Limiting MitM to MitE Covert-Channels

Author

Herzberg, Amir ; Shulman, Haya

Author_Institution

Comput. Sci. Dept., Bar Ilan Univ., Ramat Gan, Israel

fYear

2013

fDate

2-6 Sept. 2013

Firstpage

236

Lastpage

241

Abstract

We study covert channels between a MitM attacker, and her MitE ´malware´, running within the protected network of a victim organisation, and how to prevent or limit such channels. Our focus is on advanced timing channels, that allow communication between the MitM and MitE, even when hosts inside the protected network are restricted to only communicate to other (local and remote) hosts in the protected network. Furthermore, we assume communication is encrypted with fixed packet size (padding). We show that these do not suffice to prevent covert channels between MitM and MitE; furthermore, we show that even if we restrict communication to a constant rate, e.g., one packet everysecond, communication from MitE to MitM is still possible.We present efficient traffic shapers against covert channels between MitM and MitE. Our solutions preserve efficiency and bounded delay (QoS), while limiting covert traffic leakage, in both directions.

Keywords

invasive software; quality of service; telecommunication channels; telecommunication networks; telecommunication security; telecommunication traffic; MitE covert-channels; MitE malware; MitM attacker; MitM covert-channels; QoS; advanced timing channels; bounded delay; covert communication; covert traffic leakage; fixed packet size; network security; padding; preserve efficiency; protected network; traffic shapers; Bandwidth; Delays; Internet; Logic gates; Quality of service; Virtual private networks; Covert channels; covert communication; information leakage; erasure codes;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security (ARES), 2013 Eighth International Conference on

Conference_Location

Regensburg

Type

conf

DOI

10.1109/ARES.2013.138

Filename

6657246