Stretching the Limits of Steganography
Proceedings of the First International Workshop on Information Hiding
Hiding Data in the OSI Network Model
Proceedings of the First International Workshop on Information Hiding
Eliminating Steganography in Internet Traffic with Active Wardens
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Active Mapping: Resisting NIDS Evasion without Altering Traffic
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
New covert channels in HTTP: adding unwitting Web browsers to anonymity sets
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Covert messaging through TCP timestamps
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies
On the limits of steganography
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
A crucial security practice is the elimination of network covert channels. Recent research in IPv6 discovered that there exist, at least, 22 different covert channels, suggesting the use of advanced active wardens as an appropriate countermeasure. The described covert channels are particularly harmful not only because of their potential to facilitate deployment of other attacks but also because of the increasing adoption of the protocol without a parallel deployment of corrective technology. We present a pioneer implementation of network-aware active wardens that eliminates the covert channels exploiting the Routing Header and the hop limit field as well as the well-known Short TTL Attack. Network-aware active wardens take advantage of network-topology information to detect and defeat covert protocol behavior. We show, by analyzing their performance over a controlled network environment, that the wardens eliminate a significant percentage of the covert channels and exploits with minimal impact over the end-to-end communications (approximately 3% increase in the packet roundtrip time).