Network covert channels living within network conversations are becoming widely adopted to enforce privacy of users or bypass censorship attempts as well as by malware to remain unnoticed while exfiltrating data or coordinating an attack. As a consequence, being able to design a network covert channel or anticipate its exploitation are of paramount importance to fully assess the security of the Internet. Prime requirements for a successful covert channel are its stealthiness and bandwidth. To this aim, the popularity, availability and performances of the overt traffic flows used as the carrier play a major role. Therefore, in this paper we investigate the use of ubiquitous Transport Layer Security (TLS) to contain hidden information for implementing network covert channels. Specifically, we review seven methods targeting TLS traffic and investigate the performances of three covert channels through an experimental measurement campaign. Obtained results indicate the feasibility of using TLS traffic as the carrier and also allow to derive some general indications for the development of countermeasures.
Covert Channels in Transport Layer Security
Luca Caviglione
2020
Abstract
Network covert channels living within network conversations are becoming widely adopted to enforce privacy of users or bypass censorship attempts as well as by malware to remain unnoticed while exfiltrating data or coordinating an attack. As a consequence, being able to design a network covert channel or anticipate its exploitation are of paramount importance to fully assess the security of the Internet. Prime requirements for a successful covert channel are its stealthiness and bandwidth. To this aim, the popularity, availability and performances of the overt traffic flows used as the carrier play a major role. Therefore, in this paper we investigate the use of ubiquitous Transport Layer Security (TLS) to contain hidden information for implementing network covert channels. Specifically, we review seven methods targeting TLS traffic and investigate the performances of three covert channels through an experimental measurement campaign. Obtained results indicate the feasibility of using TLS traffic as the carrier and also allow to derive some general indications for the development of countermeasures.| File | Dimensione | Formato | |
|---|---|---|---|
|
prod_426868-doc_158564.pdf
solo utenti autorizzati
Descrizione: Covert Channels in Transport Layer Security
Tipologia:
Versione Editoriale (PDF)
Dimensione
669.75 kB
Formato
Adobe PDF
|
669.75 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
