-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathintroduction.tex
More file actions
10 lines (6 loc) · 2.43 KB
/
introduction.tex
File metadata and controls
10 lines (6 loc) · 2.43 KB
1
2
3
4
5
6
7
8
9
10
\chapter{Introduction}
\label{ch:introduction}
Covert channels are hidden communication methods that are "not intended for information transfer at all" \cite{ANOTCP}. They differ from overt channels in that uninvolved parties are unaware of their existence. While encrypted channels protect the content of communication, covert channels prevent the detection of the communication itself. This makes them suitable for exfiltrating data from secure environments, and censorship resistance \citep{TWACCS}, where a warden exists between parties to prevent or monitor communication.
Covert channels can be classified into two main types: covert timing channels and covert storage channels. Covert timing channels allow a process to signal information to another by modulating its use of resources in a way that is observable and interpretable to another process \citep{TCSEC}. For example, this may be altering the Inter-packet delay (IPD) between packets in the TCP/IP stack. However, \cite{DIAWAPSCC} shows Active Wardens can mitigate these channels by normalizing the IPD. Covert storage channels, on the other hand, exploit storage locations accessible to the receiver. This paper focuses on covert storage channels in the protocols of the TCP/IP stack, due to the absence of blanket mitigation techniques.
Existing covert channel implementations typically target a single channel, such as embedding data into Skype traffic \citep{DAMBCTCST} or reserved fields in the IEEE 802 family of protocols \citep{CCiLANP}. For optimal effectiveness, covert channels must be tailored to their operating environment. For instance, a covert channel in the IPv6 header would be ineffective in an IPv4-only environment, out-of-place protocols can be easily detected by an IDS \citep{TWACCS}. Adaptive covert channels can address this issue by adapting to their surroundings and evading detection by adversaries, as covert systems are inherently more effective and secure when undetected \citep{GUCCA}. However, the non-stationary nature of network environments \citep{PNFD} complicates this task.
This paper proposes a framework for adaptive covert channels and evaluates its effectiveness in a simulated environment. The framework employs an algorithm to identify the most suitable covert channel for the current environment and a set of protocols for communication between the sender and receiver. A more comprehensive overview of the objectives of this paper can be found in \fullref{ch:objectives}.