fadhila
Uploaded by
14 SLIDES
279 VUES
140LIKES

Understanding Covert Data Channels: Insider Threats and Detection Mechanisms

DESCRIPTION

This overview discusses covert data channels arising from insider threats, focusing on covert storage and timing channels. Covert storage involves manipulating standard network packets to carry hidden data, while covert timing alters the timing of legitimate traffic to transmit information discreetly. We explore the operation, efficacy, and detection methods, particularly emphasizing entropy-based approaches. The implications of IP spoofing and protocol vulnerabilities in highly restricted environments are also examined, showcasing the importance of effective detection strategies to counter covert data exfiltration.

1 / 14

Télécharger la présentation

Understanding Covert Data Channels: Insider Threats and Detection Mechanisms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Covert Data Channels When Insiders Attack

  2. Overview • Introduction • Covert Storage Channels • Covert Timing Channels • Channel Operation • Channel Detection • Discussion Ping Ping Ping Ping

  3. Introduction • Altering otherwise normal network traffic to secretly transmit information

  4. Covert Storage Channels • Data is written to and read from sections of network packets not intended for data transmission. • Altering packet payload data is usually considered subliminal instead of covert. • Use space in protocol headers

  5. Covert Timing Channels • Alter the timing of otherwise legitimate network traffic to transmit data • Two types of timing channels: Active and Passive • IP Covert Timing Channels • Time-Replay Timing Channels • JitterBug

  6. Channel Operation • Efficacy • Contention noise • Jitter • Speed • US Constitution • 7620 words, 45703 characters, 14298 zip • 1 Mbps line, 85 packets per second

  7. Channel Detection • Similarity • Compressibility • Entropy

  8. Discussion • How could IP spoofing be used with covert channels? • What protocols might be useable even on an extremely locked down network?

  9. References [1] Gianvecchio, S. and Wang, H. 2007. Detecting covert timing channels: an entropy-based approach. In Proceedings of the 14th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 28 - 31, 2007). CCS '07. ACM, New York, NY, pp. 307-316. [2] Cabuk, S., Brodley, C., and Shields, C. 2009. IP Covert Channel Detection. ACM Transactions on Information System Security, Volume 12, Issue 4 (Apr. 2009), pp. 1-29. [3] Thyer, J. 2008. Covert Data Storage Channel Using IP Packet Headers. Global Information Assurance Certification, Gold Certification, SANS Institute, pp. 1-53.

More Related