Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Stretching the Limits of Steganography
Proceedings of the First International Workshop on Information Hiding
On the limits of steganography
IEEE Journal on Selected Areas in Communications
New covert channels in HTTP: adding unwitting Web browsers to anonymity sets
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
Proceedings of the 9th workshop on Multimedia & security
A novel covert channel based on the IP header record route option
International Journal of Advanced Media and Communication
Model-Based Covert Timing Channels: Automated Modeling and Evasion
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Analyzing network-aware active wardens in IPv6
IH'06 Proceedings of the 8th international conference on Information hiding
Hiding information in multi level security systems
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
A performance analysis of authentication using covert timing channels
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
Embedding a covert channel in active network connections
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
CLACK: a network covert channel based on partial acknowledgment encoding
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
An approach towards anomaly based detection and profiling covert TCP/IP channels
ICICS'09 Proceedings of the 7th international conference on Information, communications and signal processing
IEEE Transactions on Information Forensics and Security
Evaluating the transmission rate of covert timing channels in a network
Computer Networks: The International Journal of Computer and Telecommunications Networking
Low-attention forwarding for mobile network covert channels
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
A framework for avoiding steganography usage over HTTP
Journal of Network and Computer Applications
Syntax and semantics-preserving application-layer protocol steganography
IH'04 Proceedings of the 6th international conference on Information Hiding
An asynchronous covert channel using spam
Computers & Mathematics with Applications
Embedding covert channels into TCP/IP
IH'05 Proceedings of the 7th international conference on Information Hiding
Traceroute based IP channel for sending hidden short messages
IWSEC'06 Proceedings of the 1st international conference on Security
PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies
StegoTorus: a camouflage proxy for the Tor anonymity system
Proceedings of the 2012 ACM conference on Computer and communications security
Cloak: a ten-fold way for reliable covert communications
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Lost audio packets steganography: the first practical evaluation
Security and Communication Networks
CSP-Based general detection model of network covert storage channels
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
From an IP address to a street address: using wireless signals to locate a target
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
PHY covert channels: can you see the idles?
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
Active wardens have been an area of postulation in the community for nearly two decades, but to date there have been no published implementations that can be used to stop steganography as it transits networks. In this paper we examine the techniques and challenges of a high-bandwidth, unattended, real-time, active warden in the context of a network firewall. In particular, we concentrate on structured carriers with objectively defined semantics, such as the TCP/IP protocol suite rather than on the subjective, or unstructured carriers such as images that dominate the information hiding literature. We introduce the concept of Minimal Requisite Fidelity (MRF) as a measure of the degree of signal fidelity that is both acceptable to end users and destructive to covert communications. For unstructured carriers, which lack objective semantics, wardens can use techniques such as adding noise to block subliminal information. However, these techniques can break the overt communications of structured carriers which have strict semantics. We therefore use a specification-based approach to determine MRF. We use MRF to reason about opportunities for embedding covert or subliminal information in network protocols and develop both software to exploit these channels, as well as an active warden implementation that stops them. For unstructured carriers, MRF is limited by human perception, but for structured carriers, well known semantics give us high assurance that a warden can completely eliminate certain subliminal or covert channels.