Using a secure permutational covert channel to detect local and wide area interposition attacks

Jaroslaw Paduch, Jamie Levy, Bilal Khan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

In this paper, we present new techniques to detect interposition attacks on stream-based connections in local and wide area networks. The approach developed here is general enough to apply uniformly to all circumstances where the man-in-the-middle attacker achieves interposition by corrupting higher-layer to low-layer address mappings. Thus, both the problem of local area network interposition through ARP poisoning, and the problem wide area interposition through DNS poisoning are addressed as special cases of our work. Like other solutions that reside between Layers 3 and 4 (e.g. IPSEC), our techniques enjoy the property that they do not require redesigning legacy software, as is the case for approaches that reside above Layer 4 (e.g. SSL/TLS). Unlike IPSEC, however, the developed system is tailored only to the detection of interposition attacks, and thus circumvents the overhead and complexity introduced in guaranteeing stream confidentiality and integrity. We describe the design of the system, demonstrate its efficacy, and provide a publicly accessible prototype implementation.

Original languageEnglish (US)
Title of host publicationProceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009
Pages79-83
Number of pages5
DOIs
Publication statusPublished - Nov 30 2009
Event2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009 - Leipzig, Germany
Duration: Jun 21 2009Jun 24 2009

Publication series

NameProceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009

Other

Other2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009
CountryGermany
CityLeipzig
Period6/21/096/24/09

    Fingerprint

Keywords

  • ARP
  • Covert channels
  • DNS
  • Interposition

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Software

Cite this

Paduch, J., Levy, J., & Khan, B. (2009). Using a secure permutational covert channel to detect local and wide area interposition attacks. In Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009 (pp. 79-83). (Proceedings of the 2009 ACM International Wireless Communications and Mobile Computing Conference, IWCMC 2009). https://doi.org/10.1145/1582379.1582398