Using a secure permutational covert channel to detect local and wide area interposition attacks

Jaroslaw Paduch, Jamie Levy, Bilal Khan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

In this paper, we present new techniques to detect interposition attacks on stream-based connections in local and wide area networks. The approach developed here is general enough to apply uniformly to all circumstances where the man-in-the-middle attacker achieves interposition by corrupting higher-layer to low-layer address mappings. Thus, both the problem of local area network interposition through ARP poisoning, and the problem wide area interposition through DNS poisoning are addressed as special cases of our work. Like other solutions that reside between Layers 3 and 4 (e.g. IPSEC), our techniques enjoy the property that they do not require redesigning legacy software, as is the case for approaches that reside above Layer 4 (e.g. SSL/TLS). Unlike IPSEC, however, the developed system is tailored only to the detection of interposition attacks, and thus circumvents the overhead and complexity introduced in guaranteeing stream confidentiality and integrity. We describe the design of the system, demonstrate its efficacy, and provide a publicly accessible prototype implementation.

Original languageEnglish (US)
Title of host publicationProceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009
Pages79-83
Number of pages5
DOIs
StatePublished - Nov 30 2009
Event2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009 - Leipzig, Germany
Duration: Jun 21 2009Jun 24 2009

Publication series

NameProceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009

Other

Other2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009
CountryGermany
CityLeipzig
Period6/21/096/24/09

Fingerprint

Local area networks
Wide area networks

Keywords

  • ARP
  • Covert channels
  • DNS
  • Interposition

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Software

Cite this

Paduch, J., Levy, J., & Khan, B. (2009). Using a secure permutational covert channel to detect local and wide area interposition attacks. In Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009 (pp. 79-83). (Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009). https://doi.org/10.1145/1582379.1582398

Using a secure permutational covert channel to detect local and wide area interposition attacks. / Paduch, Jaroslaw; Levy, Jamie; Khan, Bilal.

Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009. 2009. p. 79-83 (Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Paduch, J, Levy, J & Khan, B 2009, Using a secure permutational covert channel to detect local and wide area interposition attacks. in Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009. Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009, pp. 79-83, 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009, Leipzig, Germany, 6/21/09. https://doi.org/10.1145/1582379.1582398
Paduch J, Levy J, Khan B. Using a secure permutational covert channel to detect local and wide area interposition attacks. In Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009. 2009. p. 79-83. (Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009). https://doi.org/10.1145/1582379.1582398
Paduch, Jaroslaw ; Levy, Jamie ; Khan, Bilal. / Using a secure permutational covert channel to detect local and wide area interposition attacks. Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009. 2009. pp. 79-83 (Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009).
@inproceedings{79791c77df4844d28c6f9a3fc716eae4,
title = "Using a secure permutational covert channel to detect local and wide area interposition attacks",
abstract = "In this paper, we present new techniques to detect interposition attacks on stream-based connections in local and wide area networks. The approach developed here is general enough to apply uniformly to all circumstances where the man-in-the-middle attacker achieves interposition by corrupting higher-layer to low-layer address mappings. Thus, both the problem of local area network interposition through ARP poisoning, and the problem wide area interposition through DNS poisoning are addressed as special cases of our work. Like other solutions that reside between Layers 3 and 4 (e.g. IPSEC), our techniques enjoy the property that they do not require redesigning legacy software, as is the case for approaches that reside above Layer 4 (e.g. SSL/TLS). Unlike IPSEC, however, the developed system is tailored only to the detection of interposition attacks, and thus circumvents the overhead and complexity introduced in guaranteeing stream confidentiality and integrity. We describe the design of the system, demonstrate its efficacy, and provide a publicly accessible prototype implementation.",
keywords = "ARP, Covert channels, DNS, Interposition",
author = "Jaroslaw Paduch and Jamie Levy and Bilal Khan",
year = "2009",
month = "11",
day = "30",
doi = "10.1145/1582379.1582398",
language = "English (US)",
isbn = "9781605585697",
series = "Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009",
pages = "79--83",
booktitle = "Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009",

}

TY - GEN

T1 - Using a secure permutational covert channel to detect local and wide area interposition attacks

AU - Paduch, Jaroslaw

AU - Levy, Jamie

AU - Khan, Bilal

PY - 2009/11/30

Y1 - 2009/11/30

N2 - In this paper, we present new techniques to detect interposition attacks on stream-based connections in local and wide area networks. The approach developed here is general enough to apply uniformly to all circumstances where the man-in-the-middle attacker achieves interposition by corrupting higher-layer to low-layer address mappings. Thus, both the problem of local area network interposition through ARP poisoning, and the problem wide area interposition through DNS poisoning are addressed as special cases of our work. Like other solutions that reside between Layers 3 and 4 (e.g. IPSEC), our techniques enjoy the property that they do not require redesigning legacy software, as is the case for approaches that reside above Layer 4 (e.g. SSL/TLS). Unlike IPSEC, however, the developed system is tailored only to the detection of interposition attacks, and thus circumvents the overhead and complexity introduced in guaranteeing stream confidentiality and integrity. We describe the design of the system, demonstrate its efficacy, and provide a publicly accessible prototype implementation.

AB - In this paper, we present new techniques to detect interposition attacks on stream-based connections in local and wide area networks. The approach developed here is general enough to apply uniformly to all circumstances where the man-in-the-middle attacker achieves interposition by corrupting higher-layer to low-layer address mappings. Thus, both the problem of local area network interposition through ARP poisoning, and the problem wide area interposition through DNS poisoning are addressed as special cases of our work. Like other solutions that reside between Layers 3 and 4 (e.g. IPSEC), our techniques enjoy the property that they do not require redesigning legacy software, as is the case for approaches that reside above Layer 4 (e.g. SSL/TLS). Unlike IPSEC, however, the developed system is tailored only to the detection of interposition attacks, and thus circumvents the overhead and complexity introduced in guaranteeing stream confidentiality and integrity. We describe the design of the system, demonstrate its efficacy, and provide a publicly accessible prototype implementation.

KW - ARP

KW - Covert channels

KW - DNS

KW - Interposition

UR - http://www.scopus.com/inward/record.url?scp=70450237771&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70450237771&partnerID=8YFLogxK

U2 - 10.1145/1582379.1582398

DO - 10.1145/1582379.1582398

M3 - Conference contribution

AN - SCOPUS:70450237771

SN - 9781605585697

T3 - Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009

SP - 79

EP - 83

BT - Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009

ER -