Covert channels in TCP/IP: attack and defence

Similar documents
New Approach towards Covert Communication using TCP-SQN Reference Model

Introduction to TCP/IP networking

CSCI-GA Operating Systems. Networking. Hubertus Franke

Covert TCP/IP network channels using Whitenoise protocol. Michal Rogala.

STEVEN R. BAGLEY PACKETS

ELEC5616 COMPUTER & NETWORK SECURITY

Covert Communication & Malicious Cryptography

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

EE 610 Part 2: Encapsulation and network utilities

ECE4110 Internetwork Programming. Introduction and Overview

Network Forensics and Covert Channels Analysis in Internet Protocols

Guide To TCP/IP, Second Edition UDP Header Source Port Number (16 bits) IP HEADER Protocol Field = 17 Destination Port Number (16 bit) 15 16

Introduction to Networking. Operating Systems In Depth XXVII 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.

Improving TCP/IP Security Through Randomization Without Sacrificing Interoperability. Michael J. Silbersack. November 26th, 2005

TCP TCP/IP: TCP. TCP segment. TCP segment. TCP encapsulation. TCP encapsulation 1/25/2012. Network Security Lecture 6

Covert Channels Towards a Qual Project

CSC 574 Computer and Network Security. TCP/IP Security

Internet Protocol and Transmission Control Protocol

Improvements to Covert Channels in TCP Timestamps

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

Packet Header Formats

Introduction to Internet. Ass. Prof. J.Y. Tigli University of Nice Sophia Antipolis

ARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

User Datagram Protocol

Cryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015

Internet Networking recitation #2 IP Checksum, Fragmentation

Transport Protocols Reading: Sections 2.5, 5.1, and 5.2. Goals for Todayʼs Lecture. Role of Transport Layer

Transport Protocols Reading: Sections 2.5, 5.1, and 5.2

CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

CHAPTER-2 IP CONCEPTS

Protocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS

Transport Over IP. CSCI 690 Michael Hutt New York Institute of Technology

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

EEC-682/782 Computer Networks I

Detect Covert Channels in TCP/IP Header using Naive Bayes

Two approaches to Flow Control. Cranking up to speed. Sliding windows in action

OSI Network Layer. Network Fundamentals Chapter 5. Version Cisco Systems, Inc. All rights reserved. Cisco Public 1

CS4700/CS5700 Fundamentals of Computer Networks

Sequence Number. Acknowledgment Number. Checksum. Urgent Pointer plus Sequence Number indicates end of some URGENT data in the packet

ECE 435 Network Engineering Lecture 9

User Datagram Protocol (UDP):

Introduction to Software Security Hash Functions (Chapter 5)

ECE 435 Network Engineering Lecture 15

CS457 Transport Protocols. CS 457 Fall 2014

Transport Protocols. Raj Jain. Washington University in St. Louis

Layered Networking and Port Scanning

ECE 650 Systems Programming & Engineering. Spring 2018

Sirindhorn International Institute of Technology Thammasat University

TSIN02 - Internetworking

EEC-484/584 Computer Networks. Lecture 16. Wenbing Zhao

Interconnecting Networks with TCP/IP

TSIN02 - Internetworking

TSIN02 - Internetworking

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

CSc 466/566. Computer Security. 18 : Network Security Introduction

S. Erfani, ECE Dept., University of Windsor Network Security

interface Question 1. a) Applications nslookup/dig Web Application DNS SMTP HTTP layer SIP Transport layer OSPF ICMP IP Network layer

The aim of this unit is to review the main concepts related to TCP and UDP transport protocols, as well as application protocols. These concepts are

On the Origins of a Thesis

> : S. timestamp > : (0) win <mss 1460,nop,wscale 0,nop,nop, 4 different options used

CS519: Computer Networks. Lecture 2: Feb 2, 2004 IP (Internet Protocol)

Transport Layer. The transport layer is responsible for the delivery of a message from one process to another. RSManiaol

Ref: A. Leon Garcia and I. Widjaja, Communication Networks, 2 nd Ed. McGraw Hill, 2006 Latest update of this lecture was on

TSIN02 - Internetworking

4. What is the sequence number of the SYNACK segment sent by spinlab.wpi.edu to the client computer in reply to the SYN? Also Seq=0 (relative

CSE/EE 461 The Network Layer. Application Presentation Session Transport Network Data Link Physical

Just enough TCP/IP. Protocol Overview. Connection Types in TCP/IP. Control Mechanisms. Borrowed from my ITS475/575 class the ITL

First Semester Examinations 2015/16 (Model Solution) INTERNET PRINCIPLES

440GX Application Note

IP : Internet Protocol

Transport Protocols Reading: Sections 2.5, 5.1, and 5.2

Chapter 7 Internet Protocol Version 4 (IPv4) Kyung Hee University

Need For Protocol Architecture

Need For Protocol Architecture

TCP Service Model. Today s Lecture. TCP Support for Reliable Delivery. EE 122:TCP, Connection Setup, Reliability

First Semester Examinations 2013/14 (Model Solution) INTERNET PRINCIPLES

CIT 480: Securing Computer Systems

Paper solution Subject: Computer Networks (TE Computer pattern) Marks : 30 Date: 5/2/2015

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Advanced Network Design

System-Level Failures in Security

Outline. Internet. Router. Network Model. Internet Protocol (IP) Design Principles

Concept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space that is provided.

CS155 Firewalls. Why Firewalls? Why Firewalls? Bugs, Bugs, Bugs

CSCI-1680 Link Layer I Rodrigo Fonseca

CS 161 Computer Security

ECE 358 Project 3 Encapsulation and Network Utilities

8/19/2010. Computer Forensics Network forensics. Data sources. Monitoring

TCP Strategies. Keepalive Timer. implementations do not have it as it is occasionally regarded as controversial. between source and destination

CPSC 467b: Cryptography and Computer Security

(Still) Exploiting TCP Timestamps

Internetwork Protocols

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

To see the details of TCP (Transmission Control Protocol). TCP is the main transport layer protocol used in the Internet.

Internet Protocol. Outline Introduction to Internet Protocol Header and address formats ICMP Tools CS 640 1

Computer Networks. Transmission Control Protocol. Jianping Pan Spring /3/17 CSC361 1

Position of IP and other network-layer protocols in TCP/IP protocol suite

precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level)

Steganography Using TCP / IP's Sequence Number

Transcription:

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/{sjm217, srl32} Computer Laboratory University of Cambridge 22nd Chaos Communication Congress

Scenario Alice Walter Bob

Threat model Walter is a passive warden, trying to detect unauthorised communication from Alice to Bob To break this policy, Alice uses a covert channel Walter knows which OS Alice is running Alice sends message hidden in cover-text The cover-text must be received intact Alice requires indistinguishability Subject to these constraints, Alice would like to maximise the available bandwidth Techniques to achieve these goals are known as steganography

Protocol stack Ethernet Type: IP, From: 00:11:11:0e:08:ea, To: 00:00:0c:07:ac:01 IP Type: TCP, ToS: 0, Flags: 4, ID:6801, From: 128.232.0.20, To: 213.73.91.29,... TCP Seq: 3622491521, Ack: 1380426457 From: port 37633, To: port 80,... GET /congress/2005/ HTTP/1.0...

Why TCP/IP Lower levels (Ethernet) will not reach Bob Alice might not be able to control which applications she runs So higher level protocols might not be available Almost all network applications use TCP/IP So Alice can use this without raising suspicion

IP 0 3 4 7 8 15 16 18 19 23 24 31 Version IHL Type of Service Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address Options Padding

Fragmentation If IP packets are too large to fit into the lower layer, they can be fragmented Data could be encoded by changing The size of fragments The order of fragments IP gives no guarantees of in-order delivery So IP packets can be re-ordered All these are predictable, so while the cover-text will get through, Walter can see the steganography

Seldom used IP options ToS: Used for altering quality of service Almost never used, so easily detectable Flags: Used to signal fragmentation Predictable based on context, so easily detectable IP options (different from TCP options) Seldom used now, so easily detectable

IP ID Unique value associated with each IP packet Used to re-assemble fragments Commonly implemented (e.g. Linux) as a per-destination counter This is to prevent idle-scanning Linked to TCP (details later) Violating this would result in easy detection Respecting this dramatically reduces bandwidth

TCP 0 3 4 9 10 15 16 23 24 31 Source Port Destination Port Sequence Number Acknowledgement Number Offset Reserved Flags Window Checksum Urgent Pointer Options (including timestamp) Padding

TCP timestamp Option available in TCP packets which allows hosts to measure round-trip-time Available in most modern operating systems, but off by default in Windows Stores the time packet was sent, according to a 1 Hz 1 khz clock Predictable, but packets can be delayed to force this value to be odd or even, allowing 1 bit per packet to be sent With high-bandwidth connections, where many packets with the same timestamp are normally sent out, this scheme can be detected

TCP initial sequence number When TCP connection is first built, each side picks an initial sequence number (ISN), used for reliability and flow control. To prevent IP address spoofing, this number should be hard to guess While there have been problems in the past, all modern operating systems now do this It is large (32 bits), and because it is unpredictable to outsiders, including Walter, this field is the most useful for steganography. However using it properly is far from simple

Nushu Presented by Joanna Rutkowska at 21C3 Steganographic covert channel implemented for Linux Also includes error recovery Uses clever kernel tricks to hide from local detection (outside the scope of this talk) Replaces ISN with encrypted message (so should look random)

Catching Nushu 907100000 9.20e+08 9.30e+08 906500000 9.20e+08 9.30e+08 Unmodified Linux Current ISN Next ISN 11470000 2e+09 3e+09 4.28e+09 11710000 2e+09 3e+09 4.29e+09 Nushu Current ISN

Nushu encryption Source Port Address Destination Port Address "NU" DES Key Message New ISN

Source Port Address Nushu encryption Frequent duplications Destination Port Address "NU" DES Key Message New ISN

Attacking the cryptography There will be frequent duplications of this Source IP is fixed; destination IP will not vary much Destination port will not vary much and source port does not use anywhere near all of the 2 16 possibilities Whenever there is a duplication, the output of DES will be the same X = (M 1 K ) (M 2 K ) = M 1 M 2 If M 1 = M 2 then X = 0 Even if M 1 M 2, X will still show patterns

Nushu revealed 906600000 9.15e+08 9.25e+08 934500000 907200000 9.20e+08 9.30e+08 Unmodified Linux Current ISN Next ISN with same IV 28540000 2e+09 3e+09 4.29e+09 28540000 2e+09 3e+09 4.29e+09 Nushu Current ISN

Linux ISN generation Source IP Dest. IP S. Port D. Port

Linux ISN generation Source IP Dest. IP S. Port D. Port R Concatenate 32 random bits

Linux ISN generation Source IP Dest. IP S. Port D. Port R Concatenate 32 random bits R-MD4 block: 256 random bits

Linux ISN generation Source IP Dest. IP S. Port D. Port R Concatenate 32 random bits R-MD4 block: 256 random bits Take bits 32 63

Linux ISN generation Source IP Dest. IP S. Port D. Port R Concatenate 32 random bits R-MD4 block: 256 random bits Take bits 32 63 c replace top byte with rekey counter...

Linux ISN generation Source IP Dest. IP S. Port D. Port R Concatenate 32 random bits R-MD4 block: 256 random bits Take bits 32 63 c +T...and add 32-bit time (µs)

Patterns with the Linux ISN Within a rekey period, multiple connections with the same source/destination, IP address/port number will have the same input to MD4 The difference between the ISNs for two connections will be the time difference in microseconds The Nushu problem could be prevented by not repeating IVs Use more randomness (hash as much of the header as possible) In case there is a collision, use a 32-bit block cipher Never send the same plaintext with the same IV This would hide any patterns, but Linux introduces patterns of its own

Better cryptography doesn t help 1 4 6 8 10 1319 4000 6000 8000 9987 Unmodified Linux Time difference (ms) ISN difference (mod 2 32 ) 1 2 3 4 5 6 7 8 16280000 2e+09 3e+09 4.289e+09 Random ISN Time difference (ms)

Steganography for Linux Replace the lower 3 bytes with our data Restore rekey counter Add one to rekey counter if carry bit is needed Subtract current time in microseconds (mod 2 32 ) from our data If this is negative, add one to they rekey counter, otherwise leave it alone Patch up the checksum and IP ID (depends on ISN) Can use the ACK from the remote host to get a good idea of whether the SYN packet was lost Freshness is achieved by xoring the plaintext with a hash of Source/Destination IP and Source/Destination Port One bit is reserved to cope with potential collisions

OpenBSD Counter Block Cipher 1024 bit random key RC4 pseudorandom

OpenBSD Counter Block Cipher 1024 bit random key RC4 pseudorandom r 0

Steganography with OpenBSD Can code directly into the bottom 15 bits of the ISN (pre-shared key, with hash of other header fields for freshness) Need to code arbitrary data (with redundancy) onto a pseudorandom sequence of integers between 0 and 2 15 For reliability, Bob needs to be able to cope with the loss of some of the elements in the sequence Elements of the sequence are encrypted using a block cipher before transmission, and thus appear exactly as a pseudorandom sequence to the warden

Clock skew (TCP timestamps) Offset (ms) 0 20 40 60 0 100 200 300 400 Time (s)

Timing information from ISNs All computers have a clock crystal to measure time, but imperfections cause some to run faster or slower than they should This error is very stable over time, and so can acts as an identity for a computer Even if the computer changes IP address or moves, its clock skew will stay the same and allows the computer to be tracked. There are several ways to extract clock skew information remotely TCP timestamp clocks run at 100 Hz or 1 khz on Linux ICMP timestamp clocks run at 1 khz On Linux, the TCP ISN clock runs at 1 MHz

Clock skew (ICMP timestamps) Offset (ms) 0 20 40 60 0 100 200 300 400 Time (s)

Timing patterns in the ISN 1 4 6 8 10 1319 4000 6000 8000 9987 Unmodified Linux Time difference (ms) ISN difference (mod 2 32 ) 1 2 3 4 5 6 7 8 16280000 2e+09 3e+09 4.289e+09 Random ISN Time difference (ms)

Clock skew (TCP ISN) Offset (ms) 0 20 40 60 0 100 200 300 400 Time (s)

Conclusion Many proposed steganography schemes are detectable The common flaw is to assume that fields that can be random are random In fact, many fields in protocols are not random sometimes for good reason, sometimes just through chance To build undetectable steganography schemes, you must examine exactly how fields are generated, before you can modify it safely If physical device fingerprinting is a concern, there are sources of time information which you might not expect

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback