Superimposing permutational covert channels onto reliable stream protocols

Jamie Levy, Jaroslaw Paduch, Bilal Khan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

In this paper, we present a implicit encoding technique that makes use of lower-layer packet reordering to superimpose covert messages onto a reliable data stream. In particular, since the TCP layer provides a reliable in-order data stream over the unreliable network layer's IP datagram service, we can encode covert messages by artificially permuting IP packets before they leave the source and reading the permutation at the destination prior to delivering the pay-load to TCP. Applying such permutations will not adversely affect TCP's ability to reconstitute the transport layer data stream, since TCP is designed to be robust against out of order network layer packet delivery. We describe the design and operation of PERMEATE, an open-source covert channel toolkit which implements such a permutational covert channel over TCP, and we provide a quantitative assessment of it's efficacy and efficiency as a covert channel.

Original languageEnglish (US)
Title of host publication3rd International Conference on Malicious and Unwanted Software, MALWARE 2008
Pages49-56
Number of pages8
DOIs
StatePublished - Dec 1 2008
Event3rd International Conference on Malicious and Unwanted Software, MALWARE 2008 - Alexandria, VA, United States
Duration: Oct 7 2008Oct 8 2008

Publication series

Name3rd International Conference on Malicious and Unwanted Software, MALWARE 2008

Other

Other3rd International Conference on Malicious and Unwanted Software, MALWARE 2008
CountryUnited States
CityAlexandria, VA
Period10/7/0810/8/08

Fingerprint

Network layers
Network protocols

ASJC Scopus subject areas

  • Software

Cite this

Levy, J., Paduch, J., & Khan, B. (2008). Superimposing permutational covert channels onto reliable stream protocols. In 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008 (pp. 49-56). [4690857] (3rd International Conference on Malicious and Unwanted Software, MALWARE 2008). https://doi.org/10.1109/MALWARE.2008.4690857

Superimposing permutational covert channels onto reliable stream protocols. / Levy, Jamie; Paduch, Jaroslaw; Khan, Bilal.

3rd International Conference on Malicious and Unwanted Software, MALWARE 2008. 2008. p. 49-56 4690857 (3rd International Conference on Malicious and Unwanted Software, MALWARE 2008).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Levy, J, Paduch, J & Khan, B 2008, Superimposing permutational covert channels onto reliable stream protocols. in 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008., 4690857, 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, pp. 49-56, 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, Alexandria, VA, United States, 10/7/08. https://doi.org/10.1109/MALWARE.2008.4690857
Levy J, Paduch J, Khan B. Superimposing permutational covert channels onto reliable stream protocols. In 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008. 2008. p. 49-56. 4690857. (3rd International Conference on Malicious and Unwanted Software, MALWARE 2008). https://doi.org/10.1109/MALWARE.2008.4690857
Levy, Jamie ; Paduch, Jaroslaw ; Khan, Bilal. / Superimposing permutational covert channels onto reliable stream protocols. 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008. 2008. pp. 49-56 (3rd International Conference on Malicious and Unwanted Software, MALWARE 2008).
@inproceedings{4e0476818450483c8ea5d3c9a1c00496,
title = "Superimposing permutational covert channels onto reliable stream protocols",
abstract = "In this paper, we present a implicit encoding technique that makes use of lower-layer packet reordering to superimpose covert messages onto a reliable data stream. In particular, since the TCP layer provides a reliable in-order data stream over the unreliable network layer's IP datagram service, we can encode covert messages by artificially permuting IP packets before they leave the source and reading the permutation at the destination prior to delivering the pay-load to TCP. Applying such permutations will not adversely affect TCP's ability to reconstitute the transport layer data stream, since TCP is designed to be robust against out of order network layer packet delivery. We describe the design and operation of PERMEATE, an open-source covert channel toolkit which implements such a permutational covert channel over TCP, and we provide a quantitative assessment of it's efficacy and efficiency as a covert channel.",
author = "Jamie Levy and Jaroslaw Paduch and Bilal Khan",
year = "2008",
month = "12",
day = "1",
doi = "10.1109/MALWARE.2008.4690857",
language = "English (US)",
isbn = "9781424432899",
series = "3rd International Conference on Malicious and Unwanted Software, MALWARE 2008",
pages = "49--56",
booktitle = "3rd International Conference on Malicious and Unwanted Software, MALWARE 2008",

}

TY - GEN

T1 - Superimposing permutational covert channels onto reliable stream protocols

AU - Levy, Jamie

AU - Paduch, Jaroslaw

AU - Khan, Bilal

PY - 2008/12/1

Y1 - 2008/12/1

N2 - In this paper, we present a implicit encoding technique that makes use of lower-layer packet reordering to superimpose covert messages onto a reliable data stream. In particular, since the TCP layer provides a reliable in-order data stream over the unreliable network layer's IP datagram service, we can encode covert messages by artificially permuting IP packets before they leave the source and reading the permutation at the destination prior to delivering the pay-load to TCP. Applying such permutations will not adversely affect TCP's ability to reconstitute the transport layer data stream, since TCP is designed to be robust against out of order network layer packet delivery. We describe the design and operation of PERMEATE, an open-source covert channel toolkit which implements such a permutational covert channel over TCP, and we provide a quantitative assessment of it's efficacy and efficiency as a covert channel.

AB - In this paper, we present a implicit encoding technique that makes use of lower-layer packet reordering to superimpose covert messages onto a reliable data stream. In particular, since the TCP layer provides a reliable in-order data stream over the unreliable network layer's IP datagram service, we can encode covert messages by artificially permuting IP packets before they leave the source and reading the permutation at the destination prior to delivering the pay-load to TCP. Applying such permutations will not adversely affect TCP's ability to reconstitute the transport layer data stream, since TCP is designed to be robust against out of order network layer packet delivery. We describe the design and operation of PERMEATE, an open-source covert channel toolkit which implements such a permutational covert channel over TCP, and we provide a quantitative assessment of it's efficacy and efficiency as a covert channel.

UR - http://www.scopus.com/inward/record.url?scp=58149102209&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=58149102209&partnerID=8YFLogxK

U2 - 10.1109/MALWARE.2008.4690857

DO - 10.1109/MALWARE.2008.4690857

M3 - Conference contribution

AN - SCOPUS:58149102209

SN - 9781424432899

T3 - 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008

SP - 49

EP - 56

BT - 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008

ER -