by : nimish agarwal. … are those which are neither designed nor intended to transfer information...
TRANSCRIPT
Definition
… are those which are neither designed nor intended to transfer information at all.
… are based on "transmission by storage into variables that describe resource states”.
… are those channels that are a result of resource allocation policies and resource management implementation.
… are those that "use entities not normally viewed as data objects to transfer information from one subject to another." .
Classification
Storage and Timing Channels. Storage Channel :- Include all mediums that
allow the direct or indirect writing of a storage location by one process and the direct or indirect reading of it by another.
Timing channels :- Include all mediums that would allow one process to signal information to another process by modulating its own use of system resources in such a way that the change in response time observed by the second process would provide information.
Classification (cont …)
Noisy and Noiseless Channels. Noiseless covert channel uses shared resource
available to sender, receiver only Noisy covert channel uses shared resource
available to sender, receive, and others Need to minimize interference enough so that
message can be read in spite of others’ use of channel
Covert Channel Identification
Shared Resource Matrix (SRM) Identify all resources that may be read or
modified by processes of various classes and put them in form of matirx.
Take transitive closure. Look for information flow in violation of policy. Verify flow for real.
Identification (Cont…)
Information Flow Method Determine data and control flow within the
program. Determine which outputs are affected by
which inputs. Note : Difficult in the face of pointers, and
recursion.
Steganography
Steganography means Steganos (Covered or Protected) + graphein (to write).
Steganography includes the concealment of information within computer files
Cryptography and Steganography
Cryptography Steganography
Protecting contents of the message
Concealing the existence of message
Encryption can be easily identified
Embedding may not be so easy to identify
Confidentiality
Integrity Un removability
Encryption Yes No Yes
Digital Signature
No Yes No
Steganography Yes / No Yes / No Yes
Application of Steganography
Network Wireless :- Corrupted Headers Modifying Existing Traffic
Images, Audio and Video Steganograms Encryption Canary trap and Digital Water Marking
Canary Trap :- Method of exposing Information Leak, which involves giving different version of sensitive documents to several suspects and seeing which version gets leaked.
References National Computer Security Center. A guide to understanding Covert Channel
Analysis of Trusted System. http://www.fas.org/irp/nsa/rainbow/tg030.htm Steganography And Digital Watermarking
http://www.cs.bham.ac.uk/~mdr/teaching/ modules03/security/students/SS5/Steganography.pdf
Steganography. http://en.wikipedia.org/wiki/Steganography Canary Trap :- http://en.wikipedia.org/wiki/Canary_trap A Discussion of Covert Channels and Steganography :-
http://gray-world.net/cn/papers/adiscussionofcc.pdf