A covert channel is an information channel that is used by the computer process to exfiltrate data through bypassing security policies.The DNS protocol is one of the important ways to implement a covert channel.DNS co...A covert channel is an information channel that is used by the computer process to exfiltrate data through bypassing security policies.The DNS protocol is one of the important ways to implement a covert channel.DNS covert channels are easily used by attackers for malicious purposes.Therefore,an effective detection approach of the DNS covert channels is significant for computer systems and network securities.Aiming at the difficulty of the DNS covert channel identification,we propose a DNS covert channel detection method based on a stacking model.The stacking model is evaluated on a campus network and the experimental results show that the detection based on the stacking model can detect the DNS covert channels effectively.Besides,it can identify unknown covert channel traffic.The area under the curve(AUC)of the proposed method reaches 0.9901,which outperforms existing detection methods.展开更多
Based on the analysis of the covert channel's working mechanism of the internet control message protocol (ICMP) in internet protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6), the ICMP covert cha...Based on the analysis of the covert channel's working mechanism of the internet control message protocol (ICMP) in internet protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6), the ICMP covert channd's algorithms of the IPv4 and IPv6 are presented, which enable automatic channeling upon IPv4/v6 nodes with non-IPv4-compatible address, and the key transmission is achieved by using this channel in the embedded Internet terminal. The result shows that the covert channel's algorithm, which we implemented if, set correct, the messages of this covert channel might go through the gateway and enter the local area network.展开更多
This paper proposes the concept of transaction-type covert storage channels, which are caused by database storage resources. It also proposes that the mode of auditing those channels be based on the transactions. Next...This paper proposes the concept of transaction-type covert storage channels, which are caused by database storage resources. It also proposes that the mode of auditing those channels be based on the transactions. Next, the paper analyzes and resolves the two problems arising from auditing the use of transaction-type covert storage channels in database systems: namely, the relationship between channel variables, which are altered (or viewed) by the transaction and satisfy integrity constraints in DBMS, and database states; and the circumvention of covert storage channel audit in DBMS.展开更多
Covert channel of the packet ordering is a hot research topic.Encryption technology is not enough to protect the security of both sides of communication.Covert channel needs to hide the transmission data and protect c...Covert channel of the packet ordering is a hot research topic.Encryption technology is not enough to protect the security of both sides of communication.Covert channel needs to hide the transmission data and protect content of communication.The traditional methods are usually to use proxy technology such as tor anonymous tracking technology to achieve hiding from the communicator.However,because the establishment of proxy communication needs to consume traffic,the communication capacity will be reduced,and in recent years,the tor technology often has vulnerabilities that led to the leakage of secret information.In this paper,the covert channel model of the packet ordering is applied into the distributed system,and a distributed covert channel of the packet ordering enhancement model based on data compression(DCCPOEDC)is proposed.The data compression algorithms are used to reduce the amount of data and transmission time.The distributed system and data compression algorithms can weaken the hidden statistical probability of information.Furthermore,they can enhance the unknowability of the data and weaken the time distribution characteristics of the data packets.This paper selected a compression algorithm suitable for DCCPOEDC and analyzed DCCPOEDC from anonymity,transmission efficiency,and transmission performance.According to the analysis results,it can be seen that DCCPOEDC optimizes the covert channel of the packet ordering,which saves the transmission time and improves the concealment compared with the original covert channel.展开更多
A new concept, the security level difference of a covert channel, is presented, which means the security level span from the sender to the receiver of the covert channel. Based on this, the integrated criteria for cov...A new concept, the security level difference of a covert channel, is presented, which means the security level span from the sender to the receiver of the covert channel. Based on this, the integrated criteria for covert channel auditing are given. Whereas TCSEC (Trusted Computer System Evaluation Criteria) or CC (Common Criteria for Information Technology Security Evaluation) only use the bandwidth to evaluate the threat of covert channels, our new criteria integrate the security level difference, the bandwidth sensitive parameter, bandwidth, duration and instantaneous time of covert channels, so as to give a comprehensive evaluation of the threat of covert channels in a multilevel security system.展开更多
When an inaudible sound covert channel(ISCC)attack is launched inside a computer system,sensitive data are converted to inaudible sound waves and then transmitted.The receiver at the other end picks up the sound signa...When an inaudible sound covert channel(ISCC)attack is launched inside a computer system,sensitive data are converted to inaudible sound waves and then transmitted.The receiver at the other end picks up the sound signal,from which the original sensitive data can be recovered.As a forceful countermeasure against the ISCC attack,strong noise can be used to jam the channel and literally shut down any possible sound data transmission.In this paper,enhanced ISCC is proposed,whose transmission frequency can be dynamically changed.Essentially,if the transmitter detects that the covert channel is being jammed,the transmitter and receiver both will switch to another available frequency and re-establish their communications,following the proposed communications protocol.Experimental results show that the proposed enhanced ISCC can remain connected even in the presence of a strong jamming noise source.Correspondingly,a detection method based on frequency scanning is proposed to help to combat such an anti-jamming sound channel.With the proposed countermeasure,the bit error rate(BER)of the data communications over enhanced ISCC soars to more than 48%,essentially shutting down the data transmission,and thus neutralizing the security threat.展开更多
The conception of multilevel security (MLS) is commonly used in the study of data model for secure database. But there are some limitations in the basic MLS model, such as inference channels. The availability and data...The conception of multilevel security (MLS) is commonly used in the study of data model for secure database. But there are some limitations in the basic MLS model, such as inference channels. The availability and data integrity of the system are seriously constrained by it′s 'No Read Up, No Write Down' property in the basic MLS model. In order to eliminate the covert channels, the polyinstantiation and the cover story are used in the new data model. The read and write rules have been redefined for improving the agility and usability of the system based on the MLS model. All the methods in the improved data model make the system more secure, agile and usable.展开更多
This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation hierarchical data model is extended to multilevel relatio...This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation hierarchical data model is extended to multilevel relation hierarchical data model. Based on the multilevel relation hierarchical data model, the concept of upper lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects ( e.g., multilevel spatial data) and multilevel conventional data ( e.g., integer, real number and character string).展开更多
A multilevel secure relation hierarchical data model for multilevel secure database is extended from the relation hierarchical data model in single level environment in this paper. Based on the model, an upper lowe...A multilevel secure relation hierarchical data model for multilevel secure database is extended from the relation hierarchical data model in single level environment in this paper. Based on the model, an upper lower layer relationalintegrity is presented after we analyze and eliminate the covert channels caused by the database integrity.Two SQL statements are extended to process polyinstantiation in the multilevel secure environment.The system based on the multilevel secure relation hierarchical data model is capable of integratively storing and manipulating complicated objects ( e.g. , multilevel spatial data) and conventional data ( e.g. , integer, real number and character string) in multilevel secure database.展开更多
Secure real-time databases must simultaneously satisfy two requirements in guaranteeing data security and minimizing the missing deadlines ratio of transactions. However, these two requirements can conflict with each ...Secure real-time databases must simultaneously satisfy two requirements in guaranteeing data security and minimizing the missing deadlines ratio of transactions. However, these two requirements can conflict with each other and achieve one requirement is to sacrifice the other. This paper presents a secure real-time concurrency control protocol based on optimistic method. The concurrency control protocol incorporates security constraints in a real-time optimistic concurrency control protocol and makes a suitable tradeoff between security and real-time requirements by introducing secure influence factor and real-time influence factor. The experimental results show the concurrency control protocol achieves data security without degrading real-time perform ance significantly.展开更多
Using entanglement swapping of high-level Bell states, we first derive a covert layer between the secret message and the possible output results of the entanglement swapping between any two generalized Bell states, an...Using entanglement swapping of high-level Bell states, we first derive a covert layer between the secret message and the possible output results of the entanglement swapping between any two generalized Bell states, and then propose a novel high-efficiency quantum information hiding protocol based on the covert layer. In the proposed scheme, a covert channel can be built up under the cover of a high-level quantum secure direct communication (QSDC) channel for securely transmitting secret messages without consuming any auxiliary quantum state or any extra communication resource. It is shown that this protocol not only has a high embedding efficiency but also achieves a good imperceptibility as well as a high security.展开更多
Nowadays, sensor networks are widely installed around the world. Typical sensors provide data for healthcare, energy management, environmental monitoring, etc. In the future sensors will become a part of critical infr...Nowadays, sensor networks are widely installed around the world. Typical sensors provide data for healthcare, energy management, environmental monitoring, etc. In the future sensors will become a part of critical infrastructures. In such a scenario the network operator has to monitor the integrity of the network devices, otherwise the trustworthiness of the whole system is questionable. The problem is that every integrity protocol needs a secure channel between the devices. Therefore, we will introduce a covert channel for hidden transportation of integrity monitoring messages. The covert channel enables us to hide integrity check messages embedded into regular traffic without giving potential attackers a hint on the used integrity protocol.展开更多
With its wider acceptability,cloud can host a diverse set of data and applications ranging from entertainment to personal to industry.The foundation of cloud computing is based on virtual machines where boundaries amo...With its wider acceptability,cloud can host a diverse set of data and applications ranging from entertainment to personal to industry.The foundation of cloud computing is based on virtual machines where boundaries among the application data are very thin,and the potential of data leakage exists all the time.For instance,a virtual machine covert timing channel is an aggressive mechanism to leak confidential information through shared components or networks by violating isolation and security policies in practice.The performance of a covert timing channel(covert channel)is crucial to adversaries and attempts have been made to improve the performance of covert timing channels by advancing the encoding mechanism and covert information carriers.Though promising,the redundancy of the covert message is mainly overlooked.This paper applies three encoding schemes namely run-length,Huffman,and arithmetic encoding schemes for data compression of a virtual machine covert timing channel by exploiting redundancy.Accordingly,the paper studies the performance of such channels according to their capacity.Unfortunately,we show that these encoding schemes still contain redundancy in a covert channel scenario,and thereby a new encoding scheme namely optimized Runlength encoding(OptRLE)is presented that greatly enhances the performance of a covert timing channel.Several optimizations schemes adopted by OptRLE are also discussed,and a mathematical model of the behavior of an OptRLE-based covert timing channel is proposed.The theoretical capacity of a channel can be obtained using the proposed model.Our analysis reveals that OptRLE further improves the performance of a covert timing channel,in addition to the effects of the optimizations.Experimental result shows how OptRLE affects the size of covert data and the capacity of covert timing channels,and why the performance of the covert timing channel is improved.展开更多
By analyzing the basic properties of unitary transformations used in a quantum secure direct communication (QSDC) protocol, we show the main idea why a covert channel can be established within any QSDC channel which e...By analyzing the basic properties of unitary transformations used in a quantum secure direct communication (QSDC) protocol, we show the main idea why a covert channel can be established within any QSDC channel which employs unitary transformations to encode information. On the basis of the fact that the unitary transformations used in a QSDC protocol are secret and independent, a novel quantum covert channel protocol is proposed to transfer secret messages with unconditional security. The performance, including the imperceptibility, capacity and security of the proposed protocol are analyzed in detail.展开更多
Aiming at the problem that virtual machine information cannot be extracted incompletely, we extend the typical information extraction model of virtual machine and propose a perception mechanism in virtualization syste...Aiming at the problem that virtual machine information cannot be extracted incompletely, we extend the typical information extraction model of virtual machine and propose a perception mechanism in virtualization system based on storage covert channel to overcome the affection of the semantic gap. Taking advantage of undetectability of the covert channel, a secure channel is established between Guest and virtual machine monitor to pass data directly. The Guest machine can pass the control information of malicious process to virtual machine monitor by using the VMCALL instruction and shared memory. By parsing critical information in process control structure, virtual machine monitor can terminate the malicious processes. The test results show that the proposed mechanism can clear the user-level malicious programs in the virtual machine effectively and covertly. Meanwhile, its performance overhead is about the same as that of other mainstream monitoring mode.展开更多
An effective and secure system used for evidence preservation is essential to possess the properties of anti- loss, anti-forgery, anti-tamper and perfect verifiability. Traditional architecture which relies on central...An effective and secure system used for evidence preservation is essential to possess the properties of anti- loss, anti-forgery, anti-tamper and perfect verifiability. Traditional architecture which relies on centralized cloud storage is depressingly beset by the security problems such as incomplete confidence and unreliable regulation. Moreover, an expensive, inefficient and incompatible design impedes the effort of evidence preservation. In contrast, the decentralized blockchain network is qualified as a perfect replacement for its secure anonymity, irrevocable commitment, and transparent traceability. Combining with subliminal channels in blockchain, we have weaved the transaction network with newly designed evidence audit network. In this paper, we have presented and implemented a lightweight digital evidence-preservation architecture which possesses the features of privacy-anonymity, audit-transparency, function-scalability and operation-lightweight. The anonymity is naturally formed from the cryptographic design, since the cipher evidence under encrypted cryptosystem and hash-based functions leakages nothing to the public. Covert channels are efficiently excavated to optimize the cost, connectivity and security of the framework, transforming the great computation power of Bitcoin network to the value of credit. The transparency used for audit, which relates to the proof of existence, comes from instant timestamps and irreversible hash functions in mature blockchain network. The scalability is represented by the evidence chain interacted with the original blockchain, and the extended chains on top of mainchain will cover the most of auditors in different institutions. And the lightweight, which is equal to low-cost, is derived from our fine-grained hierarchical services. At last, analyses of efficiency, security, and availability have shown the complete accomplishment of our system.展开更多
Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national an...Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality, integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated. Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.展开更多
The technology of Covert Channel is often used for communications between computers and the Internet with high sensitivity or security levels.Presently,some research were carried out on covert channel using computer s...The technology of Covert Channel is often used for communications between computers and the Internet with high sensitivity or security levels.Presently,some research were carried out on covert channel using computer screen light radiation,speakers,electromagnetic leakage,etc.In this paper,the technology of SoundHammer is studied.It is a technical bridgeware that use acoustic waves to transmit data from sound device into an air-gapped network.Firstly,an idea was proposed for data transmission by covert channel through acoustic waves.Then,this method was validated by experiment and the risks of the air-gapped network were confirmed.Finally,some countermeasures for detecting and eliminating such covert channels were listed.展开更多
基金National Key Research and Development Project(2016QY04W0901)and(2016QY04W0903).
文摘A covert channel is an information channel that is used by the computer process to exfiltrate data through bypassing security policies.The DNS protocol is one of the important ways to implement a covert channel.DNS covert channels are easily used by attackers for malicious purposes.Therefore,an effective detection approach of the DNS covert channels is significant for computer systems and network securities.Aiming at the difficulty of the DNS covert channel identification,we propose a DNS covert channel detection method based on a stacking model.The stacking model is evaluated on a campus network and the experimental results show that the detection based on the stacking model can detect the DNS covert channels effectively.Besides,it can identify unknown covert channel traffic.The area under the curve(AUC)of the proposed method reaches 0.9901,which outperforms existing detection methods.
基金Supported by the National Natural Science Foun-dation of China (90104005 ,66973034)
文摘Based on the analysis of the covert channel's working mechanism of the internet control message protocol (ICMP) in internet protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6), the ICMP covert channd's algorithms of the IPv4 and IPv6 are presented, which enable automatic channeling upon IPv4/v6 nodes with non-IPv4-compatible address, and the key transmission is achieved by using this channel in the embedded Internet terminal. The result shows that the covert channel's algorithm, which we implemented if, set correct, the messages of this covert channel might go through the gateway and enter the local area network.
文摘This paper proposes the concept of transaction-type covert storage channels, which are caused by database storage resources. It also proposes that the mode of auditing those channels be based on the transactions. Next, the paper analyzes and resolves the two problems arising from auditing the use of transaction-type covert storage channels in database systems: namely, the relationship between channel variables, which are altered (or viewed) by the transaction and satisfy integrity constraints in DBMS, and database states; and the circumvention of covert storage channel audit in DBMS.
基金This work is sponsored by the National Natural Science Foundation of China Grant No.61100008Natural Science Foundation of Heilongjiang Province of China under Grant No.LC2016024+1 种基金Natural Science Foundation of the Jiangsu Higher Education Institutions Grant No.17KJB520044Six Talent Peaks Project in Jiangsu Province No.XYDXX-108.
文摘Covert channel of the packet ordering is a hot research topic.Encryption technology is not enough to protect the security of both sides of communication.Covert channel needs to hide the transmission data and protect content of communication.The traditional methods are usually to use proxy technology such as tor anonymous tracking technology to achieve hiding from the communicator.However,because the establishment of proxy communication needs to consume traffic,the communication capacity will be reduced,and in recent years,the tor technology often has vulnerabilities that led to the leakage of secret information.In this paper,the covert channel model of the packet ordering is applied into the distributed system,and a distributed covert channel of the packet ordering enhancement model based on data compression(DCCPOEDC)is proposed.The data compression algorithms are used to reduce the amount of data and transmission time.The distributed system and data compression algorithms can weaken the hidden statistical probability of information.Furthermore,they can enhance the unknowability of the data and weaken the time distribution characteristics of the data packets.This paper selected a compression algorithm suitable for DCCPOEDC and analyzed DCCPOEDC from anonymity,transmission efficiency,and transmission performance.According to the analysis results,it can be seen that DCCPOEDC optimizes the covert channel of the packet ordering,which saves the transmission time and improves the concealment compared with the original covert channel.
基金the National Natural Science Foundation of China (No. 60773049)the Natural Science Foundation of Jiangsu Province (No. BK2007086)+1 种基金the Fundamental Research Project of the Natural Science in Colleges of Jiangsu Province (No. 07KJB520016)the Person with Ability Project of Jiangsu University (No. 07JDG053), China
文摘A new concept, the security level difference of a covert channel, is presented, which means the security level span from the sender to the receiver of the covert channel. Based on this, the integrated criteria for covert channel auditing are given. Whereas TCSEC (Trusted Computer System Evaluation Criteria) or CC (Common Criteria for Information Technology Security Evaluation) only use the bandwidth to evaluate the threat of covert channels, our new criteria integrate the security level difference, the bandwidth sensitive parameter, bandwidth, duration and instantaneous time of covert channels, so as to give a comprehensive evaluation of the threat of covert channels in a multilevel security system.
基金This work was supported partly by the National Natural Science Foundation of China under Grant No.61971200partly by Zhejiang Lab under Grants No.2021LE0AB01 and No.2021PC0AC01+3 种基金partly by the Major Scientific Research Project of Zhejiang Lab under Grant No.2021LE0AC01partly by the Key Technologies R&D Program of Jiangsu(Prospective and Key Technologies for Industry)under Grant No.BE2021003partly by the National Key Research and Development Program of China under Grant No.2019QY0705by the Guangdong Provincial Key Laboratory of Short-Range Wireless Detection and Communication under Grants No.2014B030301010 and No.2017B030314003.
文摘When an inaudible sound covert channel(ISCC)attack is launched inside a computer system,sensitive data are converted to inaudible sound waves and then transmitted.The receiver at the other end picks up the sound signal,from which the original sensitive data can be recovered.As a forceful countermeasure against the ISCC attack,strong noise can be used to jam the channel and literally shut down any possible sound data transmission.In this paper,enhanced ISCC is proposed,whose transmission frequency can be dynamically changed.Essentially,if the transmitter detects that the covert channel is being jammed,the transmitter and receiver both will switch to another available frequency and re-establish their communications,following the proposed communications protocol.Experimental results show that the proposed enhanced ISCC can remain connected even in the presence of a strong jamming noise source.Correspondingly,a detection method based on frequency scanning is proposed to help to combat such an anti-jamming sound channel.With the proposed countermeasure,the bit error rate(BER)of the data communications over enhanced ISCC soars to more than 48%,essentially shutting down the data transmission,and thus neutralizing the security threat.
文摘The conception of multilevel security (MLS) is commonly used in the study of data model for secure database. But there are some limitations in the basic MLS model, such as inference channels. The availability and data integrity of the system are seriously constrained by it′s 'No Read Up, No Write Down' property in the basic MLS model. In order to eliminate the covert channels, the polyinstantiation and the cover story are used in the new data model. The read and write rules have been redefined for improving the agility and usability of the system based on the MLS model. All the methods in the improved data model make the system more secure, agile and usable.
文摘This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation hierarchical data model is extended to multilevel relation hierarchical data model. Based on the multilevel relation hierarchical data model, the concept of upper lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects ( e.g., multilevel spatial data) and multilevel conventional data ( e.g., integer, real number and character string).
文摘A multilevel secure relation hierarchical data model for multilevel secure database is extended from the relation hierarchical data model in single level environment in this paper. Based on the model, an upper lower layer relationalintegrity is presented after we analyze and eliminate the covert channels caused by the database integrity.Two SQL statements are extended to process polyinstantiation in the multilevel secure environment.The system based on the multilevel secure relation hierarchical data model is capable of integratively storing and manipulating complicated objects ( e.g. , multilevel spatial data) and conventional data ( e.g. , integer, real number and character string) in multilevel secure database.
基金Supported by the Defense Pre-Research Project ofthe"Tenth Five-Year-Plan"of China (413150403)
文摘Secure real-time databases must simultaneously satisfy two requirements in guaranteeing data security and minimizing the missing deadlines ratio of transactions. However, these two requirements can conflict with each other and achieve one requirement is to sacrifice the other. This paper presents a secure real-time concurrency control protocol based on optimistic method. The concurrency control protocol incorporates security constraints in a real-time optimistic concurrency control protocol and makes a suitable tradeoff between security and real-time requirements by introducing secure influence factor and real-time influence factor. The experimental results show the concurrency control protocol achieves data security without degrading real-time perform ance significantly.
基金supported by the National Natural Science Foundation of China(Grant Nos.61303199,61272514,61170272,61121061,and 61411146001)the Shandong Provincial Natural Science Foundation of China(Grant Nos.ZR2013FM025,ZR2013FQ001,and ZR2014FM003)+4 种基金the Shandong Provincial Outstanding Research Award Fund for Young Scientists of China(Grant Nos.BS2013DX010 and BS2014DX007)the Program for New Century Excellent Talents in Universities,China(Grant No.NCET-13-0681)the National Development Foundation for Cryptological Research,China(Grant No.MMJJ201401012)the Fok Ying Tong Education Foundation,China(Grant No.131067)the Shandong Academy of Sciences Youth Fund Project,China(Grant No.2013QN007)
文摘Using entanglement swapping of high-level Bell states, we first derive a covert layer between the secret message and the possible output results of the entanglement swapping between any two generalized Bell states, and then propose a novel high-efficiency quantum information hiding protocol based on the covert layer. In the proposed scheme, a covert channel can be built up under the cover of a high-level quantum secure direct communication (QSDC) channel for securely transmitting secret messages without consuming any auxiliary quantum state or any extra communication resource. It is shown that this protocol not only has a high embedding efficiency but also achieves a good imperceptibility as well as a high security.
文摘Nowadays, sensor networks are widely installed around the world. Typical sensors provide data for healthcare, energy management, environmental monitoring, etc. In the future sensors will become a part of critical infrastructures. In such a scenario the network operator has to monitor the integrity of the network devices, otherwise the trustworthiness of the whole system is questionable. The problem is that every integrity protocol needs a secure channel between the devices. Therefore, we will introduce a covert channel for hidden transportation of integrity monitoring messages. The covert channel enables us to hide integrity check messages embedded into regular traffic without giving potential attackers a hint on the used integrity protocol.
基金supported by the National Key Research and Development Program of China under Grant No.2017YFB0202103.
文摘With its wider acceptability,cloud can host a diverse set of data and applications ranging from entertainment to personal to industry.The foundation of cloud computing is based on virtual machines where boundaries among the application data are very thin,and the potential of data leakage exists all the time.For instance,a virtual machine covert timing channel is an aggressive mechanism to leak confidential information through shared components or networks by violating isolation and security policies in practice.The performance of a covert timing channel(covert channel)is crucial to adversaries and attempts have been made to improve the performance of covert timing channels by advancing the encoding mechanism and covert information carriers.Though promising,the redundancy of the covert message is mainly overlooked.This paper applies three encoding schemes namely run-length,Huffman,and arithmetic encoding schemes for data compression of a virtual machine covert timing channel by exploiting redundancy.Accordingly,the paper studies the performance of such channels according to their capacity.Unfortunately,we show that these encoding schemes still contain redundancy in a covert channel scenario,and thereby a new encoding scheme namely optimized Runlength encoding(OptRLE)is presented that greatly enhances the performance of a covert timing channel.Several optimizations schemes adopted by OptRLE are also discussed,and a mathematical model of the behavior of an OptRLE-based covert timing channel is proposed.The theoretical capacity of a channel can be obtained using the proposed model.Our analysis reveals that OptRLE further improves the performance of a covert timing channel,in addition to the effects of the optimizations.Experimental result shows how OptRLE affects the size of covert data and the capacity of covert timing channels,and why the performance of the covert timing channel is improved.
基金Supported by the National Natural Science Foundation of China under Grant Nos.61170272, 61272514, 61003287, and 61070163Asia Foresight Program under National Natural Science Foundation of China under Grant No.61161140320+4 种基金the Specialized Research Fund for the Doctoral Program of Higher Education under Grant No.20100005120002the Fok Ying Tong Education Foundation under Grant No.131067the Shandong Provincial Natural Science Foundation, China under Grant No.ZR2011FM023the Shandong Province Outstanding Research Award Fund for Young Scientists of China under Grant No.BS2011DX034the Fundamental Research Funds for the Central Universities under Grant No.BUPT2012RC0221
文摘By analyzing the basic properties of unitary transformations used in a quantum secure direct communication (QSDC) protocol, we show the main idea why a covert channel can be established within any QSDC channel which employs unitary transformations to encode information. On the basis of the fact that the unitary transformations used in a QSDC protocol are secret and independent, a novel quantum covert channel protocol is proposed to transfer secret messages with unconditional security. The performance, including the imperceptibility, capacity and security of the proposed protocol are analyzed in detail.
基金Supported by the National High Technology Research and Development Program of China (863 Program) (2009AA012200)Henan Province Science and Technology Funding Projects ( SP09JH11158)
文摘Aiming at the problem that virtual machine information cannot be extracted incompletely, we extend the typical information extraction model of virtual machine and propose a perception mechanism in virtualization system based on storage covert channel to overcome the affection of the semantic gap. Taking advantage of undetectability of the covert channel, a secure channel is established between Guest and virtual machine monitor to pass data directly. The Guest machine can pass the control information of malicious process to virtual machine monitor by using the VMCALL instruction and shared memory. By parsing critical information in process control structure, virtual machine monitor can terminate the malicious processes. The test results show that the proposed mechanism can clear the user-level malicious programs in the virtual machine effectively and covertly. Meanwhile, its performance overhead is about the same as that of other mainstream monitoring mode.
基金This work is supported by the National Key Research and Development Program of China under Grant No. 2017YFB0802500, the National Natural Science Foundation of China under Grant Nos. 61772538, 61672083, 61370190, 61532021, 61472429, and 61402029, and the National Cryptography Development Fund of China under Grant No. MMJJ20170106.
文摘An effective and secure system used for evidence preservation is essential to possess the properties of anti- loss, anti-forgery, anti-tamper and perfect verifiability. Traditional architecture which relies on centralized cloud storage is depressingly beset by the security problems such as incomplete confidence and unreliable regulation. Moreover, an expensive, inefficient and incompatible design impedes the effort of evidence preservation. In contrast, the decentralized blockchain network is qualified as a perfect replacement for its secure anonymity, irrevocable commitment, and transparent traceability. Combining with subliminal channels in blockchain, we have weaved the transaction network with newly designed evidence audit network. In this paper, we have presented and implemented a lightweight digital evidence-preservation architecture which possesses the features of privacy-anonymity, audit-transparency, function-scalability and operation-lightweight. The anonymity is naturally formed from the cryptographic design, since the cipher evidence under encrypted cryptosystem and hash-based functions leakages nothing to the public. Covert channels are efficiently excavated to optimize the cost, connectivity and security of the framework, transforming the great computation power of Bitcoin network to the value of credit. The transparency used for audit, which relates to the proof of existence, comes from instant timestamps and irreversible hash functions in mature blockchain network. The scalability is represented by the evidence chain interacted with the original blockchain, and the extended chains on top of mainchain will cover the most of auditors in different institutions. And the lightweight, which is equal to low-cost, is derived from our fine-grained hierarchical services. At last, analyses of efficiency, security, and availability have shown the complete accomplishment of our system.
基金the Natural Science Foundation of Beijing (Grant No. 4052016)the National Natural Science Foundation of China (Grant No. 60573042)the National Grand Fundamental Research 973 Program of China (Grant No. G1999035802)
文摘Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality, integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated. Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.
基金through grants from the National Natural Science Foundation of China(No.61602491)the University fund of National University of Defense Technology(No.KY19A013)We also would like to thank the Institute of Psychology,Chinese Academy of Sciences for generously supporting our research.
文摘The technology of Covert Channel is often used for communications between computers and the Internet with high sensitivity or security levels.Presently,some research were carried out on covert channel using computer screen light radiation,speakers,electromagnetic leakage,etc.In this paper,the technology of SoundHammer is studied.It is a technical bridgeware that use acoustic waves to transmit data from sound device into an air-gapped network.Firstly,an idea was proposed for data transmission by covert channel through acoustic waves.Then,this method was validated by experiment and the risks of the air-gapped network were confirmed.Finally,some countermeasures for detecting and eliminating such covert channels were listed.
