Dummynet: a simple approach to the evaluation of network protocols
ACM SIGCOMM Computer Communication Review
Hiding Data in the OSI Network Model
Proceedings of the First International Workshop on Information Hiding
Eliminating Steganography in Internet Traffic with Active Wardens
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Protocol scrubbing: network security through transparent flow modification
IEEE/ACM Transactions on Networking (TON)
Web tap: detecting covert web traffic
Proceedings of the 11th ACM conference on Computer and communications security
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Embedding covert channels into TCP/IP
IH'05 Proceedings of the 7th international conference on Information Hiding
Hi-index | 0.00 |
The ability of setting up a covert channel, which allows any two nodes with Internet connections to engage in secretive communication, clearly causes a very serious security concern. A number of recent studies have indeed shown that setting up such covert channels is possible by exploiting the protocol fields in the IP, TCP, or application layer. However, the quality of these covert channels is susceptible to unpredictable network condition and active wardens. In this paper, we propose CLACK, a new covert channel which encodes covert messages into the TCP acknowledgments (ACKs). Since the message encoding is performed in a TCP data channel, CLACK is reliable and resilience to adverse network conditions. Moreover, CLACK is very difficult to detect in practice, because the TCK ACKs encoded by CLACK cannot be easily distinguished from the normal ACKs. We have implemented and tested CLACK in a test-bed to validate its correctness.