Covert Channels Towards a Qual Project

Similar documents
Covert Communication & Malicious Cryptography

Covert Messaging Through TCP Timestamps

Covert channels in TCP/IP: attack and defence

New Approach towards Covert Communication using TCP-SQN Reference Model

Lecture 1: Perfect Security

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

A Covert Channel in Packet Switching Data Networks

Improvements to Covert Channels in TCP Timestamps

Planning a Jailbreak: Use Steganography

Network Security (NetSec)

A SIMPLE INTRODUCTION TO TOR

Introduction to Software Security Hash Functions (Chapter 5)

David Wetherall, with some slides from Radia Perlman s security lectures.

CS408 Cryptography & Internet Security

Lecture 13 Page 1. Lecture 13 Page 3

Mapping Internet Sensors with Probe Response Attacks

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

CSE 127: Computer Security Cryptography. Kirill Levchenko

Steganography in Commonly Used HF Radio Protocols

Internet security and privacy

Network Security Chapter 8

Introduction to Cryptography in Blockchain Technology. December 23, 2018

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing


Internet Protocol and Transmission Control Protocol

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

ENEE 459-C Computer Security. Security protocols (continued)

Introduction to Computer Security

CS Paul Krzyzanowski

Computer Security Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2018

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Mapping Internet Sensors with Probe Response Attacks

PROTECTING CONVERSATIONS

OnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization

Data Integrity. Modified by: Dr. Ramzi Saifan

Computer Security 3/20/18

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

CS 645 : Lecture 6 Hashes, HMAC, and Authentication. Rachel Greenstadt May 16, 2012

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

L13. Reviews. Rocky K. C. Chang, April 10, 2015

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

A Covert Channel in RTP Protocol

Firewalls, Tunnels, and Network Intrusion Detection

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Protocols for Anonymous Communication

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011

Tor: Online anonymity, privacy, and security.

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Karaoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

ENEE 459-C Computer Security. Security protocols

Security: Cryptography

Lecture 12 Page 1. Lecture 12 Page 3

Practical Aspects of Modern Cryptography

SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich

A Covert Channel in TTL Field of DNS Packets

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100

CS Final Exam

0x1A Great Papers in Computer Security

Securing Internet Communication: TLS

Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 8

Lecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

CSC 580 Cryptography and Computer Security

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Outline Basics of Data Encryption CS 239 Computer Security January 24, 2005

Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven

Outline More Security Protocols CS 239 Computer Security February 6, 2006

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 12

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

IP Security IK2218/EP2120

Onion services. Philipp Winter Nov 30, 2015

Refresher: Applied Cryptography

Computer Networks. Wenzhong Li. Nanjing University

CS 161 Computer Security

SSL/TLS. How to send your credit card number securely over the internet

CS Computer Networks 1: Authentication

Worksheet - Reading Guide for Keys and Passwords

APPLICATION OF INTRUSION DETECTION SOFTWARE TO PROTECT TELEMETRY DATA IN OPEN NETWORKED COMPUTER ENVIRONMENTS.

Temporal Key Integrity Protocol: TKIP. Tim Fielder University of Tulsa Tulsa, Oklahoma

1. Out of the 3 types of attacks an adversary can mount on a cryptographic algorithm, which ones does differential cryptanalysis utilize?

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

Introduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014

Denial of Service, Traceback and Anonymity

INSE 6110 Midterm LAST NAME FIRST NAME. Fall 2016 Duration: 80 minutes ID NUMBER. QUESTION Total GRADE. Notes:

How Alice and Bob meet if they don t like onions

Cryptanalysis. Ed Crowley

Failure models. Byzantine Fault Tolerance. What can go wrong? Paxos is fail-stop tolerant. BFT model. BFT replication 5/25/18

Some Stuff About Crypto

Outline Key Management CS 239 Computer Security February 9, 2004

Cryptography ThreeB. Ed Crowley. Fall 08

CS 268: Internet Architecture & E2E Arguments. Today s Agenda. Scott Shenker and Ion Stoica (Fall, 2010) Design goals.

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner

Encrypted Data Deduplication in Cloud Storage

Transcription:

Covert Channels Towards a Qual Project Rachel Greenstadt Harvard University Covert Channels p.1/21

Overview About covert channels Example channel: TCP timestamps Problems with the example channel Directions in covert channel research Covert Channels p.2/21

What s a Covert Channel? A channel transfers information in a way that violates a security policy This comes from military literature Alternately, consider... Covert Channels p.3/21

Alice and Bob in Jail Alice and Bob plan to escape But the Warden monitors their messages! If the warden suspects -> solitary confinement Covert Channels p.4/21

Isn t that a bit subversive? Well, yes... But censorship resistance And privacy And freedom Ok, how do we start? Covert Channels p.5/21

Threat Modelling: Know Your Warden Watch traffic over channel Attempt to detect suspicious activity Close off potential channels through filtering Allow legitimate communication. Covert Channels p.6/21

Covert Channel Properties Undetectability Plausible (legitimate cover) Open functionality Encode the message to match channel statistically Robustness Message survive natural/malicious lossiness Indispensable Covert Channels p.7/21

Example Channel My first publication! joint work with John Giffin, Peter Litwack, Richard Tibbetts Broken in some ways Covert Channels p.8/21

Why TCP Timestamps? TCP ubiquitous - plausibility Possible to modify the timestamp/delay packets Slow connection - low order bits random Encryption produces random bits Seems simple, encrypt message, hide it in low order bits Covert Channels p.9/21

Robustness??? Don t get TCP reliability if you use the timestamps! Bits delivered out of order Bits dropped randomly Data acknowledged, not packets, can t get reliability there. Timestamps must increase Timestamps are an option, can be replaced/squashed. Covert Channels p.10/21

How to get reliability? Divide data into blocks Use a hash of the headers to tell receiver which bit is in timestamp Encrypt that bit Make sure you send each bit o times Assume the receiver will get the block, then move on The receiver keeps a checksum to tell when to move on to next block Covert Channels p.11/21

Sending Data Packet Header Secret Key SHA1 Hash of Headers and Key bits 0-7 bit 8 Index KeyBit Current Message Block Plain Text Bit Cipher Text Bit Covert Channels p.12/21

Receiving Data Packet Header Secret Key Timestamp SHA1 Cipher Text Bit Hash of Headers and Key bits 0-7 bit 8 Index KeyBit Plain Text Bit Current Message Block Covert Channels p.13/21

Rewriting the Timestamp Start LSB of timestamp = cipher text bit? YES Done NO Increment timestamp Did the high order bits change? NO YES Recompute cipher text bit Covert Channels p.14/21

Detecting the TCP Timestamp Channel Drew Hintz, Defcon 10 Problem: Low order bits aren t cryptographically random Algorithm: Record all the low bits of the timestamp Put them through a complex randomness test If very random, then covert channel used Covert Channels p.15/21

Can This Idea Be Saved? Increase the occupation number (or use some less braindead error correctio scheme) Model the distribution of timestamps Remove some packets to lower the entropy of the channel Arms race? Covert Channels p.16/21

Should This Idea Be Saved? Complex, low bandwidth channel. Easy to remove anyway - timestamps are an option you could strip them from the packets or modify them. Maybe better off with another channel (say TCP initial seq numbers) Are they really random? Removable with a 32 bit offset Covert Channels p.17/21

Security Through Obscurity? Can you have a widespread covert channel? example: break the Chinese firewall? In crypto, algorithm public, key secret But known channels are closeable Should the channel be secret too? 3 can keep a secret if 2 of them are dead. Covert Channels p.18/21

Solutions? Superiminal channels. More generalized covert channel scheme Easy to apply to new channels In band method of channel rotation. Covert Channels p.19/21

Back to Randomness Maybe hard if limited to using true cryptographic randomness Need to encrypt to arbitrary distributions Maybe use ECCs and the rejection method Graph desired distribution, Pick uniform distribution which is larger Remove anything which doesn t fit Covert Channels p.20/21

Potential Directions Come up with a flexible covert channel scheme which can be used in many channels. Create a protocol for jumping between multiple covert channels. Covert Channels p.21/21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback