DOI: 10.17586/2226-1494-2018-18-5-834-842


P. M. Shipulin, V. V. Kozin, A. N. Shniperov

Read the full article  ';
Article in Russian

For citation:
Shipulin P.M., Kozin V.V., Shniperov A.N. Covert channel technique based on streaming protocol. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2018, vol. 18, no. 5, pp. 834–842 (in Russian). doi: 10.17586/2226-1494-2018-18-5-834-842

The paper presents analysis of modern network covert channels. The authors set forward a hypothesis of effective streaming protocol usage for covert channel creating. Covert channel technique for open networks is proposed. RTP-based covert channel functional model is described. Estimated characteristics of software prototype are reported. The results of stegano system software prototype operational testing in laboratory conditions and the Internet are described.  Software prototype demonstrated high covertness with allowable capacity for many tasks. At the same time transfer characteristics decrease with the complication of network topology. Obtained research results have two application domains of prime importance. On the one hand, illegal covert channel detection methods can be used by DLP-systems developers, law-enforcement agencies and defense establishments. On the other hand, the proposed method for covert information transmission can be used in telemetered covert channel creation, for example, satellite communication.

Keywords: steganography, stegano system, covert channel, covert information transmission, network steganography, streaming transfer protocol

  1. Gutierrez-Cardenas J.M. Steganography and data loss prevention: an overlooked risk? International Journal of Security and Its Applications, 2017, vol. 11, no. 4, pp. 71–84. doi: 10.14257/ijsia.2017.11.4.06
  2. Karas M., Mazurczyk W., Szczypiorski K. SkyDe: a Skype-based steganographic method. International Journal of Computers, Communications & Control, 2014, vol. 8, no. 3, pp. 432–443. doi: 10.15837/ijccc.2013.3.469
  3. Janicki A., Karas M., Mazurczyk W., Szczypiorski K. YouSkyde: information hiding for Skype video traffic. Multimedia Tools and Applications, 2016, vol. 75, no. 21, pp. 13521–13540. doi: 10.1007/s11042-015-2740-0
  4. Mazurczyk W., Wendzel S., Zander S., Houmansadr A., Szczypiorski K. Information Hiding in Communication Networks: Fundamentals, Mechanisms, Applications, and Countermeasures. Wiley, 2016, 296 p.
  5. Dyatlov A., Castro S. Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the http protocol. Technical Report. Gray World, 2003, 8 p.
  6. Rowland C.H. Covert channels in the TCP/IP protocol suite. First Monday, 1997, vol. 2, no. 5, 15 p. doi: 10.5210/fm.v2i5.528
  7. Lewis S., Murdoch S.J. Embedding covert channels into TCP/IP. Lecture Notes in Computer Science, 2005, vol. 3727, pp. 247–261. doi: 10.1007/11558859_19
  8. Berk V., Cybenko G., Giani A. Detection of covert channel encoding in network packet delays. Technical Report TR 2005-536. Dartmouth College, 2005, 11 p.
  9. Gianvecchio S., Wang H., Wijesekera D., Jajodia S. Model-based covert timing channels: automated modeling and evasion. Lecture Notes in Computer Science, 2008, vol. 5230, pp. 211–230. doi: 10.1007/978-3-540-87403-4_12
  10. Wendzel S., Mazurczyk W., Caviglione L., Meier M. Hidden and uncontrolled – on the emergence of network steganographic threats. Proc. ISSE 2014 Securing Electronic Business Processes, 2014, pp. 123–133.doi: 10.1007/978-3-658-06708-3_9
  11. Fridrich J. Applications of data hiding in digital images. Proc. 5th Int. Symposium on Signal Processing and its Applications. Brisbane, Australia,1999, vol. 1, 9 p. doi: 10.1109/isspa.1999.818099
  12. Casner S., Frederick R., Jacobson V., Schulzrinne H. RFC 3550. RTP: A Transport Protocol for Real-Time Applications. Network Working Group, 2003, 25 p.
  13. Servetto S.D., Vetterli M. Communication using phantoms: covert channels in the Internet. Proc. IEEE Int. Symposium on Information Theory. Washington, 2001. doi: 10.1109/isit.2001.936092
  14. Cabuk S., Brodley C., Shields C. IP covert timing channels: design and detection. Proc. 11th ACM Conference on Computer and Communications Security. New York, 2004, pp. 178–187. doi: 10.1145/1030083.1030108
  15. Houmansadr A., Borisov N. CoCo: coding-based covert timing channels for network flows. Lecture Notes in Computer Science, 2011, vol. 6958, pp. 314–328. doi: 10.1007/978-3-642-24178-9_22
  16. Panneton F., L’Ecuyer P. On the Xorshift random number generators. ACM Transactions on Modeling and Computer Simulati, 2005, vol. 15, no. 4, pp. 346–361. doi: 10.1145/1113316.1113319

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License
Copyright 2001-2020 ©
Scientific and Technical Journal
of Information Technologies, Mechanics and Optics.
All rights reserved.