An Improved Method for Detecting Covert Channels in the Transport Layer

Abstract

Steganography is one of the techniques used both to leak information and to prevent theft and distortion of confidential information. Covert channels in the network are one of the platforms for information steganography in the network. Often, this method is realized using the network's protocols. Network protocols are used as an information transfer medium. Network protocols can contain critical information and carry them into the network without attracting consideration. Covert channels are evaluated with three different criteria including capacity, robustness, and insensitivity. Also, the methods to deal with it include removing, limiting, and diagnosing the channel. By definition, covert channels are used to realize covert communication. Steganography methods are safe if the stego has no detectable signatures. Put differently, the stego statistical properties (audio, image, and video) should be similar to the cover properties. The ability to discover the message in the stego depends on the length of the hidden message. The proposed method in this study is to consider the amount of redundant information in a repository, explore the discoverable signs of the covert channel, and check the packet length in the checksum field in the UDP protocol at the transmission layer.