Abstract
A covert channel is a communication path that allows transferring information in a way that violates a system security policy. Because of their concealed nature, detecting and preventing covert channels are obligatory security practices. In this paper, we present an examination of network storage channels in the Internet Protocol version 6 (IPv6). We introduce and analyze 22 different covert channels. In the appendix, we define three types of active wardens, stateless, stateful, and network-aware, who differ in complexity and ability to block the analyzed covert channels.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Gligor, V.D.: A Guide to Understanding Covert Channel Analysis of Trusted Systems. National Computer Security Center, Meade, MD, USA. Version-1 edn. (1993) NCSC-TG-030
McHugh, J.: Covert Channel Analysis: A Chapter of the Handbook for the Computer Security Certification of Trusted Systems. Portland State University, Portland, Oregon, USA (1995)
of Defense, U.D.: Department of Defense Trusted Computer System Evaluation Criteria (1985) DOD 5200.28-STD
Cabuk, S., Brodley, C.E., Shields, C.: Ip covert timing channels: Design and detection. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington DC, USA, pp. 178–187. ACM Press, New York (2004)
Ahsan, K.: Covert channel analysis and data hiding in tcp/ip. Master’s thesis, University of Toronto (2002)
Ahsan, K., Kundur, D.: Practical data hiding in tcp/ip. In: Proceedings of the ACM Workshop on Multimedia Security at ACM Multimedia (2002)
Servetto, S.D., Vetterli, M.: Codes for the fold-sum channel. In: Proceedings of the 35th Annual Conference on Information Science and Systems (CISS), Baltimore, MD, USA (2001)
Servetto, S.D., Vetterli, M.: Communication using phantoms: Covert channels in the internet. In: Proceedings of the IEEE International Symposium on Information Theory (ISIT), Washington, DC, USA (2001)
Handel, T., Sandford, M.: Hiding data in the OSI network model. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 23–38. Springer, Heidelberg (1996)
Szczypiorski, K.: Hiccups: Hidden communication system for coruppted networks. In: Proceedings of the Tenth International Multi-Conference on Advanced Computer Systems ACS 2003, Międzyzdroje, Poland, pp. 31–40 (2003)
Rowland, C.H.: Covert channels in the TCP/IP protocol suite. Psionics Technologies (1996), http://www.firstmonday.dk/issues/issue2_5/rowland/
Dunigan, T.: Internet steganography. Technical report, Oak Ridge National Laboratory (Contract No. DE-AC05-96OR22464), Oak Ridge, Tennessee (1998) [ORNL/TM-limited distribution]
Rutkowska, J.: The implementation of passive covert channels in the linux kernel. In: 21st Chaos Communication Congress, Berliner Congress Center, Berlin, Germany (2004), www.ccc.de/congress/2004/fahrplan/files/223-passive-covert-channels-linux.pdf
Abad, C.: Ip checksum covert channels and selected hash collision (2001), http://gray-world.net/cn/papers/ipccc.pdf
Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMID (2004), http://eprint.iacr.org/2004/199/
Kaminsky, D.: MD5 to be considered harmful someday (2004), http://www.doxpara.com/md5_someday.pdf
Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert messaging through TCP timestamps. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 194–208. Springer, Heidelberg (2003)
daemon9 (route@infonexus.com): Loki2 (the implementation). Phrack Magazine, 51, article 6 (1997), http://www.phrack.org/show.php?p=51&a=6
daemon9 (route@infonexus.com), alhambra (alhambra@infornexus.com): Project loki. Phrack Magazine, 49, Article 6 (1996), http://www.phrack.org/show.php?p=49&a=6
Skoudis, E.: Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses. In: Series in Computer networking and Distributed Systems. Prentice Hall, Upper Saddle River (2002)
Malan, G.R., Watson, D., Jahanian, F., Howell, P.: Transport and application protocol scrubbing. In: Proceedings of the IEEE INFOCOM 2002 Conference, Tel-Aviv, Israel, pp. 1381–1390 (2000)
Handley, M., Paxson, V.: Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In: Proceedings of the 10th USENIX Security Symposium, Washington, DC, USA. USENIX Association (2001)
Fisk, G., Fisk, M., Papadopoulos, C., Neil, J.: Eliminating steganography in internet traffic with active wardens. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 18–35. Springer, Heidelberg (2003)
Murdoch, S.J., Lewis, S.: Embedding covert channels into TCP/IP. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 247–261. Springer, Heidelberg (2005)
Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Chaum, D. (ed.) Advances in Cryptology, Proceedings of CRYPTO 1983, pp. 51–67. Plenum Press (1984)
Lucena, N.B., Pease, J., Yadollahpour, P., Chapin, S.J.: Syntax and semantics-preserving application-layer protocol steganography, Toronto, Canada. LNCS, pp. 164–179. Springer, Heidelberg (2004)
Craver, S.: On public-key steganography in the presence of an active warden. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 355–368. Springer, Heidelberg (1998)
Katzenbeisser, S., Petitcolas, F.A.: Information Hiding: Techniques for Steganography and Digital Watermarking, Artech House, Norwood, MA (2000)
Deering, S., Hinden, R.: Internet protocol, version 6 (ipv6) specification (1998) RFC 2460
Hagen, S.: IPv6 Essentials. 1st edn. O’Reilly & Associates, Inc., Sebastopol (2002)
Kent, S., Atkinson, R.: Security architecture for the internet protocol (1998) RFC 2401
Kent, S., Atkinson, R.: Ip authentication header (1998) RFC 2402
Kent, S., Atkinson, R.: Ip encapsulating security payload (esp) (1998) RFC 2406
Kent, S., Atkinson, R.: Definition of the differentiated services field (ds field) in the ipv4 and ipv6 header (1998) RFC 2402
(IANA), I.A.N.A.: Protocol numbers (2004), http://www.iana.org/assignments/protocol-numbers
(IANA), I.A.N.A.: IP version 6 parameters (2004), http://www.iana.org/assignments/ipv6-parameters
Graf, T.: Messaging over ipv6 destination options (2003), http://net.suug.ch/articles/2003/07/06/ip6msg.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lucena, N.B., Lewandowski, G., Chapin, S.J. (2006). Covert Channels in IPv6. In: Danezis, G., Martin, D. (eds) Privacy Enhancing Technologies. PET 2005. Lecture Notes in Computer Science, vol 3856. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11767831_10
Download citation
DOI: https://doi.org/10.1007/11767831_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34745-3
Online ISBN: 978-3-540-34746-0
eBook Packages: Computer ScienceComputer Science (R0)