Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Open Computer Science

Editor-in-Chief: van den Broek, Egon

1 Issue per year

Covered by:
Emerging Sources Citation Index (Web of Science)

ICV 2017: 98.90

Open Access
See all formats and pricing
More options …

Covert channels in TCP/IP protocol stack - extended version-

Aleksandra Mileva / Boris Panajotov
Published Online: 2014-06-28 | DOI: https://doi.org/10.2478/s13537-014-0205-6


We give a survey of different techniques for hiding data in several protocols from the TCP/IP protocol stack. Techniques are organized according to affected layer and protocol. For most of the covert channels its data bandwidth is given.

Keywords: network steganography; data hiding; Internet layer; transport layer; application layer

  • [1] B. Lampson, A Note on the Confinement Problem, Communications of the ACM 16(10), 613–615, 1973 http://dx.doi.org/10.1145/362375.362389CrossrefGoogle Scholar

  • [2] Department of Defence, Department of defence trusted computer system evaluation criteria, Technical Report DOD 5200.28-ST., Supersedes CSC-STD-001-83, December 1985 Google Scholar

  • [3] J. Gray, Countermeasures and tradeoffs for a class of covert timing channels, 1994, Available at: http://repository.ust.hk/dspace/bitstream/1783.1/25/1/tr94-18.pdf Google Scholar

  • [4] P. R. Gallagher, A Guide to Understanding Covert Channel Analysis of Trusted Systems (National Computer Security Center, USA, 1993) Google Scholar

  • [5] G. J. Simmons, In: D. Chaum (ed.), The prisoners problem and the subliminal channel, Crypto’ 83, Advances in Cryptography (Springer, US, 1984) pp. 51–67 Google Scholar

  • [6] W. Mazurczyk, K. Szczypiorski, In: Z. Tari (ed.), Steganography of VoIP Streams On the Move to Meaningful Internet Systems (OTM 2008), Monterrey, Mexico, November 9–14, 2008, LNCS vol. 5332, 1001–1018 Google Scholar

  • [7] M. Wolf, In: T. A. Berson, Covert channels in LAN protocols, Beth, T. (Eds.) proceedings of: Workshop on Local Area Network Security (LANSEC 89), Karlsruhe, FRG, April 3–6, 1989, LNCS vol. 396, 91–102 Google Scholar

  • [8] T. Handel, M. Sandford, In Anderson R. (ed.), Hiding data in the OSI network model, Information Hiding, Cambridge, U.K., May 30–June 1, 1996, LNCS vol. 1174, 23–38 Google Scholar

  • [9] S. J. Murdoch, S. Lewis, In M. Barni, J. Herrera Joancomartí, S. Katzenbeisser, F. Pérez-González (Eds.), Embedding Covert Channels into TCP/IP, proceedings of: 7th Information Hiding Workshop, Barcelona, Spain, June 6–8, 2005, LNCS vol. 3727, 247–261 Google Scholar

  • [10] C. H. Rowland, Covert channels in the TCP/IP protocol suite, DoIS Documents in Information Science, May 1997 Google Scholar

  • [11] D. V. Forte, SecSyslog: An Approach to Secure Logging Based on Covert Channels, In proceedings of: First International Workshop of Systematic Approaches to Digital Forensic Engineering (SADFE 2005), Taipei, Taiwan, November 7–10, 2005, 248–263 Google Scholar

  • [12] R. deGraaf, J. Aycock, M. Jacobson Jr., Improved Port Knocking with Strong Authentication, In proceedings of: the 21st Annual Computer Security Applications Conference (ACSAC 2005), Tucson, AZ, December 5–9, 2005 Google Scholar

  • [13] N. Feamster, M. Balazinska, G. Harfst, H. Balakrishnan, D. Karger, Infranet: Circumventing Web Censorship and Surveillance, In proceedings of: the 11th USENIX Security Symposium, San Francisco, CA, August 8–12, 2002, 247–262 Google Scholar

  • [14] S. Burnett, N. Feamster, S. Vempala, Chipping Away at Censorship Firewalls with User-Generated Content, In proceedings of: the 19th USENIX conference on Security (USENIX Security’10), Washington, DC, August 11–13, 2010 Google Scholar

  • [15] A. Houmansadr, T. Riedl, N. Borisov, E. Singer, I want my voice to be heard: IP over Voice-over-IP for unobservable censorship circumvention, In proceedings of: the 20th NDSS Symposium 2013, San Diego, USA, February 24–27, 2013 Google Scholar

  • [16] W. Mazurczyk, Z. Kotulski, In: J. Górski (ed.), New VoIP Traffic Security Scheme with Digital Watermarking, proceedings of: SafeComp 2006, Gdansk, Poland, September 26–29, 2006, LNCS vol. 4166, 170–181 Google Scholar

  • [17] W. Mazurczyk, Z. Kotulski, New Security and Control Protocol for VoIP Based on Steganography and Digital Watermarking, Ann. UMCS Inform. 5, 417–426, 2006 Google Scholar

  • [18] A. Houmansadr, N. Kiyavash, N. Borisov, RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows, In proceedings of: the 16th NDSS Symposium 2009, San Diego, USA, February 8–11, 2009 Google Scholar

  • [19] A. Houmansadr, N. Borisov, SWIRL: A scalable watermark to detect correlated network flows, In proceedings of: the 18th NDSS Symposium 2009, San Diego, USA, February 6–9, 2011 Google Scholar

  • [20] X. Wang, S. Chen, S. Jajodia, Tracking anonymous peer-to-peer voip calls on the internet, in proceedings of: the 2005 ACM Conference on Computer and Communications Security, November 2005 Google Scholar

  • [21] X. Wang, D. S. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of inter packet delays, in proceedings of: the 2003 ACM Conference on Computer and Communications Security, October 2003 Google Scholar

  • [22] E. Jones, O. Le Moigne, J.-M. Robert, IP Traceback Solutions Based on Time to Live Covert Channel, In proceedings of: 12th IEEE International Conference on Networks (ICON 2004), November 16–19, 2004, 451–457 Google Scholar

  • [23] W. Mazurczyk, M. Karas, K. Szczypiorski, SkyDe: a Skype-based Steganographic Method, Int. J. Comput. Commun. Control 8(3), 389–400, 2013 Google Scholar

  • [24] P. Kopiczko, W. Mazurczyk, K. Szczypiorski, StegTorrent: a steganographic method for P2P files sharing service, in proceedings of: IEEE Symposium on Security and Privacy Workshops 2013, San Francisco, CA, May 23–24, 2013, 151–157 Google Scholar

  • [25] P. Bialczak, W. Mazurczyk, K. Szczypiorski, Sending Hidden Data via Google Suggest, arXiv:1107.4062 Google Scholar

  • [26] X. Luo, E. Chan, R. Chang, Crafting Web Counters into Covert Channels, in proceedings of: IFIP 2007, Sandton, South Africa, 2007, 337–348 Google Scholar

  • [27] E. Zielinska, W. Mazurczyk, K. Szczypiorski, Development Trends in Steganography, Commun. ACM 57(2), 2014 (in press) Google Scholar

  • [28] S. Zander, G. Armitage, P. Branch, A survey of covert channels and countermeasures in computer network protocols, IEEE Communications Surveys and Tutorials 9(3), 44–57, 2007 http://dx.doi.org/10.1109/COMST.2007.4317620CrossrefGoogle Scholar

  • [29] P. Peng, P. Ning, D. Reeves, On the secrecy of timing-based active watermarking trace-back techniques, in proceedings of: the 2006 IEEE Symposium on Security and Privacy, Oakland, USA, May 2006 Google Scholar

  • [30] D. Llamas, C. Allison, A. Miller, Covert Channels in Internet Protocols: A Survey, In proceedings of: the 6th Annual Postgraduate Symposium about the Convergence of Telecommunications, Networking and Broadcasting (PGNET), Liverpool, UK, June 27–28, 2005 Google Scholar

  • [31] M. Smeets, M. Koot, Covert Channels, Research Report (University of Amsterdam, Amsterdam, 2006) Google Scholar

  • [32] P. Allix, Covert channels analysis in TCP/IP networks, IFIPS School of Engineering, University of Paris-Sud XI, Orsay, France, 2007 Google Scholar

  • [33] J. C. Smith, Covert Shells, SANS GIAC Reading Room, 2000 Google Scholar

  • [34] M. C. Perkins, Hiding out in Plaintext: Covert Messaging with Bitwise Summations, Master thesis (Iowa State University, 2005) Google Scholar

  • [35] B. Jankowski, W. Mazurczyk, K. Szczypiorski, PadSteg: Introducing Inter-Protocol Steganography, Telecomm. Syst. 52(2), 1101–1111, 2013 Google Scholar

  • [36] P. Dong, H. Qian, Z. Lu, S. Lan, A Network Covert Channel Based on Packet Classification, Int. J. Network Security 14(2), 109–116, 2012 Google Scholar

  • [37] K. Ahsan, D. Kundur, Practical data hiding in TCP/IP, In proceedings of: Multimedia and Security Workshop at ACM Multimedia 2002, Juan-les-Pins, France, December 1–6, 2002 Google Scholar

  • [38] K. Ahsan, Covert channel analysis and data hiding in TCP/IP, Master thesis (University of Toronto, 2002) Google Scholar

  • [39] E. Cauich, R. Gómez, R. Watanabe, In: F. F. Ramos, V. L. Rosillo, H. Unger (Eds.), Data Hiding in Identification and Offset IP Fields, Proceedings of 5th International School and Symposium of Advanced Distributed Systems (ISSADS) 2005, LNCS vol. 3563, (Springer, Berlin, Heidelberg, 2005) pp. 118–125 Google Scholar

  • [40] W. Mazurczyk, K. Szczypiorski, Steganography in handling oversized IP packets, In proceedings of: First International Workshop on Network Steganography (IWNS 2009), Wuhan, China, November 18–20, 2009 Google Scholar

  • [41] H. Qu, P. Su, D. Feng, A Typical Noisy Covert Channel in the IP Protocol, In proceedings of: the 38th Annual International Carnahan Conference of Security Technology, October 11–14, 2004, 189–192 Google Scholar

  • [42] S. Zander, G. Armitage, P. Branch, Covert Channels in the IP Time To Live Field, In proceedings of: the Australian Telecommunication Networks and Applications Conference (ATNAC), Melbourne, December 4–6, 2006 Google Scholar

  • [43] vecna, B0CK, Butchered From Inside, 2000, 7(2) Google Scholar

  • [44] C. Abad, IP checksum covert channels and selected hash collision, Technical report (University of California, 2001) Google Scholar

  • [45] Z. Trabelsi, H. El-Sayed, L. Frikha, T. Rabie, Traceroute Based IP Channel for Sending Hidden Short Messages, In proceedings of: First International Workshop on Security Advances in Information and Computer Security (IWSEC 2006), Kyoto, Japan, October 23–24, 2006, LNCS vol. 4266, 421–436 Google Scholar

  • [46] Z. Trabelsi, H. El-Sayed, L. Frikha, T. Rabie, A novel covert channel based on the IP header record route option, Int. J. Adv. Media Commun 1(4), 328–350, 2007 http://dx.doi.org/10.1504/IJAMC.2007.014811CrossrefGoogle Scholar

  • [47] W. Mazurczyk, K. Szczypiorski, Evaluation of steganographic methods for oversized IP packets, Telecommun. Syst. 49, 207–217, 2012 http://dx.doi.org/10.1007/s11235-010-9362-7CrossrefGoogle Scholar

  • [48] S. D. Servetto, M. Vetterli, Communication using phantoms: covert channels in the Internet. In proceedings of: IEEE International Symposium on Information Theory (ISIT), Washington, DC, June 24–29, 2001 Google Scholar

  • [49] A. El-Atawy, E. Al-Shaer, Building Covert Channels over the Packet Reordering Phenomenon, in proceedings of: IEEE INFOCOM 2009, 2186–2194 Google Scholar

  • [50] A. Galatenko, A. Grusho, A. Kniazev, E. Timonina, Statistical Covert Channels Through PROXY Server, In proceedings of: Third International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, St. Petersburg, Russia, 2005, LNCS vol. 3685, 424–429 Google Scholar

  • [51] M. A. Padlipsky, D. W. Snow, P. A. Karger, Limitations of End-to-End Encryption in Secure Computer Networks, Technical Report ESD-TR-78-158, Mitre Corporation, August 1978 Google Scholar

  • [52] S. Cabuk, C. E. Brodley, C. Shields, IP covert timing channels: Design and detection, In Proceedings of: the 11th ACM Conference on Computer and Communications Security, Washington DC, USA, 2004, ACM Press, 178–187 Google Scholar

  • [53] V. Berk, A. Giani, G. Cybenko, Detection of Covert Channel Encoding in Network Packet Delays, Technical Report TR2005-536, Department of Computer Science, Dartmouth College, 2005 Google Scholar

  • [54] G. Shah, A. Molina, M. Blaze, Keyboards and Covert Channels, In proceedings of: 15th USENIX Security Symposium, Vancouver, Canada, August 2006, 59–75 Google Scholar

  • [55] S. Cabuk, Network covert channels: design, analysis, detection and elimination, PhD thesis (Purdue University, 2006) Google Scholar

  • [56] S. Gianvecchio, H. Wang, D. Wijesekera, S. Jajodia, Model-based covert timing channels: Automated modeling and evasion, in: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008, LNCS, vol. 5230 (Springer, 2008) pp. 211–230 Google Scholar

  • [57] S. H. Sellke, C.-C. Wang, S. Bagchi, N. Shroff, TCP/IP Timing Channels: Theory to Implementation, In proceedings of: the 28th Conference on Computer Communications (IEEE INFOCOM), Rio de Janeiro, Brazil, April 19–25, 2009 Google Scholar

  • [58] V. Paxson, S. Floyd, Wide-area traffic: the failure of Poisson modeling, IEEE/ACM T. Network. 3(3), 226–244, 1995 http://dx.doi.org/10.1109/90.392383CrossrefGoogle Scholar

  • [59] S. Zander, G. Armitage, P. Branch, Stealthier Inter-packet Timing Covert Channels, in proceedings of: 10th International IFIP TC 6 Networking Conference, Valencia, Spain, May 9–13, 2011, LNCS vol. 6640, 458–470 Google Scholar

  • [60] Z. Trabelsi, I. Jawhar, Covert File Transfer Protocol Based on the IP Record Route Option, J. Inform. Assurance Security 5, 64–73, 2010 Google Scholar

  • [61] S. Gianvecchio, H. Wang, An Entropy-Based Approach to Detecting Covert Timing Channels, IEEE T. Dependable and Secure Computing 8(6), 785–797, 2011 http://dx.doi.org/10.1109/TDSC.2010.46CrossrefGoogle Scholar

  • [62] T. Graf, Messaging over IPv6 Destination Options, Swiss Unix User Group, 2003 Google Scholar

  • [63] N. B. Lucena, G. Lewandowski, S. J. Chapin, In: G. Danezis, D. Martin (Eds.), Covert Channels in IPv6, Proceedings of: the 5th International Workshop Privacy Enhancing Technologies (PET 2005), Dubrovnik, May 30–June 1, 2005, 147–166 Google Scholar

  • [64] daemon9, AKA, and route, Project Loki, Phrack Magazine 49, 6, 1996 Google Scholar

  • [65] daemon9, Loki2 (the implementation), Phrack Magazine 51, 6, 1997 Google Scholar

  • [66] A. Singh, C. Lu, O. Nordstrom, A. L. M. dos Santos, In: Y. Mu, W. Susilo, J. Seberry (Eds.), Malicious ICMP Tunneling: Defense against the Vulnerability, proceedings of: the 8th Australasian Conference on Information Security and Privacy (ACISP), Wollongong, Australia, July 9–11, 2003, LNCS vol. 5107 (Springer, 2003) pp. 226–236 Google Scholar

  • [67] M. Muench, ICMP-Chat, 2003, Available at http://icmpchat.sourceforge.net/ Google Scholar

  • [68] L. Zelenchuk, Skeeve — ICMP Bounce Tunnel, 2004, available at: http://www.gray-world.net/poc_skeeve.shtml Google Scholar

  • [69] G. Thomer, IP-over-ICMP using ICMPTX, 2005, available at: http://thomer.com/icmptx/ Google Scholar

  • [70] D. Stødle, Ping Tunnel, 2011, Available at: http://www.cs.uit.no/~daniels/PingTunnel/ Google Scholar

  • [71] R. Murphy, V00d00n3t — Ipv6 / ICMPv6 Covert Channel, DefCon, Las Vegas, 2006 Google Scholar

  • [72] K. Stokes, B. Yuan, D. Johnson, P. Lutz, In: K. Elleithy, T. Sobh, M. Iskander, V. Kapila, M. A. Karim, A. Mahmood (Eds.), ICMP covert channel resiliency, Technological Developments in Networking, Education and Automation, 2010, 503–506 Google Scholar

  • [73] B. Ray, S. Mishra, In: L. Korba, S. Marsh, R. Safavi-Naini (Eds.), A Protocol for Building Secure and Reliable Covert Channel, proceedings of: the Sixth Annual Conference on Privacy, Security and Trust (PST 2008), Fredericton, New Brunswick, Canada, October 1–3, 2008, 246–253 Google Scholar

  • [74] C. Scott, Network Covert Channels: Review of Current State and Analysis of Viability of the use of X.509 Certificates for Covert Communications, Technical Report RHUL-MA-2008-11, Department of Mathematics, Roal Holloway, University of London, 2008 Google Scholar

  • [75] R. Rios, J. A. Onieva, J. Lopez, HIDE_DHCP: Covert Communications Through Network Configuration Messages, In proceedings of: 27th IFIP TC 11 Information Security and Privacy Conference, Heraklion, Crete, Greece, June 4–6, 2012, IFIP Adv. Inform. Commun. Technol. 376, 162–173, 2012 Google Scholar

  • [76] J. Giffin, R. Greenstadt, P. Litwack, R. Tibbetts, In: R. Dingledine, P. Syverson (Eds.), Covert Messaging Through TCP Timestamps, Proceedings of the 2nd international conference on Privacy enhancing technologies (PET 2002), San Francisco, CA, April 14–15, 2002, 194–208 Google Scholar

  • [77] L. Ji, Y. Fan, C. Ma, Covert channel for local area network, In proceedings of: IEEE International Conference of Wireless Communications, Networking and Information Security (WCNIS 2010), 2010, 316–319 Google Scholar

  • [78] J. Rutkowska, The Implementation of Passive Covert Channels in the Linux Kernel, Chaos Communication Congress, 2004 Google Scholar

  • [79] A. Hintz, Covert Channels in TCP and IP Headers, DefCon 10, Las Vegas, Nevada, August 2–4, 2003 Google Scholar

  • [80] E. Tumoian, M. Anikeev, Detecting NUSHU Covert Channels Using Neural Networks, Technical report (Taganrog State University of Radio Engineering, 2005) Google Scholar

  • [81] R. Chakinala, A. Kumarasubramanian, R. Manokaran, G. Noubir, C. Pandu Rangan, R. Sundaram, Steganographic communication in ordered channels, In proceedings of: the 8th International Conference on Information Hiding Workshop, Alexandria, VA, USA, July 10–12, 2006 (Springer-Verlag Berlin, Heidelberg, 2006) pp. 42–57 Google Scholar

  • [82] X. Luo, E. Chan, R. Chang, Cloak: A ten-fold way for reliable covert communications, in proceedings of: ESORICS 2007, Dresden, Germany, September 24–26, 2007, LNCS vol. 4734, 283–298 Google Scholar

  • [83] X. Luo, E. Chan, R. Chang, TCP Covert Timing Channels: Design and Detection, In proceedings of: IEEE International Conference on Dependable Systems and Networks With FTCS and DCC, Anchorage, Alaska, June 24–27, 2008, 420–429 Google Scholar

  • [84] X. Luo, E. Chan, R. Chang, CLACK: A network covert channel based on partial acknowledgement encoding, In proceedings of: IEEE International Conference on Communications, Dresden, Germany, June 14–18, 2009, 1–5 Google Scholar

  • [85] X. Luo, P. Zhou, E. Chan, R. Chang, W. Lee, A Combinatorial Approach to Network Covert Communications with Applications in Web Leaks, In proceedings of: IEEE/IFIP 41st International Conference on Dependable Systems and Networks (DSN 2011), Hong Kong, June 27–30, 2011, 474–485 Google Scholar

  • [86] G. Fisk, M. Fisk, C. Papadopoulos, J. Neil, In: F. A. P. Petitcolas (Ed.), Eliminating steganography in Internet traffic with active wardens, 5th International Workshop on Information Hiding (IH), 2002, LNCS vol. 2578, 18–35 Google Scholar

  • [87] J. S. Thyer, Covert Data Storage Channel Using IP Packet Headers (SANS Institute, 2008) Google Scholar

  • [88] W. Mazurczyk, M. Smolarczyk, K. Szczypiorski, Retransmission Steganography Applied, In proceedings of: 2010 International Conference on Multimedia Information Networking and Security (MINES), Nanjing, China, November 4–6, 2010, 846–850 Google Scholar

  • [89] W. Mazurczyk, M. Smolarczyk, K. Szczypiorski, On Information Hiding in Retransmissions, Telecommun. Syst. Modelling, Analysis, Design and Management 52(2), 1113–1121, 2013 Google Scholar

  • [90] K. Anjan, J. Abraham, Behavioral Analysis of Transport Layer Based Hybrid Covert Channel, In proceedings of: Third International Conference of Recent Trends in Network Security nd Applications (CNSA 2010), Chennai, India, July 23-25, 2010 (Springer Berlin Heidelberg, 2010) pp. 83–92 Google Scholar

  • [91] K. Anjan, J. Abraham, M. Jadhav, Design of Transport Layer Based Hybrid Covert Channel Detection Engine, arXiv:1101.0104 Google Scholar

  • [92] vanHauser, Placing Backdoors through Firewalls, The Hacker’s Choice, 1999 Google Scholar

  • [93] P. Pack, W. Streilein, S. Webster, R. Cunningham, Detecting http Tunneling Activities, in proceedings of: 3rd Annual Information Assurance Wksp., West Point, NY, USA, June 17–19, 2002 Google Scholar

  • [94] K. Borders, A. Prakash, Web Tap: Detecting Covert Web Traffic, in proceedings of: 11th ACM Conf. Computer and Communications Security (CCS), 110–120, October 2004 Google Scholar

  • [95] P. Padgett, Corkscrew, 2011, Available at http://www.agroman.net/corkscrew/ Google Scholar

  • [96] L. Bowyer, Firewall Bypass via protocol Steganography, Network Penetration, 2002 Google Scholar

  • [97] A. Dyatlov, S. Castro, Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the http protocol, Gray-world, USA, June, 2003 Google Scholar

  • [98] M. Bauer, New Covert Channels in http: Adding Unwitting Web Browsers to Anonymity Sets. In Proceedings of Workshop on Privacy Electronic Society (WPES 2003), Washington, DC, USA, October 30, 2003, 72–78 Google Scholar

  • [99] H. -G. Eßer, F. C. Freiling, Kapazitätsmessung eines verdeckten Zeitkanals über http, Technical Report TR-2005-10 (Universität Mannheim, 2005) Google Scholar

  • [100] P. LeBoutillier, 2005, HTTunnel, Available at: http://sourceforge.net/projects/httunnel/ Google Scholar

  • [101] Z. Kwecka, Application Layer Covert Channel Analysis and Detection, Technical Report (Napier University Edinburgh, 2006) Google Scholar

  • [102] M. Van Horenbeeck, Deception on the network: thinking differently about covert channels, In proceedings of; Australian Information Warfare and Security Conference, Perth, Western Australia, December 4–5, 2006, 174–184 Google Scholar

  • [103] S. Castro, Gray World Team: Cooking Channels, hakin9 Magazine, May 2006, 50–57 Google Scholar

  • [104] R. Duncan, J. E. Martina, Steganographic Message Broadcasting using Web Protocols, In proceedings of: Simposio Brasilerio de Seguranca (SBSeg 2010), Fortaleza, Brasil, 2010 Google Scholar

  • [105] Z. Kwecka, Application Layer Covert Channel Analysis and Detection, Technical Report (Napier University Edinburgh, 2006) Google Scholar

  • [106] J. Blascoa, J. C. Hernandez-Castrob, J. M. de Fuentes, B. Ramosa, A framework for avoiding steganography usage over http, J. Network Computer Appl. 35(1), 491–501, 2012 http://dx.doi.org/10.1016/j.jnca.2011.10.003CrossrefGoogle Scholar

  • [107] D. Alman, http Tunnels Though Proxies (SANS Institute, 2003) Google Scholar

  • [108] X. Zou, Q. Li, S.-H. Sun, X. Niu, In: R. Khosla, R. J. Howlett, L. C. Jain (Eds.), The Research on Information Hiding Based on Command Sequence of FTP Protocol, proceedings of: the 9th International Conference on Knowledge-Based Intelligent Information and Engineering Systems (KES 2005), Melbourne, Australia, September 14–16, 2005, LNCS vol. 3683, 1079–1085 Google Scholar

  • [109] savannah.nongnu.org, NSTX, 2002, Available at http://savannah.nongnu.org/projects/nstx/ Google Scholar

  • [110] L. Nussbaum, P. Neyron, O. Richard, On Robust Covert Channels Inside DNS, In proceedings of: 24th IFIP TC 11 International Information Security Conference (SEC 2009), Pafos, Cyprus, May 182-20, 2009, 51–62 Google Scholar

  • [111] T. Pietraszek, 2004, DNSCat, Available at: http://tadek.pietraszek.org/projects/DNScat/ Google Scholar

  • [112] D. Kaminsky, OzymanDNS, 2004, Available at: http://dankaminsky.com/2004/07/29/51/ Google Scholar

  • [113] Anonymous, DNS Covert Channels and Bouncing Techniques, 2005, Available at: http://seclists.org/fulldisclosure/2005/Jul/att-452/p63_dns_worm_covert_channel.txt Google Scholar

  • [114] O. Dembour, C. Collignon, DNS2TCP, 2008, Available at: http://hsc.fr/ressources/outils/dns2tcp/ Google Scholar

  • [115] Kryo, iodine, 2010, Available at: http://code.kryo.se/iodine/ Google Scholar

  • [116] L. Y. Bai, Y. Huang, G. Hou, B. Xiao, In: J. -S. Pan, X. Niu, H.-C. Huang, L. C. Jain (Eds.), Covert Channels Based on Jitter Field of the RTCP Header, Proceedings of the Fourth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IEEE Computer Society, 2008, 1388–1391 Google Scholar

  • [117] Y. Lizhi, H. Yongfeng, Y. Jian, L. Y. Bai, A Novel Covert Timing Channel Based on RTP/RTCP, Chinese J. Electron. 21(4), 711–714, 2012 Google Scholar

  • [118] W. Mazurczyk, Lost Audio Packets Steganography: The First Practical Evaluation, Journal of Security and Communication Networks 5(12), 1394–1403, 2012 http://dx.doi.org/10.1002/sec.502CrossrefGoogle Scholar

  • [119] W. Mazurczyk, K. Szczypiorski, Covert Channels in SIP for VoIP Signalling, Communications in Computer and Information Science 12, 65–72, 2008 http://dx.doi.org/10.1007/978-3-540-69403-8_9CrossrefGoogle Scholar

  • [120] N. Lucena, J. Pease, P. Yadollahpour, S. J. Chapin, Syntax and Semantics-Preserving Application-Layer Protocol Steganography, In proceedings of: 6th Information Hiding Workshop, Toronto, Canada, May 23–25, 2004, LNCS vol. 3200, 164–179 Google Scholar

  • [121] R. A. Kemmerer, Shared Resource Matrix Methodology: an Approach to Identifying Storage and Timing Channels, ACM T. Comput. Syst. (TOCS) 1(3), 256–277, 1983 http://dx.doi.org/10.1145/357369.357374CrossrefGoogle Scholar

  • [122] R. A. Kemmerer, A Practical Approach to Identifying Storage and Timing Channels: Twenty Years Later, in proceedings of: Annual Computer Security Applications Conference (ACSAC), Dec. 2002, 109–118 Google Scholar

  • [123] A. L. Donaldson, J. McHugh, K. A. Nyberg, Covert Channels in Trusted LANs, in proceedings of: 11th NBS/NCSC National Computer Security Conference, October 1988, 226–232 Google Scholar

  • [124] R. A. Kemmerer, P. Porras, Covert Flow Trees: A Visual Approach to Analysing Covert Storage Channels, IEEE Trans. Software Eng. SE-17(11), 1166–1185, 1991 http://dx.doi.org/10.1109/32.106972CrossrefGoogle Scholar

  • [125] A. Giani, V. Berk, G. Cybenko, Covert channel detection using process query systems, in proceedings of: FLoCon 2005 Google Scholar

  • [126] G. R. Malan, D. Watson, F. Jahanian, P. Howell, Transport and application protocol scrubbing, in proceedings of: the IEEE INFOCOM 2002 Conference, 1381–1390, Tel-Aviv, Israel, 2000 Google Scholar

  • [127] S. Gianvecchio, H. Wang, Detecting Covert Timing Channels: An Entropy-Based Approach, in proceedings of: ACM CCS 2007, Alexandria, USA, October 28–31, 2007 Google Scholar

  • [128] T. Sohn, J. Seo, J. Moon, In; P. Perner, S. Qing, D. Gollmann, J. Zhou (eds.), A study on the covert channel detection of TCP/IP header using support vector machine, Information and Communications Security, LNCS vol. 2836, 313–324 (Springer-Verlag, 2003) http://dx.doi.org/10.1007/978-3-540-39927-8_29CrossrefGoogle Scholar

  • [129] M. Handley, V. Paxson, Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In proceedings of: the 10th USENIX Security Symposium, Washington, DC, August 13–17, 2001 Google Scholar

  • [130] A. B. Jeng, M. D. Abrams, On Network Covert Channel Analysis, in proceedings of: 3rd Aerospace Computer Security Conference, Orlando, FL, USA, December 7–11, 1987 Google Scholar

  • [131] H. Wei-Ming, Reducing Timing Channels with Fuzzy Time, in proceedings of: IEEE Computer Society Symposium Research in Security and Privacy, Oakland, CA, USA, May, 1991, 8–20 Google Scholar

About the article

Published Online: 2014-06-28

Published in Print: 2014-06-01

Citation Information: Open Computer Science, Volume 4, Issue 2, Pages 45–66, ISSN (Online) 2299-1093, DOI: https://doi.org/10.2478/s13537-014-0205-6.

Export Citation

© 2014 Versita Warsaw. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License. BY-NC-ND 3.0

Citing Articles

Here you can find all Crossref-listed publications in which this article is cited. If you would like to receive automatic email messages as soon as this article is cited in other publications, simply activate the “Citation Alert” on the top of this page.

Pengcheng Cao, Weiwei Liu, Guangjie Liu, Xiaopeng Ji, Jiangtao Zhai, and Yuewei Dai
Security and Communication Networks, 2018, Volume 2018, Page 1

Comments (0)

Please log in or register to comment.
Log in