| Initial publication | S. Wendzel, S. Zander, B. Fechner, C. Herdin in [1] |
| Illustration | The covert channel alters the sequence of header/PDU elements to encode hidden information. |
| Context | Network Covert Storage Channels → Modification of Non-Payload → Structure Modifying |
| Evidence | A. Dyatlov and S. Castro. 2005. Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the HTTP protocol. Technical Report. Gray-World.net. R. Rios, J.A. Onieva, and J. Lopez. 2012. HIDE DHCP: Covert Communications Through Network Configu- ration Messages. In Proc. IFIP TC 11 27th International Information Security Conference. Springer. X.-g. Zou, Q. Li, S.-H. Sun, and X. Niu. 2005. The Research on Information Hiding Based on Command Sequence of FTP Protocol. In Proc. 9th Int. Conf. on Knowledge-Based Intelligent Information and En- gineering Systems (KES 2005), Part III (LNCS), Vol. 3683. Springer Berlin Heidelberg, 1079–1085. |
| Implementation | ? |
PS2.a. Position Pattern (also P2a)
| Initial publication | S. Wendzel, S. Zander, B. Fechner, C. Herdin in [1] |
| Illustration | The covert channel alters the position of a given header/PDU element to encode hidden information. |
| Context | Network Covert Storage Channels → Modification of Non-Payload → Structure Modifying → Sequence |
| Evidence | R. Rios, J.A. Onieva, and J. Lopez. 2012. HIDE DHCP: Covert Communications Through Network Configu- ration Messages. In Proc. IFIP TC 11 27th International Information Security Conference. Springer. For further examples cf. [1]. |
| Implementation | ? |
PS2.b. Number of Elements Pattern (also P2b)
| Initial publication | S. Wendzel, S. Zander, B. Fechner, C. Herdin in [1] |
| Illustration | The covert channel encodes hidden information by the number of header/PDU elements transferred. |
| Context | Network Covert Storage Channels → Modification of Non-Payload → Structure Modifying → Sequence |
| Evidence | R. Rios, J.A. Onieva, and J. Lopez. 2012. HIDE DHCP: Covert Communications Through Network Configu- ration Messages. In Proc. IFIP TC 11 27th International Information Security Conference. Springer. W. Mazurczyk and K. Szczypiorski. 2012. Evaluation of steganographic methods for oversized IP packets. Telecommunication Systems 49, 2 (2012), 207–217. A third example is mentioned in [1]. |
| Implementation | ? |
References:
[1] S. Wendzel, S. Zander, B. Fechner, C. Herdin: Pattern-based Survey and Categorization of Network Covert Channel Techniques, ACM Computing Surveys, Vol. 47, Issue 3, pp. 50:1-26, ACM, 2015.
An early version of the article is available here: download.
Keine Kommentare:
Kommentar veröffentlichen