Application Layer Covert Channel Analysis and ... - Bill Buchanan

More documents

Recommendations

Info

Z. Kwecka, BSc (Hons) Network Computing, 2006 10Traditionally all the documents relating to data hiding and cryptography, since RonRivest’s article presenting RSA cryptosystem in 1978, sender is not being calledperson A but is named Alice, and the receiver is called Bob instead of person B(Rivest, 1978). This scheme is used in this report, to make the discussions easier tofollow, for the convenience of the reader. Thus, eavesdropper system in this scheme isalso called Eve (Figure 1-1).In covert channel scenarios Alice is often considered to be an inmate of a highsecurity prison. It is assumed that she knows an escape plan from a prison where Bobis spending his sentence. Alice is trying to send the escape plan to Bob, however Eve,the governor checks their communication very precisely, thus they employ covertchannel know to them to sent the secret messages. Figure 1-2 illustrates basic methodof information hiding employing plain text message as a carrier (first letters of thewords in the message combined together form: LetTheMissionBegin).Let everyone tango.This has Edward’smind in some simple inquiry of nothing,before everyone gets into Nirvana.Figure 1-2 Cover Channel (Buchanan, 2006)1.4 Project Aims and ObjectivesThis project began with intend of analysing possible counter measures to ApplicationLayer covert channels technologies. Therefore following aims were specified:(a) Research possible carriers of covert information at Application Layer ofInternet protocol suite.(b) Prototype suitable CCDS.(c) Evaluate the prototype and suggest a framework for identifying detectionsystems’ sensitivity, to various types of covert traffic, as well as capability ofintroducing noise into the suspected channels.In order to accomplish these aims, following objectives were also defined:(a) Investigate current research of covert channels and technologies available fortheir detection and limitation.(b) Choose a programming language suitable for prototyping of CCDS.(c) Define testing environment for the prototype’s evaluation.(d) Propose further research areas.
Z. Kwecka, BSc (Hons) Network Computing, 2006 111.5 Thesis StructureChapter 1Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Introduction. This chapter provides the overview of the work performedfor the needs of this Honours Project DissertationTheory. Some of the underlying theory of Internet protocol stack andprecise definitions of the term covert channel are given in this chapter.Literature Review. This chapter provides the background of the currentresearch conducted in the field of covert channels. Also suggestion of thesuitable methods of covert chapter detection and prototype evaluation areprovided.Design. This chapter provides high level overview of proposedprototype.Implementation. The detail behind the implementation of experimentsand prototyped system are unrelieved in this chapter.Experiment Data Analysis. The results form the experiments performedare presented in this chapter, together with early evaluation of thefindings.Discussion, Conclusions and Further Work. This chapter summarisesthe work performed for this dissertation, presents the findings andsuggest further work required in this field.ReferencesAppendixes
Page 1 and 2: Application Layer Covert ChannelAna
Page 3 and 4: Z. Kwecka, BSc (Hons) Network Compu
Page 9: Z. Kwecka, BSc (Hons) Network Compu
Page 60 and 61:
Z. Kwecka, BSc (Hons) Network Compu
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138:
show all

Application Layer Covert Channel Analysis and ... - Bill Buchanan

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?