Details
| DOI: | 10.1145/3424954.3424962 |
|---|---|
| Publication type: | Conference paper |
| Conference: | EICC 2020: European Interdisciplinary Cybersecurity Conference |
| Location: | Rennes, France |
| Online publication date: | 2020-11-18 |
Abstract
Network covert channels embedded within network conversations are becoming widely adopted to enforce privacy of users or bypass censorship attempts as well as by malware to remain unnoticed while exfiltrating data or coordinating an attack. As a consequence, being able to design a network covert channel or anticipate its exploitation is of paramount importance to fully assess the security of the Internet. Since prime requirements for a successful covert channel are its stealthiness and bandwidth, the popularity, availability and performances of the overt traffic flows used as the carrier play a major role. Therefore, in this paper we investigate the use of ubiquitous Transport Layer Security (TLS) to contain hidden information for implementing network covert channels. Specifically, we review seven methods targeting TLS traffic and investigate the performances of three covert channels through an experimental measurement campaign. Obtained results indicate the feasibility of using TLS traffic as the carrier and also allow to derive some general indications for the development of countermeasures.
Authors
- Corinna Heinz
FernUniversität in Hagen
Hagen, Germany - Wojciech Mazurczyk
This email address is being protected from spambots. You need JavaScript enabled to view it.
Warsaw University of Technology
Warsaw, Poland - Luca Caviglione
This email address is being protected from spambots. You need JavaScript enabled to view it.
National Research Council of Italy
Genoa, Italy