The implementation of IP ID Reference Model in Linux kernel

Author

Dakhane, Dhananjay M. ; Deshmukh, Prashant R.

Author_Institution

Comput. Sci. & Eng., Sipna Coll. of Eng. & Technol., Amravati, India

fYear

2015

fDate

8-10 Jan. 2015

Firstpage

1

Lastpage

4

Abstract

Covert channels are created using packet header manipulation, having some serious drawbacks of detectability. TCP/IP header follows strict seam tics, if it is manipulate by a single bit, semantics will not seem to be a normal distribution. Here we are proposed the IP-ID Reference Model as a new way covert communication. This model is implemented in Linux kernel 3.0, as a proof of concept. The idea of our proposed model is, sender is not actually embedding the covert message into IPV4 Identification (ID) field, instead of that it uses its reference to convey the covert message to the receiver. So this field is observed as a normal packet distribution and can be created by any Linux or BSD Kernel. In a proof of concept, we develop Linux Loadable Kernel Modules (LKM) and application layer utility for generating network traffic with existing Linux kernel. Our embedding algorithm is not modifying a single bit of IPV4 identification (ID) field, so the structure and non-uniformity of this field is maintain.

Keywords

Linux; normal distribution; operating system kernels; transport protocols; BSD kernel; IP-ID reference model; IPV4 ID field; IPV4 identification field; LKM; Linux kernel; Linux kernel 3.0; Linux loadable kernel modules; TCP-IP header; embedding algorithm; network traffic; normal packet distribution; packet header manipulation; Bandwidth; IP networks; Kernel; Linux; Protocols; Receivers; Security; Covert channel; IP- Identification; IPV4; Loadable Kernel Module; TCP/IP; covert communication;

fLanguage

English

Publisher

ieee

Conference_Titel

Pervasive Computing (ICPC), 2015 International Conference on

Conference_Location

Pune

Type

conf

DOI

10.1109/PERVASIVE.2015.7087156

Filename

7087156