Title :
The implementation of IP ID Reference Model in Linux kernel
Author :
Dakhane, Dhananjay M. ; Deshmukh, Prashant R.
Author_Institution :
Comput. Sci. & Eng., Sipna Coll. of Eng. & Technol., Amravati, India
Abstract :
Covert channels are created using packet header manipulation, having some serious drawbacks of detectability. TCP/IP header follows strict seam tics, if it is manipulate by a single bit, semantics will not seem to be a normal distribution. Here we are proposed the IP-ID Reference Model as a new way covert communication. This model is implemented in Linux kernel 3.0, as a proof of concept. The idea of our proposed model is, sender is not actually embedding the covert message into IPV4 Identification (ID) field, instead of that it uses its reference to convey the covert message to the receiver. So this field is observed as a normal packet distribution and can be created by any Linux or BSD Kernel. In a proof of concept, we develop Linux Loadable Kernel Modules (LKM) and application layer utility for generating network traffic with existing Linux kernel. Our embedding algorithm is not modifying a single bit of IPV4 identification (ID) field, so the structure and non-uniformity of this field is maintain.
Keywords :
Linux; normal distribution; operating system kernels; transport protocols; BSD kernel; IP-ID reference model; IPV4 ID field; IPV4 identification field; LKM; Linux kernel; Linux kernel 3.0; Linux loadable kernel modules; TCP-IP header; embedding algorithm; network traffic; normal packet distribution; packet header manipulation; Bandwidth; IP networks; Kernel; Linux; Protocols; Receivers; Security; Covert channel; IP- Identification; IPV4; Loadable Kernel Module; TCP/IP; covert communication;
Conference_Titel :
Pervasive Computing (ICPC), 2015 International Conference on
Conference_Location :
Pune
DOI :
10.1109/PERVASIVE.2015.7087156
