With the gradual popularization of 5G communications,the application of multi-antenna broadcasting technology has become widespread.Therefore,this study aims to investigate the wireless covert communication in the two...With the gradual popularization of 5G communications,the application of multi-antenna broadcasting technology has become widespread.Therefore,this study aims to investigate the wireless covert communication in the two-user cooperative multi-antenna broadcast channel.We focus on the issue that the deteriorated reliability and undetectability are mainly affected by the transmission power.To tackle this issue,we design a scheme based on beamforming to increase the reliability and undetectability of wireless covert communication in the multi-antenna broadcast channel.We first modeled and analyzed the cooperative multi-antenna broadcasting system,and put forward the target question.Then we use the SCA(successive convex approximation)algorithm to transform the target problem into a series of convex subproblems.Then the convex problems are solved and the covert channel capacity is calculated.In order to verify the effectiveness of the scheme,we conducted simulation verification.The simulation results show that the proposed beamforming scheme can effectively improve the reliability and undetectability of covert communication in multi-antenna broadcast channels.展开更多
A covert channel is an information channel that is used by the computer process to exfiltrate data through bypassing security policies.The DNS protocol is one of the important ways to implement a covert channel.DNS co...A covert channel is an information channel that is used by the computer process to exfiltrate data through bypassing security policies.The DNS protocol is one of the important ways to implement a covert channel.DNS covert channels are easily used by attackers for malicious purposes.Therefore,an effective detection approach of the DNS covert channels is significant for computer systems and network securities.Aiming at the difficulty of the DNS covert channel identification,we propose a DNS covert channel detection method based on a stacking model.The stacking model is evaluated on a campus network and the experimental results show that the detection based on the stacking model can detect the DNS covert channels effectively.Besides,it can identify unknown covert channel traffic.The area under the curve(AUC)of the proposed method reaches 0.9901,which outperforms existing detection methods.展开更多
Based on the analysis of the covert channel's working mechanism of the internet control message protocol (ICMP) in internet protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6), the ICMP covert cha...Based on the analysis of the covert channel's working mechanism of the internet control message protocol (ICMP) in internet protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6), the ICMP covert channd's algorithms of the IPv4 and IPv6 are presented, which enable automatic channeling upon IPv4/v6 nodes with non-IPv4-compatible address, and the key transmission is achieved by using this channel in the embedded Internet terminal. The result shows that the covert channel's algorithm, which we implemented if, set correct, the messages of this covert channel might go through the gateway and enter the local area network.展开更多
A new concept, the security level difference of a covert channel, is presented, which means the security level span from the sender to the receiver of the covert channel. Based on this, the integrated criteria for cov...A new concept, the security level difference of a covert channel, is presented, which means the security level span from the sender to the receiver of the covert channel. Based on this, the integrated criteria for covert channel auditing are given. Whereas TCSEC (Trusted Computer System Evaluation Criteria) or CC (Common Criteria for Information Technology Security Evaluation) only use the bandwidth to evaluate the threat of covert channels, our new criteria integrate the security level difference, the bandwidth sensitive parameter, bandwidth, duration and instantaneous time of covert channels, so as to give a comprehensive evaluation of the threat of covert channels in a multilevel security system.展开更多
Covert channel of the packet ordering is a hot research topic.Encryption technology is not enough to protect the security of both sides of communication.Covert channel needs to hide the transmission data and protect c...Covert channel of the packet ordering is a hot research topic.Encryption technology is not enough to protect the security of both sides of communication.Covert channel needs to hide the transmission data and protect content of communication.The traditional methods are usually to use proxy technology such as tor anonymous tracking technology to achieve hiding from the communicator.However,because the establishment of proxy communication needs to consume traffic,the communication capacity will be reduced,and in recent years,the tor technology often has vulnerabilities that led to the leakage of secret information.In this paper,the covert channel model of the packet ordering is applied into the distributed system,and a distributed covert channel of the packet ordering enhancement model based on data compression(DCCPOEDC)is proposed.The data compression algorithms are used to reduce the amount of data and transmission time.The distributed system and data compression algorithms can weaken the hidden statistical probability of information.Furthermore,they can enhance the unknowability of the data and weaken the time distribution characteristics of the data packets.This paper selected a compression algorithm suitable for DCCPOEDC and analyzed DCCPOEDC from anonymity,transmission efficiency,and transmission performance.According to the analysis results,it can be seen that DCCPOEDC optimizes the covert channel of the packet ordering,which saves the transmission time and improves the concealment compared with the original covert channel.展开更多
This paper proposes the concept of transaction-type covert storage channels, which are caused by database storage resources. It also proposes that the mode of auditing those channels be based on the transactions. Next...This paper proposes the concept of transaction-type covert storage channels, which are caused by database storage resources. It also proposes that the mode of auditing those channels be based on the transactions. Next, the paper analyzes and resolves the two problems arising from auditing the use of transaction-type covert storage channels in database systems: namely, the relationship between channel variables, which are altered (or viewed) by the transaction and satisfy integrity constraints in DBMS, and database states; and the circumvention of covert storage channel audit in DBMS.展开更多
When an inaudible sound covert channel(ISCC)attack is launched inside a computer system,sensitive data are converted to inaudible sound waves and then transmitted.The receiver at the other end picks up the sound signa...When an inaudible sound covert channel(ISCC)attack is launched inside a computer system,sensitive data are converted to inaudible sound waves and then transmitted.The receiver at the other end picks up the sound signal,from which the original sensitive data can be recovered.As a forceful countermeasure against the ISCC attack,strong noise can be used to jam the channel and literally shut down any possible sound data transmission.In this paper,enhanced ISCC is proposed,whose transmission frequency can be dynamically changed.Essentially,if the transmitter detects that the covert channel is being jammed,the transmitter and receiver both will switch to another available frequency and re-establish their communications,following the proposed communications protocol.Experimental results show that the proposed enhanced ISCC can remain connected even in the presence of a strong jamming noise source.Correspondingly,a detection method based on frequency scanning is proposed to help to combat such an anti-jamming sound channel.With the proposed countermeasure,the bit error rate(BER)of the data communications over enhanced ISCC soars to more than 48%,essentially shutting down the data transmission,and thus neutralizing the security threat.展开更多
Despite extensive research, timing channels (TCs) are still known as a principal category of threats that aim to leak and transmit information by perturbing the timing or ordering of events. Existing TC detection appr...Despite extensive research, timing channels (TCs) are still known as a principal category of threats that aim to leak and transmit information by perturbing the timing or ordering of events. Existing TC detection approaches use either signature-based approaches to detect known TCs or anomaly-based approach by modeling the legitimate network traffic in order to detect unknown TCs. Un-fortunately, in a software-defined networking (SDN) environment, most existing TC detection approaches would fail due to factors such as volatile network traffic, imprecise timekeeping mechanisms, and dynamic network topology. Furthermore, stealthy TCs can be designed to mimic the legitimate traffic pattern and thus evade anomalous TC detection. In this paper, we overcome the above challenges by presenting a novel framework that harnesses the advantages of elastic re-sources in the cloud. In particular, our framework dynamically configures SDN to enable/disable differential analysis against outbound network flows of different virtual machines (VMs). Our framework is tightly coupled with a new metric that first decomposes the timing data of network flows into a number of using the discrete wavelet-based multi-resolution transform (DWMT). It then applies the Kullback-Leibler divergence (KLD) to measure the variance among flow pairs. The appealing feature of our approach is that, compared with the existing anomaly detection approaches, it can detect most existing and some new stealthy TCs without legitimate traffic for modeling, even with the presence of noise and imprecise timekeeping mechanism in an SDN virtual environment. We implement our framework as a prototype system, OBSERVER, which can be dynamically deployed in an SDN environment. Empirical evaluation shows that our approach can efficiently detect TCs with a higher detection rate, lower latency, and negligible performance overhead compared to existing approaches.展开更多
现有存储型网络隐蔽信道的研究主要根据不同协议中不同字段来隐藏信息。在众多协议中,例如TCP、UDP协议,对其研究较多,而OSFP使用广泛却在国内研究较少。针对OSPF协议下的Hello报文进行分析可以构建网络隐蔽信道的字段。从所有可能字段...现有存储型网络隐蔽信道的研究主要根据不同协议中不同字段来隐藏信息。在众多协议中,例如TCP、UDP协议,对其研究较多,而OSFP使用广泛却在国内研究较少。针对OSPF协议下的Hello报文进行分析可以构建网络隐蔽信道的字段。从所有可能字段中选择Authentication、Router Dead Interval和Neighbor三个字段分别使用随机值模式、值调制模型和序列模式进行构建三种隐蔽信道,利用微协议技术优化信道,并将三种隐蔽信道组合成一个传输速率更高的隐蔽信道模型。经过验证,该模型具有一定的可行性和隐蔽性,可为存储型网络隐蔽信道构建技术提供一定的理论支持和技术支撑。展开更多
基金supported by the National Natural Science Foundation of China(Grants No.U1836104,61772281,61702235,61801073,61931004,62072250).
文摘With the gradual popularization of 5G communications,the application of multi-antenna broadcasting technology has become widespread.Therefore,this study aims to investigate the wireless covert communication in the two-user cooperative multi-antenna broadcast channel.We focus on the issue that the deteriorated reliability and undetectability are mainly affected by the transmission power.To tackle this issue,we design a scheme based on beamforming to increase the reliability and undetectability of wireless covert communication in the multi-antenna broadcast channel.We first modeled and analyzed the cooperative multi-antenna broadcasting system,and put forward the target question.Then we use the SCA(successive convex approximation)algorithm to transform the target problem into a series of convex subproblems.Then the convex problems are solved and the covert channel capacity is calculated.In order to verify the effectiveness of the scheme,we conducted simulation verification.The simulation results show that the proposed beamforming scheme can effectively improve the reliability and undetectability of covert communication in multi-antenna broadcast channels.
基金National Key Research and Development Project(2016QY04W0901)and(2016QY04W0903).
文摘A covert channel is an information channel that is used by the computer process to exfiltrate data through bypassing security policies.The DNS protocol is one of the important ways to implement a covert channel.DNS covert channels are easily used by attackers for malicious purposes.Therefore,an effective detection approach of the DNS covert channels is significant for computer systems and network securities.Aiming at the difficulty of the DNS covert channel identification,we propose a DNS covert channel detection method based on a stacking model.The stacking model is evaluated on a campus network and the experimental results show that the detection based on the stacking model can detect the DNS covert channels effectively.Besides,it can identify unknown covert channel traffic.The area under the curve(AUC)of the proposed method reaches 0.9901,which outperforms existing detection methods.
基金Supported by the National Natural Science Foun-dation of China (90104005 ,66973034)
文摘Based on the analysis of the covert channel's working mechanism of the internet control message protocol (ICMP) in internet protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6), the ICMP covert channd's algorithms of the IPv4 and IPv6 are presented, which enable automatic channeling upon IPv4/v6 nodes with non-IPv4-compatible address, and the key transmission is achieved by using this channel in the embedded Internet terminal. The result shows that the covert channel's algorithm, which we implemented if, set correct, the messages of this covert channel might go through the gateway and enter the local area network.
基金the National Natural Science Foundation of China (No. 60773049)the Natural Science Foundation of Jiangsu Province (No. BK2007086)+1 种基金the Fundamental Research Project of the Natural Science in Colleges of Jiangsu Province (No. 07KJB520016)the Person with Ability Project of Jiangsu University (No. 07JDG053), China
文摘A new concept, the security level difference of a covert channel, is presented, which means the security level span from the sender to the receiver of the covert channel. Based on this, the integrated criteria for covert channel auditing are given. Whereas TCSEC (Trusted Computer System Evaluation Criteria) or CC (Common Criteria for Information Technology Security Evaluation) only use the bandwidth to evaluate the threat of covert channels, our new criteria integrate the security level difference, the bandwidth sensitive parameter, bandwidth, duration and instantaneous time of covert channels, so as to give a comprehensive evaluation of the threat of covert channels in a multilevel security system.
基金This work is sponsored by the National Natural Science Foundation of China Grant No.61100008Natural Science Foundation of Heilongjiang Province of China under Grant No.LC2016024+1 种基金Natural Science Foundation of the Jiangsu Higher Education Institutions Grant No.17KJB520044Six Talent Peaks Project in Jiangsu Province No.XYDXX-108.
文摘Covert channel of the packet ordering is a hot research topic.Encryption technology is not enough to protect the security of both sides of communication.Covert channel needs to hide the transmission data and protect content of communication.The traditional methods are usually to use proxy technology such as tor anonymous tracking technology to achieve hiding from the communicator.However,because the establishment of proxy communication needs to consume traffic,the communication capacity will be reduced,and in recent years,the tor technology often has vulnerabilities that led to the leakage of secret information.In this paper,the covert channel model of the packet ordering is applied into the distributed system,and a distributed covert channel of the packet ordering enhancement model based on data compression(DCCPOEDC)is proposed.The data compression algorithms are used to reduce the amount of data and transmission time.The distributed system and data compression algorithms can weaken the hidden statistical probability of information.Furthermore,they can enhance the unknowability of the data and weaken the time distribution characteristics of the data packets.This paper selected a compression algorithm suitable for DCCPOEDC and analyzed DCCPOEDC from anonymity,transmission efficiency,and transmission performance.According to the analysis results,it can be seen that DCCPOEDC optimizes the covert channel of the packet ordering,which saves the transmission time and improves the concealment compared with the original covert channel.
文摘This paper proposes the concept of transaction-type covert storage channels, which are caused by database storage resources. It also proposes that the mode of auditing those channels be based on the transactions. Next, the paper analyzes and resolves the two problems arising from auditing the use of transaction-type covert storage channels in database systems: namely, the relationship between channel variables, which are altered (or viewed) by the transaction and satisfy integrity constraints in DBMS, and database states; and the circumvention of covert storage channel audit in DBMS.
基金This work was supported partly by the National Natural Science Foundation of China under Grant No.61971200partly by Zhejiang Lab under Grants No.2021LE0AB01 and No.2021PC0AC01+3 种基金partly by the Major Scientific Research Project of Zhejiang Lab under Grant No.2021LE0AC01partly by the Key Technologies R&D Program of Jiangsu(Prospective and Key Technologies for Industry)under Grant No.BE2021003partly by the National Key Research and Development Program of China under Grant No.2019QY0705by the Guangdong Provincial Key Laboratory of Short-Range Wireless Detection and Communication under Grants No.2014B030301010 and No.2017B030314003.
文摘When an inaudible sound covert channel(ISCC)attack is launched inside a computer system,sensitive data are converted to inaudible sound waves and then transmitted.The receiver at the other end picks up the sound signal,from which the original sensitive data can be recovered.As a forceful countermeasure against the ISCC attack,strong noise can be used to jam the channel and literally shut down any possible sound data transmission.In this paper,enhanced ISCC is proposed,whose transmission frequency can be dynamically changed.Essentially,if the transmitter detects that the covert channel is being jammed,the transmitter and receiver both will switch to another available frequency and re-establish their communications,following the proposed communications protocol.Experimental results show that the proposed enhanced ISCC can remain connected even in the presence of a strong jamming noise source.Correspondingly,a detection method based on frequency scanning is proposed to help to combat such an anti-jamming sound channel.With the proposed countermeasure,the bit error rate(BER)of the data communications over enhanced ISCC soars to more than 48%,essentially shutting down the data transmission,and thus neutralizing the security threat.
文摘Despite extensive research, timing channels (TCs) are still known as a principal category of threats that aim to leak and transmit information by perturbing the timing or ordering of events. Existing TC detection approaches use either signature-based approaches to detect known TCs or anomaly-based approach by modeling the legitimate network traffic in order to detect unknown TCs. Un-fortunately, in a software-defined networking (SDN) environment, most existing TC detection approaches would fail due to factors such as volatile network traffic, imprecise timekeeping mechanisms, and dynamic network topology. Furthermore, stealthy TCs can be designed to mimic the legitimate traffic pattern and thus evade anomalous TC detection. In this paper, we overcome the above challenges by presenting a novel framework that harnesses the advantages of elastic re-sources in the cloud. In particular, our framework dynamically configures SDN to enable/disable differential analysis against outbound network flows of different virtual machines (VMs). Our framework is tightly coupled with a new metric that first decomposes the timing data of network flows into a number of using the discrete wavelet-based multi-resolution transform (DWMT). It then applies the Kullback-Leibler divergence (KLD) to measure the variance among flow pairs. The appealing feature of our approach is that, compared with the existing anomaly detection approaches, it can detect most existing and some new stealthy TCs without legitimate traffic for modeling, even with the presence of noise and imprecise timekeeping mechanism in an SDN virtual environment. We implement our framework as a prototype system, OBSERVER, which can be dynamically deployed in an SDN environment. Empirical evaluation shows that our approach can efficiently detect TCs with a higher detection rate, lower latency, and negligible performance overhead compared to existing approaches.
文摘现有存储型网络隐蔽信道的研究主要根据不同协议中不同字段来隐藏信息。在众多协议中,例如TCP、UDP协议,对其研究较多,而OSFP使用广泛却在国内研究较少。针对OSPF协议下的Hello报文进行分析可以构建网络隐蔽信道的字段。从所有可能字段中选择Authentication、Router Dead Interval和Neighbor三个字段分别使用随机值模式、值调制模型和序列模式进行构建三种隐蔽信道,利用微协议技术优化信道,并将三种隐蔽信道组合成一个传输速率更高的隐蔽信道模型。经过验证,该模型具有一定的可行性和隐蔽性,可为存储型网络隐蔽信道构建技术提供一定的理论支持和技术支撑。
