Analysis of Reversible Network Covert Channels
In the last years, the utilization of information hiding techniques for empowering modern strains of malware has become a serious concern for security experts. Such an approach allows attackers to act in a stealthy manner, for instance, to covertly exfiltrate confidential data or retrieve additional...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2022-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9758688/ |
| _version_ | 1818504487472463872 |
|---|---|
| author | Przemyslaw Szary Wojciech Mazurczyk Steffen Wendzel Luca Caviglione |
| author_facet | Przemyslaw Szary Wojciech Mazurczyk Steffen Wendzel Luca Caviglione |
| author_sort | Przemyslaw Szary |
| collection | DOAJ |
| description | In the last years, the utilization of information hiding techniques for empowering modern strains of malware has become a serious concern for security experts. Such an approach allows attackers to act in a stealthy manner, for instance, to covertly exfiltrate confidential data or retrieve additional command & control payloads for the operation of malware. Therefore, the deep understanding of data hiding mechanisms is a core requirement, as it allows designing effective countermeasures. Unfortunately, the most recent evolution of information-hiding-capable threats enjoys <italic>reversible</italic> properties, i.e., the abused network flow is restored to its original form. Hence, detection approaches based on the comparison of different traffic samples may not work anymore. In this paper, we further investigate various methods for performing reversible data hiding for network covert channels. Specifically, we extend our previous research by considering different scenarios focusing on IPv4 traffic and HTTP conversations. The results confirm that reversibility can be used in various network conditions and is not impaired by middleboxes. In addition, engineering countermeasures or mitigation techniques could be difficult, thus requiring to consider reversible mechanisms already in the early design stages of a protocol/deployment. |
| first_indexed | 2024-12-10T21:37:44Z |
| format | Article |
| id | doaj.art-1e81f2b5a95647c89d261b1d95f5f505 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-10T21:37:44Z |
| publishDate | 2022-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-1e81f2b5a95647c89d261b1d95f5f5052022-12-22T01:32:36ZengIEEEIEEE Access2169-35362022-01-0110412264123810.1109/ACCESS.2022.31680189758688Analysis of Reversible Network Covert ChannelsPrzemyslaw Szary0https://orcid.org/0000-0002-7540-2333Wojciech Mazurczyk1https://orcid.org/0000-0002-8509-4127Steffen Wendzel2https://orcid.org/0000-0002-1913-5912Luca Caviglione3https://orcid.org/0000-0001-6466-3354Warsaw University of Technology, Warsaw, PolandWarsaw University of Technology, Warsaw, PolandWorms University of Applied Science, Worms, GermanyNational Research Council of Italy, Genova, ItalyIn the last years, the utilization of information hiding techniques for empowering modern strains of malware has become a serious concern for security experts. Such an approach allows attackers to act in a stealthy manner, for instance, to covertly exfiltrate confidential data or retrieve additional command & control payloads for the operation of malware. Therefore, the deep understanding of data hiding mechanisms is a core requirement, as it allows designing effective countermeasures. Unfortunately, the most recent evolution of information-hiding-capable threats enjoys <italic>reversible</italic> properties, i.e., the abused network flow is restored to its original form. Hence, detection approaches based on the comparison of different traffic samples may not work anymore. In this paper, we further investigate various methods for performing reversible data hiding for network covert channels. Specifically, we extend our previous research by considering different scenarios focusing on IPv4 traffic and HTTP conversations. The results confirm that reversibility can be used in various network conditions and is not impaired by middleboxes. In addition, engineering countermeasures or mitigation techniques could be difficult, thus requiring to consider reversible mechanisms already in the early design stages of a protocol/deployment.https://ieeexplore.ieee.org/document/9758688/Covert channelsinformation hidingnetwork securitynetwork steganographyreversible data hiding |
| spellingShingle | Przemyslaw Szary Wojciech Mazurczyk Steffen Wendzel Luca Caviglione Analysis of Reversible Network Covert Channels IEEE Access Covert channels information hiding network security network steganography reversible data hiding |
| title | Analysis of Reversible Network Covert Channels |
| title_full | Analysis of Reversible Network Covert Channels |
| title_fullStr | Analysis of Reversible Network Covert Channels |
| title_full_unstemmed | Analysis of Reversible Network Covert Channels |
| title_short | Analysis of Reversible Network Covert Channels |
| title_sort | analysis of reversible network covert channels |
| topic | Covert channels information hiding network security network steganography reversible data hiding |
| url | https://ieeexplore.ieee.org/document/9758688/ |
| work_keys_str_mv | AT przemyslawszary analysisofreversiblenetworkcovertchannels AT wojciechmazurczyk analysisofreversiblenetworkcovertchannels AT steffenwendzel analysisofreversiblenetworkcovertchannels AT lucacaviglione analysisofreversiblenetworkcovertchannels |