7. Introduction
How to hide information?
e.g. an image
Cryptography --
Does no hide the
existence of the message
Steganography --
hide the
existence of the message
10. Introduction
Steganography VS Covert channel
Both aim to establish secret communication channels
neutral bad -- violates security policies
(data hiding or (data hiding)
watermarking)
usually focus on volatility data such
as memory, network traffic
11. Introduction
Side Channel VS Covert channel
Both aim to establish secret communication channels
Sender leaks data Sender leaks data
unintentionally intentionally
13. Introduction – Applications
Applications of covert channel:
MAC systems (mandatory access control systems):
Light Pink Book:
Specially on
Covert channel analysis
in MAC systems
14. Introduction – Applications
Applications of covert channel:
MAC systems (mandatory access control systems):
• Depends on the system administrator to decide which
user can access which information
Top Secret
Secret
Confidential
Unclassified
Top Secret
Secret
Confidential
Unclassified
user information
higher
15. Introduction – Applications
Applications of covert channel:
To keep confidentiality in MAC system:
Top Secret
Secret
Confidential
Unclassified
user
information
information
information
Cannot read/can write
Can read/cannot write
Can read/write
16. Introduction – Applications
Applications of covert channel:
To keep confidentiality in MAC system:
Top Secret
Secret
Confidential
Unclassified
user
information
information
information
Cannot read/can write
Can read/cannot write
Can read/write
Covert channels will establish secret channels!!!
18. Introduction – Threat Model
Prisoner model:
Alice BobWalter
prisoner prisonerWarden
(passive)
19. Introduction – Threat Model
Prisoner model:
• Alice and Bob are prisoners locked up in different cells and wish to escape.
• They are allowed to communicate using computers as long as the message
is innocuous.
• They have already shared a secret.
• Walter is a warden who monitors the network.
• Alice and Bob win when they escape without rousing suspicion of Walter.
Alice BobWalter
prisoner prisonerWarden
(passive)
20. Introduction – Threat Model
• In practical applications, Alice and Bob could be the same person
Alice BobWalter
prisoner prisonerwarden
21. Introduction – Possible Covert Channels
Criteria to select communication channel:
• Generality
• Technical difficulty
• Capacity
• Detectability
More like final
steps in covert
channel design
29. realizing covert channels in network
interface layer ???
1. Relies on hardware and
network topologies. Requires to
be on the same LAN
E.g. information hided may be
stripped out at network devices
such as router
2. More technical difficulties
TCP/IP model
Introduction – Which Layers & Protocols?
30. 1. More popular the protocol is,
more general the covert channel is.
2. More higher the layer is,
the less technical difficulty they will
encounter.
TCP/IP model
Introduction – Which Layers & Protocols?
Two Observations:
38. Previous Work – Network Timing
covert
channels
Storage
channel
Timing
channel
Disk
Memory
Network protocol headers
Network payload
… …
Disk accesses
Memory accesses
Network Packet arrivals
… …
Packet rate
Inter-packet times
39. Previous Work – Network Timing
Categories of network timing channel:
• Packet rates:
the number of arriving packets in time interval τ
• Packet intervals:
the time interval between two consecutive packets
40. Cabuk, S., Broldley, C., and Shields, C. “IP covert timing channels”. (CCS, 04)
• Alice and Bob agreed a prior on a constant time interval τ
Alice:
• To send a “0”, Alice maintains silence through out interval τ
• To send a “1”, Alice send a packet in the middle of τ
Bob:
• By observing each interval τ consecutively,
• Bob records a “0” if no packet is received during interval τ
• Bob records a “1” if one packet is received during interval τ
Previous Work – Packet Rates
42. Previous Work – Network Timing
Categories of network timing channel:
• Packet rates:
the number of arriving packets in time interval τ
• Packet intervals:
the time interval between two consecutive packets
43. Cabuk, S. “Network Covert Channels: Design, Analysis, Detection and Elimination”. (PhD
Thesis, Purdue University, 2006)
Alice and Bob agree a prior on two timing intervals τ1, τ2
Alice:
• To send a “0”, Alice sleeps for τ1 and sends a packet at the end of
interval τ1
• To send a “1”, Alice sleeps for τ2 and sends a packet at the end of
interval τ2
Bob:
• By consecutively recording the inter-arrival time,
• Bob record a “0” if inter-arrival time is τ1.
• Bob record a “1” if inter-arrival time is τ2.
Previous Work – Packet Intervals
45. Cabuk, S. “Network Covert Channels: Design, Analysis, Detection and Elimination”. (PhD
Thesis, Purdue University, 2006)
Alice and Bob agree a prior on two timing interval bins (0,τc) ,(τc, τmax).
τc is a threshold.
Alice:
• To send a “0”, Alice randomly selects a value τtemp from (0,τc), sleeps
for τtemp and sends a packet at the end of interval τtemp
• To send a “1”, Alice randomly selects a value τtemp from (τc, τmax),
sleeps for τtemp and sends a packet at the end of interval τtemp
Bob:
• By consecutively recording the inter-arrival time, (0,τc)
• Bob record a “0” if inter-arrival time falls in (0,τc).
• Bob record a “1” if inter-arrival time falls in (τc, τmax).
Previous Work – packet intervals
0 1
46. Wang, X., Chen, S., and Jajodia, S. “Tracking anonymous peer-to-peer VoIP calls on the
internet. (CCS, 05)”
Key idea: To de-anonymize peer-to-peer VoIP calls,
embed a unique watermark into VoIP flows
by slightly adjusting the timing of selected packets.
Introduce the notion of passive sender,
just modify timing of existing network traffic,
do not create new traffic
Previous Work – Passive Sender
48. Shan, G., Molina, A. and Blaze, M. ”Keyboards and Covert Channels”. (USEINX, 2006,
The Best Student Paper)
What makes it stands out? – quite particular perspectives
• Focus on input system rather than output systems
• Focus on loosely-coupled network (many intermediate layers involved)
• Focus on interactive applications such as SSH instead of specific
network protocols such as TCP
Presented Scheme – Highlights
49. • Focus on input system rather than output systems
Presented Scheme – Highlights
JitterBug sender
50. • Focus on loosely-coupled network (many intermediate layers involved)
Presented Scheme – Highlights
Covert
Channel
Sender
Covert
Channel
Receiver
Keyboard buffering
& network buffering
OS
Scheduling
Nagle’s
algorithm
Network
jitter
Inside the host system
Outside the host system
51. • focus on interactive applications such as SSH
Basic background we need to know:
1. After initial login, SSH automatically goes into interactive mode
2. In interactive mode, every keystroke a user types is sent in a separate
IP packet immediately after the key is pressed.
Presented Scheme – Highlights
For improving interactive
experience for users
52. • focus on interactive applications such as SSH
The user types in ”su Return JuIia”
Presented Scheme - Highlights
53. • Alice (JitterBug) is not the packet sender. Alice could just modify the
packet timings indirectly by timing of keystrokes.
• Bob is not the packet receiver. Bob is just on the path.
Presented Scheme – Threat Model
JitterBug
54. • Alice (JitterBug) steals credentials
• Alice (JitterBug) sends out credentials
• Bob extracts the credentials
Presented Scheme – Steps
Then I will give a simple example on how the scheme works
55. • JitterBug steals credentials - detects keystroke pattern
e.g.:
SSH
1. JitterBug detects user is typing “ssh username@host”
2. JitterBug stores the credentials
Presented Scheme – An Simple Example
56. • JitterBug sends credentials out
Covert
Channel
Sender
Covert
Channel
Receiver
Keyboard buffering
& network buffering
OS
Scheduling
Nagle’s
algorithm
Network
jitter
Inside the host system
Outside the host system
Presented Scheme – An Simple Example
57. • JitterBug sends credentials out
Suppose the stolen credential is “ Hi mom”
1. JitterBug transmit credential to frames
character H i
Ascii code (decimal) 72 151
Ascii code (binary) 1001000 10010111
Framing the binaries – add header and tailor to frames(in the paper, bit stuffing)
Error correcting codes – add redundant bits
To put it simple, let us suppose no framing and error correcting is used
username password
Presented Scheme – An Simple Example
58. • JitterBug sends credentials out
Suppose the stolen credential is “ Hi mom”
1. JitterBug transmit credential to frames
character H i
Ascii code (decimal) 72 151
Ascii code (binary) 1001000 10010111
The final string 100100010010111…….
username password
Presented Scheme – An Simple Example
How to encode the binary string in keystroke timings?
59. • JitterBug sends credentials out
Suppose the stolen credential is “ Hi mom”
a. JitterBug transmit credential to frames
The final string 10010…….…….
Suppose the window size is w=20ms
The modified inter-key stroke timings (modulo 20) should be
10, 0, 0, 10, 0, ……
username password
Presented Scheme – An Simple Example
Inter-key stroke timings
60. • JitterBug sends credentials out
Suppose the stolen credential is “ Hi mom”
First step. JitterBug transmit credential to frames
The final string 10010…….…….
Suppose the window size is w=20ms
The modified inter-key stroke timings (modulo 20) should be
10, 0, 0, 10, 0, ……
username password
Presented Scheme – An Simple Example
61. • JitterBug sends credentials out
Second Step. Decide when to delay key stroke timings
By detecting certain keystroke patterns
find a user is working in an interactive ssh session.
Presented Scheme – An Simple Example
62. • JitterBug sends credentials out
Third Step. JitterBug adds delays to the inter-keystroke timings.
The original observed inter-keystroke timings are
123, 145, 333, 813, 140, …. (ms)
The modified inter-key stroke timings (modulo 20) should be
10, 0, 0, 10, 0, ……
Adding delay: 7, 15, 7, 17, 0, ….. (ms)
The final modified inter-key stroke timings:
130, 160, 340, 830, 140, …… (ms)
Presented Scheme – An Simple Example
63. • Receiver extracts the credentials
Covert
Channel
Sender
Covert
Channel
Receiver
Keyboard buffering
& network buffering
OS
Scheduling
Nagle’s
algorithm
Network
jitter
Inside the host system
Outside the host system
Presented Scheme – An Simple Example
64. • Receiver extracts the credentials
137 162 343 833 142
130 162 340 830 140
Presented Scheme – An Simple Example
65. • Receiver extracts the credentials
Presented Scheme – An Simple Example
Inter-key stroke timings
66. • Receiver extracts the credentials
The final modified inter-key stroke timings:
130, 160, 340, 830, 140, …… (ms)
The final received inter-packet stroke timings:
137, 162, 343, 833, 142, ……. (ms)
Window size = 20ms, suppose ɛ = 3ms:
The decoded binaries:
1, 0, 0, 1, 0, …… (ms) Bingo
Presented Scheme – An Simple Example
70. 1. Data line: transmit 8-bit scan code to indicate which key was pressed.
2. Clock line: used to synchronization to indicate when data is valid
3. VCC & GND lines: power lines
Implementation Details
SP/2 Protocol:
Connector Interface
71. Possible Events:
• Key pressed: 11-bit code is sent
-- start bit, 8-bit scan code, odd parity bit, stop bit
• Key released: two 11-bit codes are sent
-- first scan code is FO
-- second scan code is the released key code
• Key held down: 11-bit code is sent every 100 ms
-- scan code is pressed key code
Implementation Details
75. Use PIC microcontroller
Hardware functionalities:
• Identify certain keystroke patterns
– whether to store keystrokes and when to add delay to keystrokes
e.g. Detect “ssh username@host”
1. the following keystrokes should be password. --- should be stored
2. the user will be in interactive ssh session. --- is appropriate for adding delays
• Delay keyboard signal
External interrupt + timer interrupt
Implementation Details
Triggers
EEPROM
External
interrupt
Timer
interrupt
Input
signal
Output
signal
Store
Add delays
79. Data flow:
Evaluation - Accuracy
Covert
Channel
Sender
Covert
Channel
Receiver
Keyboard buffering
& network buffering
OS
Scheduling
Nagle’s
algorithm
Network
jitter
Inside the host system
Outside the host system
80. Data flow:
Evaluation - Accuracy
Covert
Channel
Sender
Covert
Channel
Receiver
Keyboard buffering
& network buffering
OS
Scheduling
Nagle’s
algorithm
Network
jitter
Inside the host system
Outside the host system
High priority in OS scheduling
81. Data flow:
Evaluation - Accuracy
Covert
Channel
Sender
Covert
Channel
Receiver
Keyboard buffering
& network buffering
OS
Scheduling
Nagle’s
algorithm
Network
jitter
Inside the host system
Outside the host system
Handle small packets: Decide when to buffer
data before sending it out in a network packet
By default, disabled !!!
82. Data flow:
Evaluation - Accuracy
Covert
Channel
Sender
Covert
Channel
Receiver
Keyboard buffering
& network buffering
OS
Scheduling
Nagle’s
algorithm
Network
jitter
Inside the host system
Outside the host system
Biggest factor:
Add most randomized noises
83. Evaluation - Accuracy
Experiment settings:
• Source machine is located in University of Pennsylvania
• Interactive SSH Sessions
• Timing information comes from the destination host using
tcpdump
84. Evaluation - Accuracy
How to compare difference between sent and received binaries?
Raw Bit Error
calculated by:
Levenshtein Distance: used when sent and received binaries are of different length
Definition of Levenshtein distance:
86. Evaluation - Accuracy
PlanetLab
• Global research network – setup worldwide network services
• Since 2003, more than 1000 researchers have used PlanetLab
to develop new technologies
87. Evaluation - Accuracy
Factor of geographic locations:
Observations:
• For a fixed window size, the channel performance does not exhibit
any clear trend. In other words, geographic locations do not matter
much to channel performance.
88. Evaluation - Accuracy
Factor of geographic locations:
Observations:
• The smaller the window size is, the higher error rates will
be. But the window size should not be too big as to
perceived by the user.
89. Evaluation - Accuracy
Factor of different applications:
Observations:
• The channel performance is not affected much by the choice
of interactive terminal applications.
90. Evaluation - Accuracy
Factor of different systems:
Observations:
• The channel performance is not affected much by the choice of
operating systems.
91. Evaluation - Accuracy
Factor of different system loads:
Observations:
• The channel performance is not affected much by system load.
94. Evaluation - Bandwidth
• Each keystroke could encode one bit information
How to improve?
• Subdivide the window further to improve
encoding (but may also lead to lower accuracy)
97. Evaluation - Detectability
Rotating time windows:
Assumes:
Alice and Bob shares a sequence of integers
Basically, after Alice sending one bit and Bob receiving one bit,
They will move to the next shared integer.
Inter-key stroke timings
101. Conclusion
• Compromising an input channel is useful not only for
learning secrets, but also for leaking information over
network.
• Loosely coupled network timing channels are practical.
Possible future works:
• Better framing and error correcting schemes
• Better ways to evade detection
102. References
1. Cabuk, S., Broldley, C., and Shields, C. “IP covert timing channels”. (CCS, 04)
2. Cabuk, S. “Network Covert Channels: Design, Analysis, Detection and Elimination”.
(PhD Thesis, Purdue University, 2006)
3. Shah, Gaurav, Andres Molina, and Matt Blaze. "Keyboards and Covert
Channels." USENIX Security. 2006.
Editor's Notes
The notion of covert channel was popularized by the Rainbow Series. The Rainbow Series are a series of computer security guidelines and processes to certificate that a computer system is secure. They were developed by US government in 1980s and 1990s. Basically different colors deal with different aspects of security.
Among them, the Light Pink Book focuses on analysis of covert channels.
Light Pink Book- specifically focus on covert channel analysis
Orange Book
- Centerpiece of the Rainbow Series
- Has requirements on covert channel analysis for specific systems
In a practical instantiation of this problem, Alice and Bob may well be the same person. Consider a machine to which an attacker has unrestricted access for only a short amount of time, and which lies within a closely monitored network. The attacker installs a keylogger on the machine, and wishes to leak passwords to himself in such a way that the owner of the network does not observe that anything untoward is happening.
In a practical instantiation of this problem, Alice and Bob may well be the same person. Consider a machine to which an attacker has unrestricted access for only a short amount of time, and which lies within a closely monitored network. The attacker installs a keylogger on the machine, and wishes to leak passwords to himself in such a way that the owner of the network does not observe that anything untoward is happening.