AbstractNetwork covert channels have become a sophisticated means for transferring hidden information over the network. Covert channel‐internal control protocols, also called micro protocols, have been introduced in the recent years to enhance capabilities of the network covert channels. Micro protocols are usually placed within the hidden bits of a covert channel's payload and enable features such as reliable data transfer, session management, and dynamic routing for network covert channels. These features provide adaptive and stealthy covert communication channels. Some of the micro protocol based tools exhibit vulnerabilities and are susceptible to attacks. In this paper, we demonstrate some possible attacks on micro protocols, which are capable of breaking the sophisticated covert channel communication or jeopardizing the identity of peers in such a network. These attacks are based on the attacker's interaction with the micro protocol. We also present the defense techniques to safeguard micro protocols against such attacks. By using these techniques, micro protocol‐based tools can become immune to certain attacks and lead to robust covert communication. We present our results for two micro protocol‐based tools: Ping Tunnel and smart covert channel tool. Copyright © 2016 John Wiley & Sons, Ltd.
Read full abstract