Superimposing permutational covert channels onto reliable stream protocols

Jamie Levy, Jaroslaw Paduch, Bilal Khan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

In this paper, we present a implicit encoding technique that makes use of lower-layer packet reordering to superimpose covert messages onto a reliable data stream. In particular, since the TCP layer provides a reliable in-order data stream over the unreliable network layer's IP datagram service, we can encode covert messages by artificially permuting IP packets before they leave the source and reading the permutation at the destination prior to delivering the pay-load to TCP. Applying such permutations will not adversely affect TCP's ability to reconstitute the transport layer data stream, since TCP is designed to be robust against out of order network layer packet delivery. We describe the design and operation of PERMEATE, an open-source covert channel toolkit which implements such a permutational covert channel over TCP, and we provide a quantitative assessment of it's efficacy and efficiency as a covert channel.

Original languageEnglish (US)
Title of host publication3rd International Conference on Malicious and Unwanted Software, MALWARE 2008
Pages49-56
Number of pages8
DOIs
StatePublished - 2008
Event3rd International Conference on Malicious and Unwanted Software, MALWARE 2008 - Alexandria, VA, United States
Duration: Oct 7 2008Oct 8 2008

Publication series

Name3rd International Conference on Malicious and Unwanted Software, MALWARE 2008

Other

Other3rd International Conference on Malicious and Unwanted Software, MALWARE 2008
CountryUnited States
CityAlexandria, VA
Period10/7/0810/8/08

ASJC Scopus subject areas

  • Software

Fingerprint Dive into the research topics of 'Superimposing permutational covert channels onto reliable stream protocols'. Together they form a unique fingerprint.

  • Cite this

    Levy, J., Paduch, J., & Khan, B. (2008). Superimposing permutational covert channels onto reliable stream protocols. In 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008 (pp. 49-56). [4690857] (3rd International Conference on Malicious and Unwanted Software, MALWARE 2008). https://doi.org/10.1109/MALWARE.2008.4690857