COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. |
University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > Covert channels in TCP/IP: attack and defence
Covert channels in TCP/IP: attack and defenceAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Saar Drimer. This talk will show how idiosyncrasies in TCP /IP implementations can be used to reveal the use of several steganography schemes, and how they can be fixed. The analysis can even be extended to remotely identify the physical machine being used. A number of steganography techniques have been designed to insert a covert channel into seemingly random TCP /IP fields, such as the IP ID , TCP initial sequence number (ISN) or the least significant bits of the TCP timestamp. While compliant with the TCP /IP specification, their output is unlike that an unmodified operating system would generate. This talk will show how by taking in account the implementation of the TCP /IP stack, a number of such specification-based steganography schemes can be broken. This includes Nushu, an ISN based scheme presented at 21C3. Firstly the talk will introduce the field of covert channels and TCP /IP steganography in particular, giving an overview of the steganographic potential of different fields in the protocol. This will show that only the IP ID and TCP ISN can be plausibly used for steganography. The talk will then describe how these fields are generated, and how steganography schemes which do not properly take in account these algorithms can be detected. The talk will then present improved TCP /IP steganography schemes for Linux and OpenBSD which, by deriving a reversible transformation from the standard TCP /IP stacks’ implementation, make a much harder to detect covert channel. Such a scheme can be shown to be as strong as the underlying encryption, when attacked by an adversary monitoring packet content. Finally, a side effect of the steganography detection system is to reveal microsecond-level deviations in the clock speed of the device being monitored. Clock-skew varies from computer to computer so can act as a fingerprint of a particular physical device. This talk will show how this fact can be used to track physical devices across the Internet, and how the use of TCP IS Ns can improve over schemes based on TCP timestamps. This work was done in conjunction with Stephen Lewis. This talk is part of the Computer Laboratory Security Seminar series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsViolence Research Center Quantum Fields and Strings Seminars Chi Han WorkshopOther talks"The integrated stress response – a double edged sword in skeletal development and disease" Mesembs - Actual and Digital Skyrmions, Quantum Graphs and Carbon-12 Arriva Trains Wales by Tom Joyner Plastics in the Ocean: Challenges and Solutions Wetting and elasticity: 2 experimental illustrations The Rise of Augmented Intelligence in Edge Networks The Global Warming Sceptic Picturing the Heart in 2020 Towards a whole brain model of perceptual learning Black and British Migration Exhibiting Ice Age Cambridge |