摘要
隐蔽通道是一种利用公开通道传输秘密信息的通信技术,也是安全通信的重要组成部分。文章提出一种能够穿透网络地址转换环境(NAT)的隐蔽通道构建方法,该方法利用NAT对于地址和端口映射的关系,对数据包源端口号进行控制,采用编码技术对待通信数据进行编码,进而构建隐蔽通道。文章构建了NAT真实实验环境,测试该通道在不同参数条件、不同应用场景下的数据传输速率、丢包率,并对其安全性进行分析。选择合适的通道参数,在公网环境下该隐蔽通道数据传输速率可达24.7KB/s;在局域网环境下可达101.1 KB/s。
Covert channel is a kind of communication technology that uses open channel to transmit secret information, and it is also an important part of security communication.This paper proposes a covert channel construction method that can penetrate the network address translation environment(NAT). This method uses NAT’s relationship between address and port mapping, controls the source port number of data packets, coding communication data by using coding technology. Then build a covert channel. In this paper, the real experimental environment of NAT is constructed, the data transmission rate and packet loss rate of the channel are measured under different parameter conditions and different application scenarios, and its security is analyzed. Select the appropriate channel parameters, in the public network scenario, the covert channel data transmission rate can reach 24.7 KB/s; up to 101.1 KB/s in the LAN scenario.
作者
孙宇
嵩天
SUN Yu;SONG Tian(School of Computer Science and Technology,Beijing Institute of Technology,Beying 100081,China)
出处
《信息网络安全》
CSCD
北大核心
2019年第7期59-66,共8页
Netinfo Security
基金
国家自然科学基金[U1636119,61672102]