ABSTRACT
Computer networks play a key role in everyday lives. To guarantee fail-safe operation, routing protocols are used that enable dynamic routing via redundant paths. Because of this, routing protocols like RIP or OSPF play an important role in modern network infrastructures. The widespread use together with the mostly missing traffic monitoring of these protocols provide a possible base to exploit these protocols for network steganographic channels. In this paper, we present a novel storage covert channel based on the OSPF routing protocol. We analyzed the protocol in detail with the help of hiding patterns to identify protocol fields that might be suitable for covert communication. We provide a proof-of-concept implementation of our covert channel inside a simulated network, which demonstrates the possibility of covert communication in a routing protocol. Our evaluation covers detectability and countermeasures, steganographic bandwidth and robustness. Furthermore, we sketch an application scenario where such a covert channel can be deployed.
- Stefan Achleitner, Quinn Burke, Patrick McDaniel, Trent Jaeger, Thomas La Porta, and Srikanth Krishnamurthy. 2021. MLSNet: A Policy Complying Multilevel Security Framework for Software Defined Networking. IEEE Transactions on Network and Service Management 18, 1 (2021), 729–744. https://doi.org/10.1109/TNSM.2020.3045998Google ScholarDigital Library
- Peter Backs, Steffen Wendzel, and Jörg Keller. 2012. Dynamic routing in covert channel overlays based on control protocols. In 7th International Conference for Internet Technology and Secured Transactions, ICITST 2012, London, United Kingdom, December 10-12, 2012, Nick Savage, Safwan El Assad, and Charles A. Shoniregun (Eds.). IEEE, New York, 32–39. https://ieeexplore.ieee.org/document/6470978/Google Scholar
- Andrew D. Banasiewicz. 2013. Marketing database analytics: transforming data for competitive advantage. Routledge, New York. https://doi.org/10.4324/9780203076460Google ScholarCross Ref
- J. W. Byers, M. Luby, M. Mitzenmacher, and A. Rege. 1998. A Digital Fountain Approach to Reliable Distribution of Bulk Data. In Proc. of the ACM SIGCOMM 1998 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM ’98), Vancouver, B.C., Canada. ACM, New York, NY, 56–67.Google Scholar
- Serdar Cabuk, Clara E. Brodley, and Clay Shields. 2009. IP Covert Channel Detection. ACM Transactions on Information and System Security (TISSEC) 12, 4 (April 2009), 22:1–22:29. https://doi.org/10.1145/1513601.1513604Google ScholarDigital Library
- R. Coltun, D. Ferguson, J. Moy, and A. Lindem. 2008. RfC-5340: OSPF for IPv6. The Internet Society, Plaza America Drive, Reston, VA. https://www.rfc-editor.org/rfc/rfc5340.txtGoogle Scholar
- Jingsong Cui, Chi Guo, Manli Zhang, and Qi Guo. 2020. A Method for Realizing Covert Communication at Router Driving Layer. In Trusted Computing and Information Security, Weili Han, Liehuang Zhu, and Fei Yan (Eds.). Springer Singapore, Singapore, 104–118.Google Scholar
- Thomas W. Edgar and David O. Manz. 2017. Chapter 2 - Science and Cyber Security. In Research Methods for Cyber Security, Thomas W. Edgar and David O. Manz (Eds.). Syngress, Amsterdam, 33–62. https://doi.org/10.1016/B978-0-12-805349-2.00002-9Google ScholarCross Ref
- Everyday Finance. 2008. Factors of Production: Land, Labor, Capital. Everyday Finance: Economics, Personal Money Management, and Entrepreneurship. v. 1, p17-20. Bd. 1.Google Scholar
- W. Fraczek, W. Mazurczyk, and K. Szczypiorski. 2012. Multilevel Steganography: Improving Hidden Communication in Networks. Journal of Universal Computer Science 18, 14 (July 2012), 1967–1986. https://doi.org/10.3217/jucs-018-14-1967Google ScholarCross Ref
- Bassam Halabi and Danny McPherson. 2001. Internet routing architectures (2 ed.). Cisco Press, Indianapolis, IN.Google Scholar
- Jörg Keller and Ewelina Marciniszyn. 2022. Improved Concept and Implementation of a Fountain Code Covert Channel. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) 13, 3 (2022), 25–36. https://doi.org/10.22667/JOWUA.2022.09.30.025Google ScholarCross Ref
- Umer Khan. 2003. In The Best Damn Cisco Internetworking. Syngress, Rockland, Massachusetts. https://doi.org/10.1016/B978-193183691-3/50022-5Google ScholarCross Ref
- Mehrdad Khosravi, Maryam Hasanzadeh, and Vahid Khodabakhshi. 2012. A Novel Method for Information Hiding in AODV — The Case of Mobile Ad-hoc Networks. In 9th International ISC Conference on Information Security and Cryptology.Google Scholar
- Butler W. Lampson. 1973. A note on the confinement problem. Commun. ACM 16, 10 (1973), 613–615. https://doi.org/10.1145/362375.362389Google ScholarDigital Library
- Wojciech Mazurczyk, Steffen Wendzel, Sebastian Zander, Amir Houmansadr, and Krzysztof Szczypiorski. 2016. Information Hiding in Communication Networks: Fundamentals, Mechanisms, and Applications. Wiley, New York, NY.Google ScholarDigital Library
- Miralem Mehic, Miroslav Voznák, and Peppino Fazio. 2017. Multicast Steganography Using Routing Protocols. In Multimedia Communications, Services and Security - 9th International Conference, MCSS 2017, Kraków, Poland, November 16-17, 2017, Proceedings(Communications in Computer and Information Science, Vol. 785), Andrzej Dziech and Andrzej Czyzewski (Eds.). Springer, Cham, 124–135. https://doi.org/10.1007/978-3-319-69911-0_10Google ScholarCross Ref
- J. Moy. 1998. RfC-2328: OSPF Version 2. The Internet Society, Plaza America Drive, Reston, VA. https://www.rfc-editor.org/rfc/rfc2328.txtGoogle Scholar
- Adar Ovadya, Rom Ogen, Yakov Mallah, Niv Gilboa, and Yossi Oren. 2019. Cross-Router Covert Channels. In 13th USENIX Workshop on Offensive Technologies, WOOT 2019, Santa Clara, CA, USA, August 12-13, 2019, Alex Gantman and Clémentine Maurice (Eds.). USENIX Association, Washington DC, 12 pages. https://www.usenix.org/conference/woot19/presentation/ovadiaGoogle Scholar
- Tobias Schmidbauer and Steffen Wendzel. 2022. SoK: A Survey Of Indirect Network-Level Covert Channels. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (Nagasaki, Japan) (ASIA CCS ’22). Association for Computing Machinery, New York, NY, USA, 546–560. https://doi.org/10.1145/3488932.3517418Google ScholarDigital Library
- Steffen Schulz, Vijay Varadharajan, and Ahmad-Reza Sadeghi. 2014. The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs. IEEE Transactions on Information Forensics and Security 9, 2 (2014), 221–232. https://doi.org/10.1109/TIFS.2013.2289978Google ScholarDigital Library
- Steffen Wendzel, Luca Caviglione, Wojciech Mazurczyk, Aleksandra Mileva, Jana Dittmann, Christian Krätzer, Kevin Lamshöft, Claus Vielhauer, Laura Hartmann, Jörg Keller, and Tom Neubert. 2021. A Revised Taxonomy of Steganography Embedding Patterns. In ARES 2021: The 16th International Conference on Availability, Reliability and Security, Vienna, Austria, August 17-20, 2021. ACM, New York, NY, 67:1–67:12. https://doi.org/10.1145/3465481.3470069Google ScholarDigital Library
- Steffen Wendzel, Daniela Eller, and Wojciech Mazurczyk. 2018. One Countermeasure, Multiple Patterns: Countermeasure Variation for Covert Channels. In Proceedings of the Central European Cybersecurity Conference 2018, CECC 2018, Ljubljana, Slovenia, November 15-16, 2018. ACM, New York, NY, 1:1–1:6. https://doi.org/10.1145/3277570.3277571Google ScholarDigital Library
- Steffen Wendzel, Sebastian Zander, Bernhard Fechner, and Christian Herdin. 2015. Pattern-Based Survey and Categorization of Network Covert Channel Techniques. Comput. Surveys 47, 3 (2015), 1–26. https://doi.org/10.1145/2684195Google ScholarDigital Library
Index Terms
- Network Covert Channels in Routing Protocols
Recommendations
Dynamics of hot-potato routing in IP networks
Despite the architectural separation between intradomain and interdomain routing in the Internet, intradomain protocols do influence the path-selection process in the Border Gateway Protocol (BGP). When choosing between multiple equally-good BGP routes, ...
Dynamics of hot-potato routing in IP networks
SIGMETRICS '04/Performance '04: Proceedings of the joint international conference on Measurement and modeling of computer systemsDespite the architectural separation between intradomain and interdomain routing in the Internet, intradomain protocols do influence the path-selection process in the Border Gateway Protocol (BGP). When choosing between multiple equally-good BGP routes, ...
The Blocking Option in Routing Protocols
SRDS '09: Proceedings of the 2009 28th IEEE International Symposium on Reliable Distributed SystemsRouting protocols are designed under the assumption that each node in a network should be able to reach (i.e. send or forward packets to) every other node in the network. Unfortunately, adopting this assumption in a routing protocol does allow adversary ...
Comments