PS1. Size Modulation Pattern (also P1)


Initial publication S. Wendzel, S. Zander, B. Fechner, C. Herdin in [1]
Illustration The covert channel uses the size of a header element or a PDU to encode a hidden message.
Context Network Covert Storage Channels → Modification of Non-Payload → Structure Modifying
Evidence
  • C. G. Girling. 1987. Covert Channels in LAN’s. IEEE Transactions on Software Engineering 13 (February 1987), 292–296. Issue 2.
  • M. Wolf. 1989. Covert channels in LAN protocols. In Proc. Local Area Network Security. LNCS, Vol. 396. Springer, 89–101.
  • S. J. Murdoch and S. Lewis. 2005. Embedding Covert Channels into TCP/IP. In Proc. Information Hiding Conference 2005 (LNCS), Vol. 3727. Springer, 247–261.
  • Steffen Wendzel, Florian Link, Daniela Eller, Wojciech Mazurczyk: Detection of Size Modulation Covert Channels Using Countermeasure Variation, Journal of Universal Computer Science (J.UCS), Vol. 25(11), 2019.
For more evidence entries cf. [1].
Implementation The implementation can be realized using CCEAP.
An alternative is: C. Heinz: TLSCC (University of Hagen)
Known Pattern-based Countermeasures


References:
[1] S. Wendzel, S. Zander, B. Fechner, C. Herdin: Pattern-based Survey and Categorization of Network Covert Channel Techniques, ACM Computing Surveys, Vol. 47, Issue 3, pp. 50:1-26, ACM, 2015.
An early version of the article is available here: download.

Keine Kommentare:

Kommentar veröffentlichen