Covert channels in TCP/IP protocol stack - extended version-

  • 1 Faculty of Computer Science, University Goce Delčev, Goce Delčev 89, 2000, Štip, The Republic of Macedonia

Abstract

We give a survey of different techniques for hiding data in several protocols from the TCP/IP protocol stack. Techniques are organized according to affected layer and protocol. For most of the covert channels its data bandwidth is given.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] B. Lampson, A Note on the Confinement Problem, Communications of the ACM 16(10), 613–615, 1973 http://dx.doi.org/10.1145/362375.362389

  • [2] Department of Defence, Department of defence trusted computer system evaluation criteria, Technical Report DOD 5200.28-ST., Supersedes CSC-STD-001-83, December 1985

  • [3] J. Gray, Countermeasures and tradeoffs for a class of covert timing channels, 1994, Available at: http://repository.ust.hk/dspace/bitstream/1783.1/25/1/tr94-18.pdf

  • [4] P. R. Gallagher, A Guide to Understanding Covert Channel Analysis of Trusted Systems (National Computer Security Center, USA, 1993)

  • [5] G. J. Simmons, In: D. Chaum (ed.), The prisoners problem and the subliminal channel, Crypto’ 83, Advances in Cryptography (Springer, US, 1984) pp. 51–67

  • [6] W. Mazurczyk, K. Szczypiorski, In: Z. Tari (ed.), Steganography of VoIP Streams On the Move to Meaningful Internet Systems (OTM 2008), Monterrey, Mexico, November 9–14, 2008, LNCS vol. 5332, 1001–1018

  • [7] M. Wolf, In: T. A. Berson, Covert channels in LAN protocols, Beth, T. (Eds.) proceedings of: Workshop on Local Area Network Security (LANSEC 89), Karlsruhe, FRG, April 3–6, 1989, LNCS vol. 396, 91–102

  • [8] T. Handel, M. Sandford, In Anderson R. (ed.), Hiding data in the OSI network model, Information Hiding, Cambridge, U.K., May 30–June 1, 1996, LNCS vol. 1174, 23–38

  • [9] S. J. Murdoch, S. Lewis, In M. Barni, J. Herrera Joancomartí, S. Katzenbeisser, F. Pérez-González (Eds.), Embedding Covert Channels into TCP/IP, proceedings of: 7th Information Hiding Workshop, Barcelona, Spain, June 6–8, 2005, LNCS vol. 3727, 247–261

  • [10] C. H. Rowland, Covert channels in the TCP/IP protocol suite, DoIS Documents in Information Science, May 1997

  • [11] D. V. Forte, SecSyslog: An Approach to Secure Logging Based on Covert Channels, In proceedings of: First International Workshop of Systematic Approaches to Digital Forensic Engineering (SADFE 2005), Taipei, Taiwan, November 7–10, 2005, 248–263

  • [12] R. deGraaf, J. Aycock, M. Jacobson Jr., Improved Port Knocking with Strong Authentication, In proceedings of: the 21st Annual Computer Security Applications Conference (ACSAC 2005), Tucson, AZ, December 5–9, 2005

  • [13] N. Feamster, M. Balazinska, G. Harfst, H. Balakrishnan, D. Karger, Infranet: Circumventing Web Censorship and Surveillance, In proceedings of: the 11th USENIX Security Symposium, San Francisco, CA, August 8–12, 2002, 247–262

  • [14] S. Burnett, N. Feamster, S. Vempala, Chipping Away at Censorship Firewalls with User-Generated Content, In proceedings of: the 19th USENIX conference on Security (USENIX Security’10), Washington, DC, August 11–13, 2010

  • [15] A. Houmansadr, T. Riedl, N. Borisov, E. Singer, I want my voice to be heard: IP over Voice-over-IP for unobservable censorship circumvention, In proceedings of: the 20th NDSS Symposium 2013, San Diego, USA, February 24–27, 2013

  • [16] W. Mazurczyk, Z. Kotulski, In: J. Górski (ed.), New VoIP Traffic Security Scheme with Digital Watermarking, proceedings of: SafeComp 2006, Gdansk, Poland, September 26–29, 2006, LNCS vol. 4166, 170–181

  • [17] W. Mazurczyk, Z. Kotulski, New Security and Control Protocol for VoIP Based on Steganography and Digital Watermarking, Ann. UMCS Inform. 5, 417–426, 2006

  • [18] A. Houmansadr, N. Kiyavash, N. Borisov, RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows, In proceedings of: the 16th NDSS Symposium 2009, San Diego, USA, February 8–11, 2009

  • [19] A. Houmansadr, N. Borisov, SWIRL: A scalable watermark to detect correlated network flows, In proceedings of: the 18th NDSS Symposium 2009, San Diego, USA, February 6–9, 2011

  • [20] X. Wang, S. Chen, S. Jajodia, Tracking anonymous peer-to-peer voip calls on the internet, in proceedings of: the 2005 ACM Conference on Computer and Communications Security, November 2005

  • [21] X. Wang, D. S. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of inter packet delays, in proceedings of: the 2003 ACM Conference on Computer and Communications Security, October 2003

  • [22] E. Jones, O. Le Moigne, J.-M. Robert, IP Traceback Solutions Based on Time to Live Covert Channel, In proceedings of: 12th IEEE International Conference on Networks (ICON 2004), November 16–19, 2004, 451–457

  • [23] W. Mazurczyk, M. Karas, K. Szczypiorski, SkyDe: a Skype-based Steganographic Method, Int. J. Comput. Commun. Control 8(3), 389–400, 2013

  • [24] P. Kopiczko, W. Mazurczyk, K. Szczypiorski, StegTorrent: a steganographic method for P2P files sharing service, in proceedings of: IEEE Symposium on Security and Privacy Workshops 2013, San Francisco, CA, May 23–24, 2013, 151–157

  • [25] P. Bialczak, W. Mazurczyk, K. Szczypiorski, Sending Hidden Data via Google Suggest, arXiv:1107.4062

  • [26] X. Luo, E. Chan, R. Chang, Crafting Web Counters into Covert Channels, in proceedings of: IFIP 2007, Sandton, South Africa, 2007, 337–348

  • [27] E. Zielinska, W. Mazurczyk, K. Szczypiorski, Development Trends in Steganography, Commun. ACM 57(2), 2014 (in press)

  • [28] S. Zander, G. Armitage, P. Branch, A survey of covert channels and countermeasures in computer network protocols, IEEE Communications Surveys and Tutorials 9(3), 44–57, 2007 http://dx.doi.org/10.1109/COMST.2007.4317620

  • [29] P. Peng, P. Ning, D. Reeves, On the secrecy of timing-based active watermarking trace-back techniques, in proceedings of: the 2006 IEEE Symposium on Security and Privacy, Oakland, USA, May 2006

  • [30] D. Llamas, C. Allison, A. Miller, Covert Channels in Internet Protocols: A Survey, In proceedings of: the 6th Annual Postgraduate Symposium about the Convergence of Telecommunications, Networking and Broadcasting (PGNET), Liverpool, UK, June 27–28, 2005

  • [31] M. Smeets, M. Koot, Covert Channels, Research Report (University of Amsterdam, Amsterdam, 2006)

  • [32] P. Allix, Covert channels analysis in TCP/IP networks, IFIPS School of Engineering, University of Paris-Sud XI, Orsay, France, 2007

  • [33] J. C. Smith, Covert Shells, SANS GIAC Reading Room, 2000

  • [34] M. C. Perkins, Hiding out in Plaintext: Covert Messaging with Bitwise Summations, Master thesis (Iowa State University, 2005)

  • [35] B. Jankowski, W. Mazurczyk, K. Szczypiorski, PadSteg: Introducing Inter-Protocol Steganography, Telecomm. Syst. 52(2), 1101–1111, 2013

  • [36] P. Dong, H. Qian, Z. Lu, S. Lan, A Network Covert Channel Based on Packet Classification, Int. J. Network Security 14(2), 109–116, 2012

  • [37] K. Ahsan, D. Kundur, Practical data hiding in TCP/IP, In proceedings of: Multimedia and Security Workshop at ACM Multimedia 2002, Juan-les-Pins, France, December 1–6, 2002

  • [38] K. Ahsan, Covert channel analysis and data hiding in TCP/IP, Master thesis (University of Toronto, 2002)

  • [39] E. Cauich, R. Gómez, R. Watanabe, In: F. F. Ramos, V. L. Rosillo, H. Unger (Eds.), Data Hiding in Identification and Offset IP Fields, Proceedings of 5th International School and Symposium of Advanced Distributed Systems (ISSADS) 2005, LNCS vol. 3563, (Springer, Berlin, Heidelberg, 2005) pp. 118–125

  • [40] W. Mazurczyk, K. Szczypiorski, Steganography in handling oversized IP packets, In proceedings of: First International Workshop on Network Steganography (IWNS 2009), Wuhan, China, November 18–20, 2009

  • [41] H. Qu, P. Su, D. Feng, A Typical Noisy Covert Channel in the IP Protocol, In proceedings of: the 38th Annual International Carnahan Conference of Security Technology, October 11–14, 2004, 189–192

  • [42] S. Zander, G. Armitage, P. Branch, Covert Channels in the IP Time To Live Field, In proceedings of: the Australian Telecommunication Networks and Applications Conference (ATNAC), Melbourne, December 4–6, 2006

  • [43] vecna, B0CK, Butchered From Inside, 2000, 7(2)

  • [44] C. Abad, IP checksum covert channels and selected hash collision, Technical report (University of California, 2001)

  • [45] Z. Trabelsi, H. El-Sayed, L. Frikha, T. Rabie, Traceroute Based IP Channel for Sending Hidden Short Messages, In proceedings of: First International Workshop on Security Advances in Information and Computer Security (IWSEC 2006), Kyoto, Japan, October 23–24, 2006, LNCS vol. 4266, 421–436

  • [46] Z. Trabelsi, H. El-Sayed, L. Frikha, T. Rabie, A novel covert channel based on the IP header record route option, Int. J. Adv. Media Commun 1(4), 328–350, 2007 http://dx.doi.org/10.1504/IJAMC.2007.014811

  • [47] W. Mazurczyk, K. Szczypiorski, Evaluation of steganographic methods for oversized IP packets, Telecommun. Syst. 49, 207–217, 2012 http://dx.doi.org/10.1007/s11235-010-9362-7

  • [48] S. D. Servetto, M. Vetterli, Communication using phantoms: covert channels in the Internet. In proceedings of: IEEE International Symposium on Information Theory (ISIT), Washington, DC, June 24–29, 2001

  • [49] A. El-Atawy, E. Al-Shaer, Building Covert Channels over the Packet Reordering Phenomenon, in proceedings of: IEEE INFOCOM 2009, 2186–2194

  • [50] A. Galatenko, A. Grusho, A. Kniazev, E. Timonina, Statistical Covert Channels Through PROXY Server, In proceedings of: Third International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, St. Petersburg, Russia, 2005, LNCS vol. 3685, 424–429

  • [51] M. A. Padlipsky, D. W. Snow, P. A. Karger, Limitations of End-to-End Encryption in Secure Computer Networks, Technical Report ESD-TR-78-158, Mitre Corporation, August 1978

  • [52] S. Cabuk, C. E. Brodley, C. Shields, IP covert timing channels: Design and detection, In Proceedings of: the 11th ACM Conference on Computer and Communications Security, Washington DC, USA, 2004, ACM Press, 178–187

  • [53] V. Berk, A. Giani, G. Cybenko, Detection of Covert Channel Encoding in Network Packet Delays, Technical Report TR2005-536, Department of Computer Science, Dartmouth College, 2005

  • [54] G. Shah, A. Molina, M. Blaze, Keyboards and Covert Channels, In proceedings of: 15th USENIX Security Symposium, Vancouver, Canada, August 2006, 59–75

  • [55] S. Cabuk, Network covert channels: design, analysis, detection and elimination, PhD thesis (Purdue University, 2006)

  • [56] S. Gianvecchio, H. Wang, D. Wijesekera, S. Jajodia, Model-based covert timing channels: Automated modeling and evasion, in: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008, LNCS, vol. 5230 (Springer, 2008) pp. 211–230

  • [57] S. H. Sellke, C.-C. Wang, S. Bagchi, N. Shroff, TCP/IP Timing Channels: Theory to Implementation, In proceedings of: the 28th Conference on Computer Communications (IEEE INFOCOM), Rio de Janeiro, Brazil, April 19–25, 2009

  • [58] V. Paxson, S. Floyd, Wide-area traffic: the failure of Poisson modeling, IEEE/ACM T. Network. 3(3), 226–244, 1995 http://dx.doi.org/10.1109/90.392383

  • [59] S. Zander, G. Armitage, P. Branch, Stealthier Inter-packet Timing Covert Channels, in proceedings of: 10th International IFIP TC 6 Networking Conference, Valencia, Spain, May 9–13, 2011, LNCS vol. 6640, 458–470

  • [60] Z. Trabelsi, I. Jawhar, Covert File Transfer Protocol Based on the IP Record Route Option, J. Inform. Assurance Security 5, 64–73, 2010

  • [61] S. Gianvecchio, H. Wang, An Entropy-Based Approach to Detecting Covert Timing Channels, IEEE T. Dependable and Secure Computing 8(6), 785–797, 2011 http://dx.doi.org/10.1109/TDSC.2010.46

  • [62] T. Graf, Messaging over IPv6 Destination Options, Swiss Unix User Group, 2003

  • [63] N. B. Lucena, G. Lewandowski, S. J. Chapin, In: G. Danezis, D. Martin (Eds.), Covert Channels in IPv6, Proceedings of: the 5th International Workshop Privacy Enhancing Technologies (PET 2005), Dubrovnik, May 30–June 1, 2005, 147–166

  • [64] daemon9, AKA, and route, Project Loki, Phrack Magazine 49, 6, 1996

  • [65] daemon9, Loki2 (the implementation), Phrack Magazine 51, 6, 1997

  • [66] A. Singh, C. Lu, O. Nordstrom, A. L. M. dos Santos, In: Y. Mu, W. Susilo, J. Seberry (Eds.), Malicious ICMP Tunneling: Defense against the Vulnerability, proceedings of: the 8th Australasian Conference on Information Security and Privacy (ACISP), Wollongong, Australia, July 9–11, 2003, LNCS vol. 5107 (Springer, 2003) pp. 226–236

  • [67] M. Muench, ICMP-Chat, 2003, Available at http://icmpchat.sourceforge.net/

  • [68] L. Zelenchuk, Skeeve — ICMP Bounce Tunnel, 2004, available at: http://www.gray-world.net/poc_skeeve.shtml

  • [69] G. Thomer, IP-over-ICMP using ICMPTX, 2005, available at: http://thomer.com/icmptx/

  • [70] D. Stødle, Ping Tunnel, 2011, Available at: http://www.cs.uit.no/~daniels/PingTunnel/

  • [71] R. Murphy, V00d00n3t — Ipv6 / ICMPv6 Covert Channel, DefCon, Las Vegas, 2006

  • [72] K. Stokes, B. Yuan, D. Johnson, P. Lutz, In: K. Elleithy, T. Sobh, M. Iskander, V. Kapila, M. A. Karim, A. Mahmood (Eds.), ICMP covert channel resiliency, Technological Developments in Networking, Education and Automation, 2010, 503–506

  • [73] B. Ray, S. Mishra, In: L. Korba, S. Marsh, R. Safavi-Naini (Eds.), A Protocol for Building Secure and Reliable Covert Channel, proceedings of: the Sixth Annual Conference on Privacy, Security and Trust (PST 2008), Fredericton, New Brunswick, Canada, October 1–3, 2008, 246–253

  • [74] C. Scott, Network Covert Channels: Review of Current State and Analysis of Viability of the use of X.509 Certificates for Covert Communications, Technical Report RHUL-MA-2008-11, Department of Mathematics, Roal Holloway, University of London, 2008

  • [75] R. Rios, J. A. Onieva, J. Lopez, HIDE_DHCP: Covert Communications Through Network Configuration Messages, In proceedings of: 27th IFIP TC 11 Information Security and Privacy Conference, Heraklion, Crete, Greece, June 4–6, 2012, IFIP Adv. Inform. Commun. Technol. 376, 162–173, 2012

  • [76] J. Giffin, R. Greenstadt, P. Litwack, R. Tibbetts, In: R. Dingledine, P. Syverson (Eds.), Covert Messaging Through TCP Timestamps, Proceedings of the 2nd international conference on Privacy enhancing technologies (PET 2002), San Francisco, CA, April 14–15, 2002, 194–208

  • [77] L. Ji, Y. Fan, C. Ma, Covert channel for local area network, In proceedings of: IEEE International Conference of Wireless Communications, Networking and Information Security (WCNIS 2010), 2010, 316–319

  • [78] J. Rutkowska, The Implementation of Passive Covert Channels in the Linux Kernel, Chaos Communication Congress, 2004

  • [79] A. Hintz, Covert Channels in TCP and IP Headers, DefCon 10, Las Vegas, Nevada, August 2–4, 2003

  • [80] E. Tumoian, M. Anikeev, Detecting NUSHU Covert Channels Using Neural Networks, Technical report (Taganrog State University of Radio Engineering, 2005)

  • [81] R. Chakinala, A. Kumarasubramanian, R. Manokaran, G. Noubir, C. Pandu Rangan, R. Sundaram, Steganographic communication in ordered channels, In proceedings of: the 8th International Conference on Information Hiding Workshop, Alexandria, VA, USA, July 10–12, 2006 (Springer-Verlag Berlin, Heidelberg, 2006) pp. 42–57

  • [82] X. Luo, E. Chan, R. Chang, Cloak: A ten-fold way for reliable covert communications, in proceedings of: ESORICS 2007, Dresden, Germany, September 24–26, 2007, LNCS vol. 4734, 283–298

  • [83] X. Luo, E. Chan, R. Chang, TCP Covert Timing Channels: Design and Detection, In proceedings of: IEEE International Conference on Dependable Systems and Networks With FTCS and DCC, Anchorage, Alaska, June 24–27, 2008, 420–429

  • [84] X. Luo, E. Chan, R. Chang, CLACK: A network covert channel based on partial acknowledgement encoding, In proceedings of: IEEE International Conference on Communications, Dresden, Germany, June 14–18, 2009, 1–5

  • [85] X. Luo, P. Zhou, E. Chan, R. Chang, W. Lee, A Combinatorial Approach to Network Covert Communications with Applications in Web Leaks, In proceedings of: IEEE/IFIP 41st International Conference on Dependable Systems and Networks (DSN 2011), Hong Kong, June 27–30, 2011, 474–485

  • [86] G. Fisk, M. Fisk, C. Papadopoulos, J. Neil, In: F. A. P. Petitcolas (Ed.), Eliminating steganography in Internet traffic with active wardens, 5th International Workshop on Information Hiding (IH), 2002, LNCS vol. 2578, 18–35

  • [87] J. S. Thyer, Covert Data Storage Channel Using IP Packet Headers (SANS Institute, 2008)

  • [88] W. Mazurczyk, M. Smolarczyk, K. Szczypiorski, Retransmission Steganography Applied, In proceedings of: 2010 International Conference on Multimedia Information Networking and Security (MINES), Nanjing, China, November 4–6, 2010, 846–850

  • [89] W. Mazurczyk, M. Smolarczyk, K. Szczypiorski, On Information Hiding in Retransmissions, Telecommun. Syst. Modelling, Analysis, Design and Management 52(2), 1113–1121, 2013

  • [90] K. Anjan, J. Abraham, Behavioral Analysis of Transport Layer Based Hybrid Covert Channel, In proceedings of: Third International Conference of Recent Trends in Network Security nd Applications (CNSA 2010), Chennai, India, July 23-25, 2010 (Springer Berlin Heidelberg, 2010) pp. 83–92

  • [91] K. Anjan, J. Abraham, M. Jadhav, Design of Transport Layer Based Hybrid Covert Channel Detection Engine, arXiv:1101.0104

  • [92] vanHauser, Placing Backdoors through Firewalls, The Hacker’s Choice, 1999

  • [93] P. Pack, W. Streilein, S. Webster, R. Cunningham, Detecting http Tunneling Activities, in proceedings of: 3rd Annual Information Assurance Wksp., West Point, NY, USA, June 17–19, 2002

  • [94] K. Borders, A. Prakash, Web Tap: Detecting Covert Web Traffic, in proceedings of: 11th ACM Conf. Computer and Communications Security (CCS), 110–120, October 2004

  • [95] P. Padgett, Corkscrew, 2011, Available at http://www.agroman.net/corkscrew/

  • [96] L. Bowyer, Firewall Bypass via protocol Steganography, Network Penetration, 2002

  • [97] A. Dyatlov, S. Castro, Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the http protocol, Gray-world, USA, June, 2003

  • [98] M. Bauer, New Covert Channels in http: Adding Unwitting Web Browsers to Anonymity Sets. In Proceedings of Workshop on Privacy Electronic Society (WPES 2003), Washington, DC, USA, October 30, 2003, 72–78

  • [99] H. -G. Eßer, F. C. Freiling, Kapazitätsmessung eines verdeckten Zeitkanals über http, Technical Report TR-2005-10 (Universität Mannheim, 2005)

  • [100] P. LeBoutillier, 2005, HTTunnel, Available at: http://sourceforge.net/projects/httunnel/

  • [101] Z. Kwecka, Application Layer Covert Channel Analysis and Detection, Technical Report (Napier University Edinburgh, 2006)

  • [102] M. Van Horenbeeck, Deception on the network: thinking differently about covert channels, In proceedings of; Australian Information Warfare and Security Conference, Perth, Western Australia, December 4–5, 2006, 174–184

  • [103] S. Castro, Gray World Team: Cooking Channels, hakin9 Magazine, May 2006, 50–57

  • [104] R. Duncan, J. E. Martina, Steganographic Message Broadcasting using Web Protocols, In proceedings of: Simposio Brasilerio de Seguranca (SBSeg 2010), Fortaleza, Brasil, 2010

  • [105] Z. Kwecka, Application Layer Covert Channel Analysis and Detection, Technical Report (Napier University Edinburgh, 2006)

  • [106] J. Blascoa, J. C. Hernandez-Castrob, J. M. de Fuentes, B. Ramosa, A framework for avoiding steganography usage over http, J. Network Computer Appl. 35(1), 491–501, 2012 http://dx.doi.org/10.1016/j.jnca.2011.10.003

  • [107] D. Alman, http Tunnels Though Proxies (SANS Institute, 2003)

  • [108] X. Zou, Q. Li, S.-H. Sun, X. Niu, In: R. Khosla, R. J. Howlett, L. C. Jain (Eds.), The Research on Information Hiding Based on Command Sequence of FTP Protocol, proceedings of: the 9th International Conference on Knowledge-Based Intelligent Information and Engineering Systems (KES 2005), Melbourne, Australia, September 14–16, 2005, LNCS vol. 3683, 1079–1085

  • [109] savannah.nongnu.org, NSTX, 2002, Available at http://savannah.nongnu.org/projects/nstx/

  • [110] L. Nussbaum, P. Neyron, O. Richard, On Robust Covert Channels Inside DNS, In proceedings of: 24th IFIP TC 11 International Information Security Conference (SEC 2009), Pafos, Cyprus, May 182-20, 2009, 51–62

  • [111] T. Pietraszek, 2004, DNSCat, Available at: http://tadek.pietraszek.org/projects/DNScat/

  • [112] D. Kaminsky, OzymanDNS, 2004, Available at: http://dankaminsky.com/2004/07/29/51/

  • [113] Anonymous, DNS Covert Channels and Bouncing Techniques, 2005, Available at: http://seclists.org/fulldisclosure/2005/Jul/att-452/p63_dns_worm_covert_channel.txt

  • [114] O. Dembour, C. Collignon, DNS2TCP, 2008, Available at: http://hsc.fr/ressources/outils/dns2tcp/

  • [115] Kryo, iodine, 2010, Available at: http://code.kryo.se/iodine/

  • [116] L. Y. Bai, Y. Huang, G. Hou, B. Xiao, In: J. -S. Pan, X. Niu, H.-C. Huang, L. C. Jain (Eds.), Covert Channels Based on Jitter Field of the RTCP Header, Proceedings of the Fourth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IEEE Computer Society, 2008, 1388–1391

  • [117] Y. Lizhi, H. Yongfeng, Y. Jian, L. Y. Bai, A Novel Covert Timing Channel Based on RTP/RTCP, Chinese J. Electron. 21(4), 711–714, 2012

  • [118] W. Mazurczyk, Lost Audio Packets Steganography: The First Practical Evaluation, Journal of Security and Communication Networks 5(12), 1394–1403, 2012 http://dx.doi.org/10.1002/sec.502

  • [119] W. Mazurczyk, K. Szczypiorski, Covert Channels in SIP for VoIP Signalling, Communications in Computer and Information Science 12, 65–72, 2008 http://dx.doi.org/10.1007/978-3-540-69403-8_9

  • [120] N. Lucena, J. Pease, P. Yadollahpour, S. J. Chapin, Syntax and Semantics-Preserving Application-Layer Protocol Steganography, In proceedings of: 6th Information Hiding Workshop, Toronto, Canada, May 23–25, 2004, LNCS vol. 3200, 164–179

  • [121] R. A. Kemmerer, Shared Resource Matrix Methodology: an Approach to Identifying Storage and Timing Channels, ACM T. Comput. Syst. (TOCS) 1(3), 256–277, 1983 http://dx.doi.org/10.1145/357369.357374

  • [122] R. A. Kemmerer, A Practical Approach to Identifying Storage and Timing Channels: Twenty Years Later, in proceedings of: Annual Computer Security Applications Conference (ACSAC), Dec. 2002, 109–118

  • [123] A. L. Donaldson, J. McHugh, K. A. Nyberg, Covert Channels in Trusted LANs, in proceedings of: 11th NBS/NCSC National Computer Security Conference, October 1988, 226–232

  • [124] R. A. Kemmerer, P. Porras, Covert Flow Trees: A Visual Approach to Analysing Covert Storage Channels, IEEE Trans. Software Eng. SE-17(11), 1166–1185, 1991 http://dx.doi.org/10.1109/32.106972

  • [125] A. Giani, V. Berk, G. Cybenko, Covert channel detection using process query systems, in proceedings of: FLoCon 2005

  • [126] G. R. Malan, D. Watson, F. Jahanian, P. Howell, Transport and application protocol scrubbing, in proceedings of: the IEEE INFOCOM 2002 Conference, 1381–1390, Tel-Aviv, Israel, 2000

  • [127] S. Gianvecchio, H. Wang, Detecting Covert Timing Channels: An Entropy-Based Approach, in proceedings of: ACM CCS 2007, Alexandria, USA, October 28–31, 2007

  • [128] T. Sohn, J. Seo, J. Moon, In; P. Perner, S. Qing, D. Gollmann, J. Zhou (eds.), A study on the covert channel detection of TCP/IP header using support vector machine, Information and Communications Security, LNCS vol. 2836, 313–324 (Springer-Verlag, 2003) http://dx.doi.org/10.1007/978-3-540-39927-8_29

  • [129] M. Handley, V. Paxson, Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In proceedings of: the 10th USENIX Security Symposium, Washington, DC, August 13–17, 2001

  • [130] A. B. Jeng, M. D. Abrams, On Network Covert Channel Analysis, in proceedings of: 3rd Aerospace Computer Security Conference, Orlando, FL, USA, December 7–11, 1987

  • [131] H. Wei-Ming, Reducing Timing Channels with Fuzzy Time, in proceedings of: IEEE Computer Society Symposium Research in Security and Privacy, Oakland, CA, USA, May, 1991, 8–20

OPEN ACCESS

Journal + Issues

Open Computer Science is an open access, peer-reviewed journal. The journal publishes research results in the following fields: algorithms and complexity theory, artificial intelligence, bioinformatics, networking and security systems,
programming languages, system and software engineering, and theoretical foundations of computer science.

Search