摘要
网络隐蔽通道技术是一种被广泛应用的网络攻击技术.掌握隐蔽通道的构建机制,对制定相应网络防御策略具有指导意义.利用互联网不可或缺的NTP时间同步协议,提出了基于NTP协议的隐蔽通道构建机制.通过分析NTP协议查询/应答机制的特点,并研究可被用作载荷的NTP协议数据单元,设计了下行通道和上行通道分离的NTP隐蔽通道,它将隐藏信息伪装成普通NTP报文,进行隐秘消息的传递.NTP报文的普及性和不可替代性,使得基于NTP的隐蔽通道具有穿透能力强、隐蔽性好的优点.试验表明,提出的NTP隐蔽通道可以携带较多的秘密信息,穿透网络监测设备.下一步的工作将围绕NTP隐蔽通道的认证、加密等安全机制进行研究.
The covert channel based on network protocol has been widely used for network attack. Mastering the mechanism of covert channel is important to the formulating of corresponding network defense strategy. Due to the widely use of network time protocol, a kind of covert channel technology based on NTP protocol is proposed in this paper. This paper analyzes features of query/response mechanisms in the NTP protocol, utilizes the message field as hidden payload and then designs separated downstream and upstream NTP covert channels, in which secret information is disguised and transmitted as normal NTP messages. The popularity and irreplaceability of NTP message make NTP covert channel endowed with the advantages of great ability of penetration and high quality of concealment. Test results show that the technology could carry relatively considerable information and easily penetrate the network monitoring device. The future work will focus on authentication, encryption and other security mechanisms in NTP covert channel.
出处
《计算机系统应用》
2017年第5期119-125,共7页
Computer Systems & Applications
关键词
隐蔽通道
网络安全
NTP协议
协议特点
传输带宽
covert channel
network security
NTP protocol
protocol features
transmission bandwidth