TY - GEN
T1 - Superimposing permutational covert channels onto reliable stream protocols
AU - Levy, Jamie
AU - Paduch, Jaroslaw
AU - Khan, Bilal
PY - 2008
Y1 - 2008
N2 - In this paper, we present a implicit encoding technique that makes use of lower-layer packet reordering to superimpose covert messages onto a reliable data stream. In particular, since the TCP layer provides a reliable in-order data stream over the unreliable network layer's IP datagram service, we can encode covert messages by artificially permuting IP packets before they leave the source and reading the permutation at the destination prior to delivering the pay-load to TCP. Applying such permutations will not adversely affect TCP's ability to reconstitute the transport layer data stream, since TCP is designed to be robust against out of order network layer packet delivery. We describe the design and operation of PERMEATE, an open-source covert channel toolkit which implements such a permutational covert channel over TCP, and we provide a quantitative assessment of it's efficacy and efficiency as a covert channel.
AB - In this paper, we present a implicit encoding technique that makes use of lower-layer packet reordering to superimpose covert messages onto a reliable data stream. In particular, since the TCP layer provides a reliable in-order data stream over the unreliable network layer's IP datagram service, we can encode covert messages by artificially permuting IP packets before they leave the source and reading the permutation at the destination prior to delivering the pay-load to TCP. Applying such permutations will not adversely affect TCP's ability to reconstitute the transport layer data stream, since TCP is designed to be robust against out of order network layer packet delivery. We describe the design and operation of PERMEATE, an open-source covert channel toolkit which implements such a permutational covert channel over TCP, and we provide a quantitative assessment of it's efficacy and efficiency as a covert channel.
UR - http://www.scopus.com/inward/record.url?scp=58149102209&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=58149102209&partnerID=8YFLogxK
U2 - 10.1109/MALWARE.2008.4690857
DO - 10.1109/MALWARE.2008.4690857
M3 - Conference contribution
AN - SCOPUS:58149102209
SN - 9781424432899
T3 - 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008
SP - 49
EP - 56
BT - 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008
T2 - 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008
Y2 - 7 October 2008 through 8 October 2008
ER -