考虑数据包传输时间分布的定时隐蔽信道容量评估

Highly available systems Pub Date : 1900-01-01 DOI:10.18127/j20729472-202101-04

A. Belozubova, A. Epishkina, K. Kogos

{"title":"考虑数据包传输时间分布的定时隐蔽信道容量评估","authors":"A. Belozubova, A. Epishkina, K. Kogos","doi":"10.18127/j20729472-202101-04","DOIUrl":null,"url":null,"abstract":"Lampson was the first to introduce a covert channel as a channel that was not designed for information transmission. The problem of information leakage via network covert channels has a large scale due to the facts that IP protocol is widely used and has a lot of features to use it for hidden information transmission. Usually covert channels are divided into two groups by transmission technic: storage and timing covert channels. In the paper authors provide brief survey for network timing and storage covert channels as well as methods of information leakage counteraction. According to best practices, information systems and infrastructure have an information security policy with the requirements about allowable level of covert channel capacity. However, to take a decision about any method activation it is important not to allow underestimation of covert channel capacity. For the effective prevention of information leakage via network covert channels authors suggest a way to assess timing covert channel capacity. Two binary timing channels have been investigated: on/off and channel based on inter packet intervals modulation. In on/off covert channel the sender sends a packet during a preliminarily agreed time interval to transmit the bit «1» and does not send to transmit the bit «0». In a covert channel based on inter packet intervals modulation the sender sends packets with different time intervals defining different bits. The scientific novelty consists in taking into account network load conditions while assessing maximum amount of information that can be stealthily transmitted from secure infrastructure to an illegitimate receiver beyond secure perimeter. Authors investigated cases when packet transfer time from the sender to the receiver in the network (PTT) is defined by normal and exponential distribution – the most common distribution according to current research. Covert channel capacity is evaluated as a function of covert channel parameters and parameters of the PTT distribution (DPTT). Conducted research shows that in case when secure officer does not take into account typical load for the network and DPTT type maximum covert channel capacity will most likely be underestimated. If allowable level of covert channel capacity is set up, obtained results allow to take right decision about activation of countermeasures to prevent information leakage.","PeriodicalId":156447,"journal":{"name":"Highly available systems","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evaluation of the timing covert channel capacity considering packet transfer time distribution\",\"authors\":\"A. Belozubova, A. Epishkina, K. Kogos\",\"doi\":\"10.18127/j20729472-202101-04\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Lampson was the first to introduce a covert channel as a channel that was not designed for information transmission. The problem of information leakage via network covert channels has a large scale due to the facts that IP protocol is widely used and has a lot of features to use it for hidden information transmission. Usually covert channels are divided into two groups by transmission technic: storage and timing covert channels. In the paper authors provide brief survey for network timing and storage covert channels as well as methods of information leakage counteraction. According to best practices, information systems and infrastructure have an information security policy with the requirements about allowable level of covert channel capacity. However, to take a decision about any method activation it is important not to allow underestimation of covert channel capacity. For the effective prevention of information leakage via network covert channels authors suggest a way to assess timing covert channel capacity. Two binary timing channels have been investigated: on/off and channel based on inter packet intervals modulation. In on/off covert channel the sender sends a packet during a preliminarily agreed time interval to transmit the bit «1» and does not send to transmit the bit «0». In a covert channel based on inter packet intervals modulation the sender sends packets with different time intervals defining different bits. The scientific novelty consists in taking into account network load conditions while assessing maximum amount of information that can be stealthily transmitted from secure infrastructure to an illegitimate receiver beyond secure perimeter. Authors investigated cases when packet transfer time from the sender to the receiver in the network (PTT) is defined by normal and exponential distribution – the most common distribution according to current research. Covert channel capacity is evaluated as a function of covert channel parameters and parameters of the PTT distribution (DPTT). Conducted research shows that in case when secure officer does not take into account typical load for the network and DPTT type maximum covert channel capacity will most likely be underestimated. If allowable level of covert channel capacity is set up, obtained results allow to take right decision about activation of countermeasures to prevent information leakage.\",\"PeriodicalId\":156447,\"journal\":{\"name\":\"Highly available systems\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Highly available systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.18127/j20729472-202101-04\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Highly available systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.18127/j20729472-202101-04","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

Lampson是第一个引入隐蔽信道的人，隐蔽信道不是为信息传输而设计的。由于IP协议的广泛应用以及其在隐藏信息传输方面的诸多特点，使得网络隐蔽通道的信息泄露问题具有较大的规模。通常按照传输技术将隐蔽信道分为两类:存储隐蔽信道和定时隐蔽信道。本文简要介绍了网络定时和存储隐蔽通道以及防止信息泄漏的方法。根据最佳实践，信息系统和基础设施都有一个信息安全策略，其中包含对隐蔽信道容量的允许级别的要求。然而，要决定任何方法的激活，重要的是不要低估隐蔽信道的容量。为了有效防止网络隐蔽信道的信息泄露，提出了一种定时隐蔽信道容量的评估方法。研究了两种二进制定时信道:开/关信道和基于包间间隔调制的信道。在开/关隐蔽通道中，发送方在初步商定的时间间隔内发送数据包以传输位“1”，而不发送以传输位“0”。在基于包间间隔调制的隐蔽信道中，发送方以定义不同比特的不同时间间隔发送数据包。科学的新颖性在于考虑网络负载条件，同时评估可以从安全基础设施秘密传输到安全边界以外的非法接收器的最大信息量。本文研究了网络中数据包从发送方到接收方传输时间(PTT)由正态分布和指数分布(目前研究中最常见的分布)定义的情况。隐信道容量是隐信道参数和PTT分布参数(DPTT)的函数。进行的研究表明，如果安全官员不考虑网络和DPTT类型的典型负载，最大隐蔽信道容量很可能被低估。如果隐蔽信道容量的允许水平被设置，得到的结果允许对激活对策做出正确的决定，以防止信息泄漏。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Evaluation of the timing covert channel capacity considering packet transfer time distribution

Lampson was the first to introduce a covert channel as a channel that was not designed for information transmission. The problem of information leakage via network covert channels has a large scale due to the facts that IP protocol is widely used and has a lot of features to use it for hidden information transmission. Usually covert channels are divided into two groups by transmission technic: storage and timing covert channels. In the paper authors provide brief survey for network timing and storage covert channels as well as methods of information leakage counteraction. According to best practices, information systems and infrastructure have an information security policy with the requirements about allowable level of covert channel capacity. However, to take a decision about any method activation it is important not to allow underestimation of covert channel capacity. For the effective prevention of information leakage via network covert channels authors suggest a way to assess timing covert channel capacity. Two binary timing channels have been investigated: on/off and channel based on inter packet intervals modulation. In on/off covert channel the sender sends a packet during a preliminarily agreed time interval to transmit the bit «1» and does not send to transmit the bit «0». In a covert channel based on inter packet intervals modulation the sender sends packets with different time intervals defining different bits. The scientific novelty consists in taking into account network load conditions while assessing maximum amount of information that can be stealthily transmitted from secure infrastructure to an illegitimate receiver beyond secure perimeter. Authors investigated cases when packet transfer time from the sender to the receiver in the network (PTT) is defined by normal and exponential distribution – the most common distribution according to current research. Covert channel capacity is evaluated as a function of covert channel parameters and parameters of the PTT distribution (DPTT). Conducted research shows that in case when secure officer does not take into account typical load for the network and DPTT type maximum covert channel capacity will most likely be underestimated. If allowable level of covert channel capacity is set up, obtained results allow to take right decision about activation of countermeasures to prevent information leakage.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Highly available systems

自引率

0.00%

发文量