Title :
Superimposing permutational covert channels onto reliable stream protocols
Author :
Levy, Jamie ; Paduch, Jaroslaw ; Khan, Bilal
Author_Institution :
Dept. of Math.&Comp. Sci., CUNY, New York, NY
Abstract :
In this paper, we present a implicit encoding technique that makes use of lower-layer packet reordering to superimpose covert messages onto a reliable data stream. In particular, since the TCP layer provides a reliable in-order data stream over the unreliable network layerpsilas IP datagram service, we can encode covert messages by artificially permuting IP packets before they leave the source and reading the permutation at the destination prior to delivering the payload to TCP. Applying such permutations will not adversely affect TCPpsilas ability to reconstitute the transport layer data stream, since TCP is designed to be robust against out of order network layer packet delivery. We describe the design and operation of PERMEATE, an open-source covert channel toolkit which implements such a permutational covert channel over TCP, and we provide a quantitative assessment of itpsilas efficacy and efficiency as a covert channel.
Keywords :
IP networks; telecommunication channels; telecommunication network reliability; telecommunication security; transport protocols; IP datagram service; PERMEATE; TCP layer; covert messages; implicit encoding technique; lower-layer packet reordering; open-source covert channel toolkit; reliable stream protocols; superimposing permutational covert channels; unreliable network layer; Decoding; Educational institutions; Open source software; Out of order; Payloads; Protocols; Robustness; TCPIP; Telecommunication traffic; Timing;
Conference_Titel :
Malicious and Unwanted Software, 2008. MALWARE 2008. 3rd International Conference on
Conference_Location :
Fairfax, VI
Print_ISBN :
978-1-4244-3288-2
Electronic_ISBN :
978-1-4244-3289-9
DOI :
10.1109/MALWARE.2008.4690857
