Categorization of Covert Channels and Its Application in Threat Restriction Techniques
Author:
Affiliation:

Clc Number:

TP393

Fund Project:

National Natural Science Foundation of China (U1636213, 61772507, 61672508); National Key Research andDevelopment Program of China (2017YFB1002300)

  • Article
  • | |
  • Metrics
  • |
  • Reference [95]
  • |
  • Related [20]
  • | | |
  • Comments
    Abstract:

    Covert channels are communication channels that allow secret transfer of information between two malicious processes by modifying the value or modulating the timing behavior of shared resources. Shared resources in covert communications vary according to the underlying covert channels. Initially, covert storage channels and covert timing channels are widely existed in information systems. More recently, the focus has shifted towards three new kinds of covert channels, namely, covert hybrid channels, covert behavior channels, and air-gap covert channels. This study surveys existing techniques for constructing covert channels that have been reported in literature, especially the covert channels that are presented in recent years. First, the definition, history, and key elements of covert channels are introduced. Covert channel analysis is also included. Second, a categorization technique is proposed for these covert channels based on the shared resources and channel characteristics. The traditional and new covert channel attack techniques are systematically analyzed based on the seven key elements of the covert channels. Third, the countermeasures for covert channels aforementioned are also demonstrated to restrict the threat brought by covert channels and to provide guidelines for future works. Finally, the challenges and problems on covert channels are provided.

    Reference
    [1] Chen K. Roles and limitations of cryptographic techniques in information security. Journal of China Institute of Communications, 2001,22(8):93-99(in Chinese with English abstract).
    [2] Fedorov AK, Kiktenko EO, Lvovsky AI. Quantum computers put blockchain security at risk. Nature, 2018,563:465-467.
    [3] Petitcolas FAP, Anderson RJ, Kuhn MG. Information hiding-a survey. Proc. of the IEEE, 1999,87(7):1062-1078.
    [4] Lampson BW. A note on the confinement problem. Communications of the ACM, 1973,16(10):613-615.
    [5] Biswas AK, Ghosal D, Nagaraja S. A survey of timing channels and countermeasures. ACM Computing Surveys, 2017,50(1):1-39.
    [6] Wang C, Zhang CY, Bin W, YuAn T, Wang YJ. A novel anti-detection criterion for covert storage channel threat estimation. SCIENTIA SINICA Informationis, 2018,61(4):048101:1-048101:3.
    [7] Wang YJ, Wu JZ, Zeng HT, Ding LP, Liao XF. Covert channel research. Ruan Jian Xue Bao/Journal of Software, 2010,21(9):2262-2288(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3880.htm[doi:10.3724/SP.J.1001.2010.03880]
    [8] Wu JZ, Ding LP, Wu Y, Min-Allah N, Khan SU, Wang YJ. C2detector:A covert channel detection framework in cloud computing. Security and Communication Networks, 2014,7(3):544-557.
    [9] Zander S, Armitage G, Branch P. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys Tutorials, 2007,9(3):44-57.
    [10] Wendzel S, Zander S, Fechner B, Herdin C. Pattern-based survey and categorization of network covert channel techniques. ACM Computing Surveys, 2015,47(3):50:1-50:26.
    [11] Lin YQ, Malik SUR, Bilal K, Yang Q, Wang YJ, Khan SU. Designing and modeling of covert channels in operating systems. IEEE Trans. on Computers, 2016,65(6):1706-1719.
    [12] Wu Z, Xu Z, Wang H. Whispers in the hyper-space:High-bandwidth and reliable covert channel attacks inside the cloud. IEEE/ACM Trans. on Networking, 2015,23(2):603-615.
    [13] Luo Y, Luo W, Sun X, Shen Q, Ruan A, Wu Z. Whispers between the containers:High-capacity covert channel attacks in Docker. In:Proc. of the 2016 IEEE Trustcom/BigDataSE/ISPA. 2016. 630-637.
    [14] Kadloor S, Kiyavash N, Venkitasubramaniam P. Mitigating timing side channel in shared schedulers. IEEE/ACM Trans. on Networking, 2016,24(3):1562-1573.
    [15] Tahmasbi F, Moghim N, Mahdavi M. Code-based timing covert channel in IEEE 802.11. In:Proc. of the 5th Int'l Conf. on Computer and Knowledge Engineering (ICCKE). IEEE, 2015. 12-17.
    [16] Shen Y, Huang L, Wang F, Lu X, Yang W, Li L. LiHB:Lost in HTTP behaviors-A behavior-based covert channel in HTTP. In:Proc. of the 3rd ACM Workshop on Information Hiding and Multimedia Security. New York:ACM Press, 2015. 55-64.
    [17] Qi W, Ding W, Wang X, Jiang Y, Xu Y, Wang J, Lu K. Construction and mitigation of user-behavior-based covert channels on smartphones. IEEE Trans. on Mobile Computing, 2018,17(1):44-57.
    [18] Guri M, Monitz M, Mirski Y, Elovici Y. Bitwhisper:Covert signaling channel between air-gapped computers using thermal manipulations. In:Proc. of the 28th IEEE Computer Security Foundations Symp. Washington:IEEE Computer Society, 2015. 276-289.
    [19] Wu P, Liu K, Zheng K, Ding Z, Tan Y. A road network modeling method for map matching on lightweight mobile devices. Distributed and Parallel Databases, 2015,33(2):145-164.
    [20] Zhiyong C, Yong Z. Entropy based taxonomy of network convert channels. In:Proc. of the 2nd Int'l Conf. on Power Electronics and Intelligent Transportation System (PEITS). Piscataway:IEEE, 2009. 451-455.
    [21] Simmons GJ. The prisoners' problem and the subliminal channel. In:Proc. of the Advances in Cryptology. New York:SpingerVerlag, 1984. 51-67.
    [22] Liu Y, Zhong ZM. Design and implementation of network covert channel based on multi-protocol. Modern Electronics Technique, 2017,40(8):19-21, 24(in Chinese with English abstract).
    [23] Dong LP, Yuan CX, Jie YY, Wang S. Implementation and detection of network covert channel. Computer Science, 2015,42(7):216-221(in Chinese with English abstract).
    [24] Craver S. On public-key steganography in the presence of an active warden. In:Proc. of the Int'l Workshop on Information Hiding. Berlin, Heidelberg:Springer-Verlag, 1998. 355-368.
    [25] Millen J. 20 years of covert channel modeling and analysis. In:Proc. of the '99 IEEE Symp. on Security and Privacy (Cat. No.99CB36344). Piscataway:IEEE, 1999. 113-114.
    [26] Yan M, Shalabi Y, Torrellas J. ReplayConfusion:Detecting cache-based covert channel attacks using record and replay. In:Proc. of the 49th Annual IEEE/ACM Int'l Symp. on Microarchitecture (MICRO). IEEE, 2016. 1-14.
    [27] Denning DE. A lattice model of secure information flow. Communications of the ACM, 1976,19(5):236-243.
    [28] Tsai CR, Gligor VD, Chandersekaran CS. A formal method for the identification of covert storage channels in source code. In:Proc. of the '87 IEEE Symp. on Security and Privacy. Piscataway:IEEE, 1987. 74.
    [29] Shrestha PL, Hempel M, Rezaei F, Sharif H. A support vector machine-based framework for detection of covert timing channels. IEEE Trans. on Dependable and Secure Computing, 2016,13(2):274-283.
    [30] Lin Y, Ding L, Wu J, Xie Y, Wang Y. Robust and efficient covert channel communications in operating systems:Design, implementation and evaluation. In:Proc. of the 7th IEEE Int'l Conf. on Software Security and Reliability Companion. Washington:IEEE, 2013. 45-52.
    [31] Evtyushkin D, Ponomarev D. Covert channels through random number generator:Mechanisms, capacity estimation and mitigations. In:Proc. of the 2016 ACM SIGSAC Conf. on Computer and Communications Security. New York:ACM Press, 2016. 843-857.
    [32] Zhang D, Askarov A, Myers AC. Predictive mitigation of timing channels in interactive systems. In:Proc. of the 18th ACM Conf. on Computer and Communications Security. New York:ACM Press, 2011. 563-574.
    [33] Tahir R, Khan MT, Gong X, Ahmed A, Ghassami A, Kazmi H, Caesar M, Zaffar F, Kiyavash N. Sneak-Peek:High speed covert channels in data center networks. In:Proc. of the 35th Annual IEEE Int'l Conf. on Computer Communications. Piscataway:IEEE, 2016. 1-9.
    [34] Gray JW. On introducing noise into the bus-contention channel. In:Proc. of the '93 IEEE Computer Society Symp. on Research in Security and Privacy. Washington, 1993. 90-98.
    [35] El-Atawy A, Duan Q, Al-Shaer E. A novel class of robust covert channels using out-of-order packets. IEEE Trans. on Dependable and Secure Computing, 2017,14(2):116-129.
    [36] Wu J, Ding L, Lin Y, Min-Allah N, Wang Y. XenPump:A new method to mitigate timing channel in cloud computing. In:Proc. of the 5th IEEE Int'l Conf. on Cloud Computing. Washington:IEEE Computer Society, 2012. 678-685.
    [37] Kang MH, Moskowitz IS. A pump for rapid, reliable, secure communication. In:Proc. of the 1st ACM Conf. on Computer and Communications Security. New York:ACM Press, 1993. 119-129.
    [38] Kang MH, Moskowitz IS, Lee DC. A network pump. IEEE Trans. on Software Engineering, 1996,22(5):329-338.
    [39] Konoplev AS, Busygin AG. Steganographic methods of communications in distributed computing networks. In:Proc. of the 8th Int'l Conf. on Security of Information and Networks. New York:ACM Press, 2015. 131-134.
    [40] Epishkina A, Kogos K. Protection from binary and multi-symbol packet length covert channels. In:Proc. of the 8th Int'l Conf. on Security of Information and Networks. New York:ACM Press, 2015. 196-202.
    [41] Girling CG. Covert channels in LAN's. IEEE Trans. on Software Engineering, 1987,13(2):292-296.
    [42] Lucena NB, Lewandowski G, Chapin SJ. Covert channels in IPv6. In:Proc. of the 5th Int'l Conf. on Privacy Enhancing Technologies. Berlin, Heidelberg:Springer-Verlag, 2006. 147-166.
    [43] Rios R, Onieva JA, Lopez J. HIDE_DHCP:Covert communications through network configuration messages. In:Proc. of the IFIP Int'l Information Security Conf. Berlin, Heidelberg:Springer-Verlag, 2012. 162-173.
    [44] Schulz S, Varadharajan V, Sadeghi AR. The silence of the LANs:Efficient leakage resilience for IPsec VPNs. IEEE Trans. on Information Forensics and Security, 2014,9(2):221-232.
    [45] Mazurczyk W, Szczypiorski K. Evaluation of steganographic methods for oversized IP packets. Telecommunication Systems, 2012,49(2):207-217.
    [46] Murdoch SJ, Lewis S. Embedding covert channels into TCP/IP. In:Proc. of the 7th Int'l Conf. on Information Hiding. Berlin, Heidelberg:Springer-Verlag, 2005. 247-261.
    [47] Wolf M. Covert channels in LAN protocols. In:Proc. of the Workshop for European Institute for System Security on Local Area Network Security. London:Springer-Verlag, 1989. 91-101.
    [48] Zou XG, Li Q, Sun SH, Niu X. The research on information hiding based on command sequence of FTP protocol. In:Proc. of the 9th Int'l Conf. on Knowledge-Based Intelligent Information and Engineering Systems. Berlin, Heidelberg:Springer-Verlag, 2005. 1079-1085.
    [49] Muchene DN, Luli K, Shue CA. Reporting insider threats via covert channels. In:Proc. of the 2013 IEEE Security and Privacy Workshops. Washington:IEEE Computer Society, 2013. 68-71.
    [50] Classen J, Schulz M, Hollick M. Practical covert channels for WiFi systems. In:Proc. of the 2015 IEEE Conf. on Communications and Network Security (CNS). Piscataway:IEEE, 2015. 209-217.
    [51] Hijaz Z, Frost VS. Exploiting OFDM systems for covert communication. In:Proc. of the 2010 Military Communications Conf. IEEE, 2010. 2149-2155.
    [52] Grabski S, Szczypiorski K. Steganography in OFDM symbols of fast IEEE 802.11n networks. In:Proc. of the 2013 IEEE Security and Privacy Workshops. Washington:IEEE Computer Society, 2013. 158-164.
    [53] Vines P, Kohno T. Rook:Using video games as a low-bandwidth censorship resistant communication platform. In:Proc. of the 14th ACM Workshop on Privacy in the Electronic Society. New York:ACM Press, 2015. 75-84.
    [54] Tuptuk N, Hailes S. Covert channel attacks in pervasive computing. In:Proc. of the 2015 IEEE Int'l Conf. on Pervasive Computing and Communications (PerCom). IEEE, 2015. 236-242.
    [55] Wendzel S, Kahler B, Rist T. Covert channels and their prevention in building automation protocols:A prototype exemplified using BACnet. In:Proc. of the 2012 IEEE Int'l Conf. on Green Computing and Communications. Washington:IEEE Computer Society, 2012. 731-736.
    [56] Lu X, Huang L, Yang W, Shen Y. Concealed in the internet:A novel covert channel with normal traffic imitating. In:Proc. of the 2016 Int'l IEEE Conf. on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress. IEEE, 2016. 285-292.
    [57] Daneault G, Johnson D. Client-initiated HTTP covert channels using relays. In:Proc. of the 4th Int'l Symp. on Digital Forensic and Security (ISDFS). IEEE, 2016. 32-37.
    [58] Ameri A, Johnson D. Covert channel over network time protocol. In:Proc. of the 2017 Int'l Conf. on Cryptography, Security and Privacy. New York:ACM Press, 2017. 62-65.
    [59] Johnson M, Lutz P, Johnson D. Covert channel using man-in-the-middle over HTTPS. In:Proc. of the 2016 Int'l Conf. on Computational Science and Computational Intelligence (CSCI). IEEE, 2016. 917-922.
    [60] Khader M, Hadi A, Hudaib A. Covert communication using port knocking. In:Proc. of the 2016 Cybersecurity and Cyberforensics Conf. (CCC). IEEE, 2016. 22-27.
    [61] Rezaei F, Hempel M, Dongming P, Yi Q, Sharif H. Analysis and evaluation of covert channels over LTE advanced. In:Proc. of the 2013 IEEE Wireless Communications and Networking Conf. (WCNC). IEEE, 2013. 1903-1908.
    [62] Fern N, San I, Koç ÇK, Cheng KTT. Hiding hardware trojan communication channels in partially specified SoC bus functionality. IEEE Trans. on Computer-Aided Design of Integrated Circuits and Systems, 2017,36:1435-1444.
    [63] Chun JY, Lee HL, Yoon JW. Passing go with DNA sequencing:Delivering messages in a covert transgenic channel. In:Proc. of the 2015 IEEE Security and Privacy Workshops. Washington:IEEE Computer Society, 2015. 17-26.
    [64] Hussein O, Hamza N, Hefny H. A proposed covert channel based on memory reclamation. In:Proc. of the 7th IEEE Int'l Conf. on Intelligent Computing and Information Systems (ICICIS). Piscataway:IEEE, 2015. 343-347.
    [65] Ainapure BS, Shah D, Rao AA. Understanding Perception of Cache-based Side-channel Attack on Cloud Environment. Singspore:Spinger-Verlag, 2018. 9-21.
    [66] Archibald R, Ghosal D. Design and analysis of a model-based covert timing channel for skype traffic. In:Proc. of the 2015 IEEE Conf. on Communications and Network Security (CNS). IEEE, 2015. 236-244.
    [67] Liu W, Liu G, Zhai J, Dai Y, Ghosal D. Designing analog fountain timing channels:Undetectability, robustness, and modeladaptation. IEEE Trans. on Information Forensics and Security, 2016,11:677-690.
    [68] Liguori A, Benedetto F, Giunta G, Kopal N, Wacker A. Analysis and monitoring of hidden TCP traffic based on an open-source covert timing channel. In:Proc. of the 2015 IEEE Conf. on Communications and Network Security (CNS). IEEE, 2015. 667-674.
    [69] Handel TG, Maxwell T, Sandford I. Hiding data in the OSI network model. In:Proc. of the 1st Int'l Workshop on Information Hiding. Berlin, Heidelberg:Springer-Verlag, 1996. 23-38.
    [70] El-Atawy A, Al-Shaer E. Building covert channels over the packet reordering phenomenon. In:Proc. of the IEEE INFOCOM 2009. 2009. 2186-2194.
    [71] Herzberg A, Shulman H. Limiting MitM to MitE covert-channels. In:Proc. of the 2013 Int'l Conf. on Availability, Reliability and Security. Washington:IEEE Computer Society, 2013. 236-241.
    [72] Liu F, Yarom Y, Ge Q, Heiser G, Lee RB. Last-level cache side-channel attacks are practical. In:Proc. of the 2015 IEEE Symp. on Security and Privacy. Washington:IEEE Computer Society, 2015. 605-622.
    [73] Oren Y, Kemerlis VP, Sethumadhavan S, Keromytis AD. The spy in the sandbox:Practical cache attacks in Javascript and their implications. In:Proc. of the 22nd ACM SIGSAC Conf. on Computer and Communications Security. New York:ACM Press, 2015. 1406-1418.
    [74] Yao F, Venkataramani G, Doroslova M. Covert timing channels exploiting non-uniform memory access based architectures. In:Proc. of the Great Lakes Symp. on VLSI 2017. New York:ACM Press, 2017. 155-160.
    [75] Irazoqui G, Eisenbarth T, Sunar B. Cross processor cache attacks. In:Proc. of the 11th ACM on Asia Conf. on Computer and Communications Security. New York:ACM Press, 2016. 353-364.
    [76] Hovhannisyan H, Lu K, Yang R, Qi W, Wang J, Wen M. A novel deduplication-based covert channel in cloud storage service. In:Proc. of the 2015 IEEE Global Communications Conf. (GLOBECOM). IEEE, 2015. 1-6.
    [77] Block K, Noubir G. Return of the covert channel, data center style. In:Proc. of the 2015 ACM Workshop on Cloud Computing Security Workshop. New York:ACM Press, 2015. 17-28.
    [78] Naghibijouybari H, Abu-Ghazaleh N. Covert channels on GPGPUs. IEEE Computer Architecture Letters, 2017,16:22-25.
    [79] Evtyushkin D, Ponomarev D, Abu-Ghazaleh N. Covert channels through branch predictors:A feasibility study. In:Proc. of the 4th Workshop on Hardware and Architectural Support for Security and Privacy. New York:ACM Press, 2015. 1-8.
    [80] Wu J, Wu Y, Yang M, Wu Z, Luo T, Wang Y. POSTER:biTheft:Stealing your secrets by bidirectional covert channel communication with zero-permission android application. In:Proc. of the 22nd ACM SIGSAC Conf. on Computer and Communications Security. New York:ACM Press, 2015. 1690-1692.
    [81] Mazurczyk W. Lost audio packets steganography:The first practical evaluation. Security and Communication Networks, 2012,5:1394-1403.
    [82] Mazurczyk W, Lubacz J. LACK-A VoIP steganographic method. Telecommunication Systems, 2010,45:153-163.
    [83] Zhao H, Shi YQ, Ansari N. Hiding data in multimedia streaming over networks. In:Proc. of the 8th Annual Communication Networks and Services Research Conf. Washington:IEEE Computer Society, 2010. 50-55.
    [84] Kohls K, Holz T, Kolossa D, Pöpper C. Skypeline:Robust hidden data transmission for VoIP. In:Proc. of the 11th ACM on Asia Conf. on Computer and Communications Security. New York:ACM Press, 2016. 877-888.
    [85] Hovhannisyan H, Lu K, Wang J. A novel high-speed IP-timing covert channel:Design and evaluation. In:Proc. of the 2015 IEEE Int'l Conf. on Communications (ICC). IEEE, 2015. 7198-7203.
    [86] Ambrosin M, Conti M, Gasti P, Tsudik G. Covert ephemeral communication in named data networking. In:Proc. of the 9th ACM Symp. on Information, Computer and Communications Security. New York:ACM Press, 2014. 15-26.
    [87] Shen Y, Yang W, Huang L. Concealed in Web surfing:Behavior-based covert channels in HTTP. Journal of Network and Computer Applications, 2018,101:83-95.
    [88] Mohamed EE, Mnaouer AB, Barka E. PSCAN:A port scanning network covert channel. In:Proc. of the 41st IEEE Conf. on Local Computer Networks (LCN). Piscataway:IEEE, 2016. 631-634.
    [89] Guri M, Hasson O, Kedma G, Elovici Y. An optical covert-channel to leak data through an air-gap. In:Proc. of the 14th Annual Conf. on Privacy, Security and Trust (PST). Berlin, Heidelberg:IEEE, 2016. 642-649.
    [90] Masti RJ, Rai D, Ranganathan A, Müller C, Thiele L, Capkun S. Thermal covert channels on multi-core platforms. In:Proc. of the 24th USENIX Conf. on Security Symp. Berkeley:USENIX Association, 2015. 865-880.
    附中文参考文献:
    [1] 陈克非.信息安全——密码的作用与局限.通信学报,2001,22(8):93-99.
    [7] 王永吉,吴敬征,曾海涛,丁丽萍,廖晓锋.隐蔽信道研究.软件学报,2010,21(9):2262-2288. http://www.jos.org.cn/1000-9825/3880.htm[doi:10.3724/SP.J.1001.2010.03880]
    [22] 刘娅,仲兆满.基于多重协议的网络隐蔽信道设计与实现.现代电子技术,2017,40(8):19-21.
    [23] 董丽鹏,陈性元,杨英杰,等.网络隐蔽信道实现机制及检测技术研究.计算机科学,2015,42(7):216-221.
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

王翀,王秀利,吕荫润,张常有,吴敬征,关贝,王永吉.隐蔽信道新型分类方法与威胁限制策略.软件学报,2020,31(1):228-245

Copy
Share
Article Metrics
  • Abstract:3906
  • PDF: 8750
  • HTML: 6313
  • Cited by: 0
History
  • Received:April 05,2018
  • Revised:December 19,2018
  • Online: November 07,2019
  • Published: January 06,2020
You are the first2033333Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063