Hiding out in plaintext : covert messaging with bitwsie summations
Perkins, Michael C. (2005) Hiding out in plaintext : covert messaging with bitwsie summations. Masters thesis, Iowa State University.
Full text available as:
Network-based information hiding is possible in even the most adverse conditions such as when an active warden reduces packets into a canonical form and enforces protocol specification. Covert channels in the TCP/IP protocol suite are surveyed from the network layer up to the application layer which is given special emphasis. Active wardens are discussed in detail, as those network devices attempt to thwart covert communications. Application layer hiding techniques are gaining popularity and can be viewed as a response to active wardens. However, even the best application layer techniques tend to be confined to a particular protocol. We define the theoretical foundations for a new scheme in which bitwise summations of application layer messages convey covert bits. A set of large HTTP queries is taken from Internet Traffic Archive for analysis. Two bitwise summation methods, an ad-hoc and a blind (cryptographic), are compared using the Web repository. The viability of both methods is established, though the cryptographic findings are more conclusive. Following the test results, a client/server model is outlined that utilizes either the ad-hoc or the blind method for covert communication. Development of a functioning prototype based on that model is described as well. The client, called tcphalm for hide application layer messages, can communicate without the requirement of superuser privileges by gathering socket messages through system call interposition. The server, tcphalmd, only supports the HTTP protocol but is demonstrative enough so that other application protocols can easily be incorporated into the code. Finally, future work is discussed which includes steps concerned network administrators can take to combat application layer hiding techniques. However, because hiding techniques can be adapted to handle such countermeasures, the covert messaging arms race will likely continue well into the future. For now, information hiding methods that employ bitwise summations enjoy a sizeable advantage over active wardens.
Archive Staff Only: edit this record