COVERT CHANNEL

By : Nimish Agarwal

Definition

… are those which are neither designed nor intended to transfer information at all.

… are based on "transmission by storage into variables that describe resource states”.

… are those channels that are a result of resource allocation policies and resource management implementation.

… are those that "use entities not normally viewed as data objects to transfer information from one subject to another." .

Classification

Storage and Timing Channels. Storage Channel :- Include all mediums that

allow the direct or indirect writing of a storage location by one process and the direct or indirect reading of it by another.

Timing channels :- Include all mediums that would allow one process to signal information to another process by modulating its own use of system resources in such a way that the change in response time observed by the second process would provide information.

Classification (cont …)

Noisy and Noiseless Channels. Noiseless covert channel uses shared resource

available to sender, receiver only Noisy covert channel uses shared resource

available to sender, receive, and others Need to minimize interference enough so that

message can be read in spite of others’ use of channel

Covert Channel Identification

Shared Resource Matrix (SRM) Identify all resources that may be read or

modified by processes of various classes and put them in form of matirx.

Take transitive closure. Look for information flow in violation of policy. Verify flow for real.

Identification (Cont…)

Information Flow Method Determine data and control flow within the

program. Determine which outputs are affected by

which inputs. Note : Difficult in the face of pointers, and

recursion.

Steganography

 Steganography means Steganos (Covered or Protected)  + graphein (to write).

Steganography includes the concealment of information within computer files

Types of Steganography

Process of Encoding and Decoding

Cryptography and Steganography

Cryptography Steganography

Protecting contents of the message

Concealing the existence of message

Encryption can be easily identified

Embedding may not be so easy to identify

Confidentiality

Integrity Un removability

Encryption Yes No Yes

Digital Signature

No Yes No

Steganography Yes / No Yes / No Yes

Application of Steganography

Network Wireless :- Corrupted Headers Modifying Existing Traffic

Images, Audio and Video Steganograms Encryption Canary trap and Digital Water Marking

Canary Trap :- Method of exposing Information Leak, which involves giving different version of sensitive documents to several suspects and seeing which version gets leaked.

References National Computer Security Center. A guide to understanding Covert Channel

Analysis of Trusted System. http://www.fas.org/irp/nsa/rainbow/tg030.htm Steganography And Digital Watermarking

http://www.cs.bham.ac.uk/~mdr/teaching/ modules03/security/students/SS5/Steganography.pdf

Steganography. http://en.wikipedia.org/wiki/Steganography Canary Trap :- http://en.wikipedia.org/wiki/Canary_trap A Discussion of Covert Channels and Steganography :-

http://gray-world.net/cn/papers/adiscussionofcc.pdf