Applying covert channel in TCP Fast Open (TFO) / Mohamed Azran Aziz
Covert channel is one of the techniques that is used in information hiding. It uses communication channel as a medium for transmitting hidden information. There are two main categories in covert channel namely storage covert channel and timing covert channel. Storage covert channel basically mani...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Published: |
2019
|
Subjects: | |
Online Access: | http://studentsrepo.um.edu.my/11799/1/Mohamed_Azran.pdf http://studentsrepo.um.edu.my/11799/2/Mohamed_Azran.pdf http://studentsrepo.um.edu.my/11799/ |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Covert channel is one of the techniques that is used in information hiding. It uses
communication channel as a medium for transmitting hidden information. There are two
main categories in covert channel namely storage covert channel and timing covert
channel. Storage covert channel basically manipulate existing data and/or encode hidden
messages within legitimate data. Whereas, timing covert channel intentionally manipulate
timing behaviour of resources e.g. delaying between packets to create codes. There are
many implementations of covert channel in TCP that use various fields in the TCP header
such as Sequence Number, Urgent Pointer and reserved fields. Techniques such as field
replacement, create intended delays and manipulating random values are used in
implementing covert channel in TCP. Moreover, covert channel implementations also
extended to optional fields such as Maximum Segment Size (MSS) and Timestamps.
From time to time these optional fields (TCP Options) get evolved (e.g. Quick-Start
Response - 2007, TCP Authentication Option – 2010 and TCP Fast Open -2014) and thus
more potential covert channel implementations can be discovered. TCP Fast Open (TFO)
is one of the latest TCP options that offers faster transmission performances between
nodes. It utilises up to 16 bytes in allocated options field in TCP header as its message
authentication code (MAC). Previous covert channel implementations cover various
fields in the TCP header but not TFO. The aim of this study is to introduce covert channel
in TFO by manipulating allocated options field in the TCP header known as TFO cookie.
Subsequent to this, observation on performances are investigated as to detect any changes
in semantic as well as syntax of TFO transactions. To conduct this study, tools are built
to manipulate incoming and outgoing packet transactions and create covert content in
allocated options field in TCP header. Further, performance test is conducted to observe any changes in transactions between implemented covert channel TFO and ordinary TFO.
The results of the tests show covert content is transferred successfully between receiver
and sender without breaking TFO transaction. Moreover, the results also show there are
no significance performance degradation when applying covert channel into TFO. These
results indicate that covert channel can be created in TFO and works normally as ordinary
TFO. On this basis, it would make covert channel in TFO as one of latest alternative
methods in implementation of covert channel in TCP.
|
---|