ Can be used to communicate secrets across different security domains Systems Security – Covert Channels 14 14.05.2018

  15. NETWORK PROTOCOLS ▪ Many covert channels in the TCP/IP protocol family ▪ IP ▪ Header bits like “don’t fragment” ▪ TCP ▪ Window size and scaling, fragmentation behaviour ▪ HTTP ▪ Order of headers for HTTP request Systems Security – Covert Channels 15 14.05.2018

  16. HTTP EXAMPLE GET / HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: de,en-US;q=0.7,en;q=0.3 Cache-Control: max-age=0 Connection: keep-alive Host: www.spiegel.de Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 GET / HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: de,en-US;q=0.7,en;q=0.3 Connection: keep-alive Cache-Control: max-age=0 Host: www.spiegel.de Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 Systems Security – Covert Channels 16 14.05.2018

  17. DETECTION ▪ Usually hard (that‘s almost the definition of a covert channel) ▪ When a reference transmission is available, a direct comparison is sometimes possible Systems Security – Covert Channels 17 14.05.2018

  18. THE TIMING DOMAN ▪ Leave everything as it is, just vary the timing ▪ Works very well for most packet switching based protocols ▪ Often difficult for circuit switching protocols ▪ Can be applied to TDMA based radio procols as well (more about this later on) ▪ Timing in the internet is affected by routers forwarding the traffic ▪ Effectively the transmission is a noisy channel and all methods known from information theory can be applied to compensate for the noise Systems Security – Covert Channels 18 14.05.2018

  19. THE PHYSICAL LAYER A PARADISE FOR COVERT CHANNELS ▪ Pretty much everything here can be applied to radio protocols as well ▪ A cookbook for covert channels: ▪ Use the physical layer protocol of your choice ▪ Usually you find some error correction method in there as well as a checksum ▪ Exchange the checksum with something else of your choice ▪ Normal recovers will drop your packets since the checksum is invalid Systems Security – Covert Channels 19 14.05.2018

  20. WIFI AND OTHER RADIO PROTOCOLS ▪ WiFi ▪ Various kinds of digital modulation ▪ Decoding and some procotol layers usually processed by the baseband ▪ Again a paradise for covert channels Systems Security – Covert Channels 20 14.05.2018

  21. DIGITAL MODULATION 4QAM Systems Security – Covert Channels 21 14.05.2018

  22. 4QAM WITH NOISE Systems Security – Covert Channels 22 14.05.2018

  23. 4QAM WITH NOISE Systems Security – Covert Channels 23 14.05.2018

  24. 4QAM WITH NOISE Systems Security – Covert Channels 24 14.05.2018

  25. 16QAM Source: https://commons.wikimedia.org/wiki/Category:Quantized_QAM Systems Security – Covert Channels 25 14.05.2018

  26. PROBLEM: YOU STILL SEE A TRANSMISSION ▪ Make your transmission indistinguishable from noise ▪ CDMA modulation ▪ Very low transmission power Systems Security – Covert Channels 26 14.05.2018

  27. HOW TO PREVENT SUCH COVERT CHANNELS ▪ Remove all radio transmitters from your system Systems Security – Covert Channels 27 14.05.2018

  28. Which devices in your computer can be used for radio transmissions? Bluetoothmicrop Netcard, honeWiFi GPU soundcard adapterspeakers Internet This text box will be used to describe the different message sending methods. # Messages: 0 TXT TXT The applicable explanations will be inserted after you have started a session.

  29. ALTERNATIVE RADIO TRANSMISSIONS Systems Security – Covert Channels 29 14.05.2018

  30. LIGHT ▪ You can do similar things with light ▪ Very often, you do not find well controllable light transmitters in a PC ▪ But for low data rates, they are sufficient Systems Security – Covert Channels 30 14.05.2018

  31. SOUND ▪ Again, sound is a paradise for covert channels ▪ There are many ways to create sound ▪ And there are many ways to receive sound ▪ Most methods from radio protocols apply to sound as well ▪ We assume we can hear sound, but that is not true Systems Security – Covert Channels 31 14.05.2018

  32. HEARING ▪ Our perception of sound depends on the frequencey and the intensity of the sound as well as other sounds we are hearing at the „same moment“ ▪ Everything with a higher frequency that we can hear is called „ultrasonic“ ▪ Ultrasonic sound is a very nice covert channel Systems Security – Covert Channels 32 14.05.2018

  33. HOW TO CREATE SOUND ▪ Speakers ▪ Frequency range is limited by: ▪ The sample rate of the connected audio device ▪ The frequency response curve of the speaker ▪ Capacitors ▪ (Bad) capacitors connected to high frequency power tend to produce sound ▪ The same sometimes for coils Systems Security – Covert Channels 33 14.05.2018

  34. HOW TO RECEIVE SOUND ▪ Microphone ▪ Again, limited by the response curve and the connected audio hardware ▪ Possibly the accelerometer Systems Security – Covert Channels 34 14.05.2018

  35. RECEIVING SOUND WITH A DIGITAL CAMERA Systems Security – Covert Channels 35 14.05.2018

  36. OTHER THINGS THAT ARE SENSITIVE TO SOUND Systems Security – Covert Channels 36 14.05.2018

  37. A SOUND COVERT CHANNEL FOR SMARTPHONES ▪ Play audible sounds in your application but vary them ▪ Seems to work well ▪ Play very silent sound in the audible range ▪ Seems to be hard on Android ▪ Play sound in the ultrasonic range ▪ Also seems to work well, but take device characteristics into account Systems Security – Covert Channels 37 14.05.2018

  38. RECOMMENDED READING “Inaudible Sound as a Covert Channel in Mobile Devices” by Luke Deshotels, North Carolina State University Systems Security – Covert Channels 38 14.05.2018

  39. SPECDROID Systems Security – Covert Channels 39 14.05.2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

May 26: Covert Channels Covert channels Composition of policies Problem

May 26: Covert Channels Covert channels Composition of policies Problem

May 26: Covert Channels Covert channels Composition of policies Problem Deterministic Noninterference Nondeducibility Generalized Noninterference Restrictiveness May 26, 2017 ECS 235B Spring Quarter 2017 Slide #1

370 views • 33 slides
Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy US DoD 1985 Basically a

1.04k views • 67 slides
Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems

Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems

Side Channels Covert Channels References Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems (ICS), Mid Sweden University, Sundsvall. 1st May 2017 Daniel Bosk MIUN ICS Side Channels and Covert

689 views • 32 slides
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/ { sjm217 , srl32 } Computer

1.12k views • 37 slides
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/ { sjm217 , srl32 } Computer

915 views • 36 slides
PHY Covert Channels: Can you see the Idles? Ki

PHY Covert Channels: Can you see the Idles? Ki

PHY Covert Channels: Can you see the Idles? Ki Suh Lee Chupja Cornell University Joint work with Han Wang, and Hakim Weatherspoon 1

627 views • 38 slides
Abusing hardware for fun and profit Agenda Cache-based Covert channels w/ demo Spectre

Abusing hardware for fun and profit Agenda Cache-based Covert channels w/ demo Spectre

Abusing hardware for fun and profit Agenda Cache-based Covert channels w/ demo Spectre and Meltdown from covert channels Process isola8on + OS (CS 423) OS paging OS services 0x00000000 Communica&lt;on to other processes

568 views • 15 slides
Hiding in Plain Sight Advances in Malware Covert Communication Channels Pierre-Marc Bureau

Hiding in Plain Sight Advances in Malware Covert Communication Channels Pierre-Marc Bureau

Hiding in Plain Sight Advances in Malware Covert Communication Channels Pierre-Marc Bureau Christian Dietrich Outline 1. Covert Channels 2. Steganography a. Lurk b. Gozi c. Stegoloader 3. Inconspicuous Carrier Protocols a.

674 views • 49 slides
Treating Interference as Noise is Optimal for Covert Communication over Interference Channels

Treating Interference as Noise is Optimal for Covert Communication over Interference Channels

Treating Interference as Noise is Optimal for Covert Communication over Interference Channels Kang-Hee Cho and Si-Hyeon Lee School of Electrical Engineering KAIST 2020 ISIT 1 / 14 Covert Communication ^ Y n W Decoder X n W P n Encoder

386 views • 15 slides
IP Covert Timing Channels: Design and Detection By Serdar Cabuk, Carla E. Brodley, Clay

IP Covert Timing Channels: Design and Detection By Serdar Cabuk, Carla E. Brodley, Clay

IP Covert Timing Channels: Design and Detection By Serdar Cabuk, Carla E. Brodley, Clay Shields. Outline Positive Traits Problems Questions Extensions Other Covert Channels Discussion Positive Traits What are the

496 views • 34 slides
March 6, 2014 1 Mitigation of Covert Channels 2 About Voting and Computers March 6, 2014 ECS 235B

March 6, 2014 1 Mitigation of Covert Channels 2 About Voting and Computers March 6, 2014 ECS 235B

Mitigation of Covert Channels About Voting and Computers March 6, 2014 1 Mitigation of Covert Channels 2 About Voting and Computers March 6, 2014 ECS 235B Winter Quarter 2014 Slide 1 Mitigation of Covert Channels About Voting and Computers

416 views • 26 slides
May 24: Confinement Confinement, non-VM isolation Program modification Covert channels

May 24: Confinement Confinement, non-VM isolation Program modification Covert channels

May 24: Confinement Confinement, non-VM isolation Program modification Covert channels May 24, 2017 ECS 235B Spring Quarter 2017 Slide #1 Compiling Compiler enforces or validates constraints Type-safe language enforces them

313 views • 27 slides
NetFlow Analysis: Detecting covert channels on the network Detecting malicious traffic by using

NetFlow Analysis: Detecting covert channels on the network Detecting malicious traffic by using

NetFlow Analysis: Detecting covert channels on the network Detecting malicious traffic by using NetFlow data By: Joey Dreijer, Student OS3 5-07-14 1 NetFlow Analysis: Detecting covert channels on the network Gathering NetFlow data

346 views • 16 slides
On Robust Covert Channels Inside DNS Lucas Nussbaum , Pierre Neyron and Olivier Richard

On Robust Covert Channels Inside DNS Lucas Nussbaum , Pierre Neyron and Olivier Richard

On Robust Covert Channels Inside DNS Lucas Nussbaum , Pierre Neyron and Olivier Richard Laboratoire dInformatique de Grenoble / INRIA Lucas Nussbaum, Pierre Neyron and Olivier Richard On Robust Covert Channels Inside DNS 1 / 18 Introduction

784 views • 18 slides
Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core Fourth

Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core Fourth

Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core Fourth Workshop on Computer Architecture Research with RISC-V (CARRV 2020) May 29 th , 2020 Nils Wistoff Moritz Schneider Frank K. Grkaynak Luca Benini

750 views • 58 slides
Abusing the Windows WiFi native API to create a covert channel Andrs Blanco Ezequiel Gutesman

Abusing the Windows WiFi native API to create a covert channel Andrs Blanco Ezequiel Gutesman

Abusing the Windows WiFi native API to create a covert channel Andrs Blanco Ezequiel Gutesman 1 Outline Covert Channels Attack Vectors and Scenarios IEEE 802.11 Fundamentals Covert Channel Design Implementation

766 views • 38 slides
Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer Security Transient execution and kernel isolation: Meltdown Day 11: Side Channels and Transient Execution Stephen McCamant Transient execution and kernel

496 views • 4 slides
Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The

Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The

Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The Humble Keylogger Malware Malicious Hardware In-Cable Devices Malicious Keyboards Supply Chain Attacks Malicious BIOS

591 views • 14 slides
A covert channel A covert channel hiding data in in packet headers packet headers hiding data

A covert channel A covert channel hiding data in in packet headers packet headers hiding data

A covert channel A covert channel hiding data in in packet headers packet headers hiding data Craig Rowland s covert_tcp proof s covert_tcp proof- -of of- -concept program concept program Craig Rowland David Morgan Covert

251 views • 6 slides
Hash-Based Indexes UMass Amherst March 6, 2008 Slides Courtesy of R. Ramakrishnan and J. Gehrke

Hash-Based Indexes UMass Amherst March 6, 2008 Slides Courtesy of R. Ramakrishnan and J. Gehrke

Hash-Based Indexes UMass Amherst March 6, 2008 Slides Courtesy of R. Ramakrishnan and J. Gehrke 1 Introduction As for any index, 3 alternatives for data entries k* : Data record with key value k &lt; k , rid of data record with

649 views • 34 slides
Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo

Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo

Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo Barradas PhD Stage: Planner Advisors: Prof. Lus Rodrigues &amp; Prof. Nuno Santos Research Area: Privacy-Enhancing Technologies Diogo Barradas - EuroSys

395 views • 15 slides
Anomaly Detection through DNS Correlations Michael H. Warfield Senior Security Researcher and

Anomaly Detection through DNS Correlations Michael H. Warfield Senior Security Researcher and

Anomaly Detection through DNS Correlations Michael H. Warfield Senior Security Researcher and Threat Analyst IBM Security Services X-Force Why DNS? This is still a work in progress but... Why look at the DNS? It's just THERE.

496 views • 21 slides
Securing distributed systems with information flow control Nickolai Zeldovich Silas

Securing distributed systems with information flow control Nickolai Zeldovich Silas

Securing distributed systems with information flow control Nickolai Zeldovich Silas Boyd-Wickizer David Mazires Traditional web applications: lots of trusted (yellow) code HTTP User's Application User's browser front Database User's

1.16k views • 66 slides
Cloud security CS642: Computer Security Professor Ristenpart

Cloud security CS642: Computer Security Professor Ristenpart

Cloud security CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

567 views • 43 slides

More recommend