CNR Institutional Research Information System

Network covert channels living within network conversations are becoming widely adopted to enforce privacy of users or bypass censorship attempts as well as by malware to remain unnoticed while exfiltrating data or coordinating an attack. As a consequence, being able to design a network covert channel or anticipate its exploitation are of paramount importance to fully assess the security of the Internet. Prime requirements for a successful covert channel are its stealthiness and bandwidth. To this aim, the popularity, availability and performances of the overt traffic flows used as the carrier play a major role. Therefore, in this paper we investigate the use of ubiquitous Transport Layer Security (TLS) to contain hidden information for implementing network covert channels. Specifically, we review seven methods targeting TLS traffic and investigate the performances of three covert channels through an experimental measurement campaign. Obtained results indicate the feasibility of using TLS traffic as the carrier and also allow to derive some general indications for the development of countermeasures.

Covert Channels in Transport Layer Security

Luca Caviglione
2020

Abstract

Network covert channels living within network conversations are becoming widely adopted to enforce privacy of users or bypass censorship attempts as well as by malware to remain unnoticed while exfiltrating data or coordinating an attack. As a consequence, being able to design a network covert channel or anticipate its exploitation are of paramount importance to fully assess the security of the Internet. Prime requirements for a successful covert channel are its stealthiness and bandwidth. To this aim, the popularity, availability and performances of the overt traffic flows used as the carrier play a major role. Therefore, in this paper we investigate the use of ubiquitous Transport Layer Security (TLS) to contain hidden information for implementing network covert channels. Specifically, we review seven methods targeting TLS traffic and investigate the performances of three covert channels through an experimental measurement campaign. Obtained results indicate the feasibility of using TLS traffic as the carrier and also allow to derive some general indications for the development of countermeasures.
2020
Istituto di Matematica Applicata e Tecnologie Informatiche - IMATI -
Inglese
EICC 2020 : Proceedings of the European Interdisciplinary Cybersecurity Conference
European Interdisciplinary Cybersecurity Conference
6
978-1-4503-7599-3
ACM Press
New York
STATI UNITI D'AMERICA
Sì, ma tipo non specificato
18-19/11/2020
Rennes, Francia
covert channels
security
information hiding
steganography
TLS
2-s2.0-85100045996
3
restricted
Heinz, Corinna; Mazurczyk, Wojciech; Caviglione, Luca
273
info:eu-repo/semantics/conferenceObject
04 Contributo in convegno::04.01 Contributo in Atti di convegno
   Secure Intelligent Methods for Advanced RecoGnition of malware and stegomalware
   SIMARGL
   H2020
   833042
04.01 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
prod_426868-doc_158564.pdf

solo utenti autorizzati

Descrizione: Covert Channels in Transport Layer Security
Tipologia: Versione Editoriale (PDF)
Dimensione 669.75 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
669.75 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/405733
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact