Information hiding techniques are used by threat actors to elude countermeasures and prevent reversing the attack chain. Recently, they have been deployed to create covert channels, i.e., parasitic communications paths cloaked in network traffic and digital objects. Unfortunately, their detection and mitigation are not simple tasks, especially when information is hidden in network protocols. For instance, revealing the presence of additional data is context-dependent and sanitization could partially impair the traffic. In this paper, we analyze the work of the IETF to evaluate whether risks arising from the presence of covert channels have been considered during the standardization phase. Our findings indicate that the exposure to hidden communications has been addressed only occasionally. We then provide some guidelines to improve the standardization of new protocols and services, especially to prevent the need of deploying a-posteriori fixes.
You Can't Do That On Protocols Anymore: Analysis of Covert Channels in IETF Standards
Luca Caviglione;
2024
Abstract
Information hiding techniques are used by threat actors to elude countermeasures and prevent reversing the attack chain. Recently, they have been deployed to create covert channels, i.e., parasitic communications paths cloaked in network traffic and digital objects. Unfortunately, their detection and mitigation are not simple tasks, especially when information is hidden in network protocols. For instance, revealing the presence of additional data is context-dependent and sanitization could partially impair the traffic. In this paper, we analyze the work of the IETF to evaluate whether risks arising from the presence of covert channels have been considered during the standardization phase. Our findings indicate that the exposure to hidden communications has been addressed only occasionally. We then provide some guidelines to improve the standardization of new protocols and services, especially to prevent the need of deploying a-posteriori fixes.| File | Dimensione | Formato | |
|---|---|---|---|
|
prod_491407-doc_204940.pdf
Open Access dal 02/09/2024
Descrizione: You Can't Do That On Protocols Anymore: Analysis of Covert Channels in IETF Standards - Early Access
Tipologia:
Documento in Post-print
Licenza:
Altro tipo di licenza
Dimensione
390.53 kB
Formato
Adobe PDF
|
390.53 kB | Adobe PDF | Visualizza/Apri |
|
You_Cant_Do_That_on_Protocols_Anymore_Analysis_of_Covert_Channels_in_IETF_Standards-2.pdf
solo utenti autorizzati
Descrizione: You Can’t Do That on Protocols Anymore: Analysis of Covert Channels in IETF Standards
Tipologia:
Versione Editoriale (PDF)
Licenza:
NON PUBBLICO - Accesso privato/ristretto
Dimensione
1.11 MB
Formato
Adobe PDF
|
1.11 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
