TU Darmstadt / ULB / TUbiblio

Limiting MitM to MitE Covert-Channels

Herzberg, Amir and Shulman, Haya (2013):
Limiting MitM to MitE Covert-Channels.
In: 2013 International Conference on Availability, Reliability and Security, IEEE Computer Society, Regensburg, Germany, In: ARES 2013, DOI: 10.1109/ARES.2013.138, [Conference or Workshop Item]

Abstract

We study covert channels between a MitM attacker, and her MitE 'malware', running within the protected network of a victim organisation, and how to prevent or limit such channels. Our focus is on advanced timing channels, that allow communication between the MitM and MitE, even when hosts inside the protected network are restricted to only communicate to other (local and remote) hosts in the protected network. Furthermore, we assume communication is encrypted with fixed packet size (padding). We show that these do not suffice to prevent covert channels between MitM and MitE; furthermore, we show that even if we restrict communication to a constant rate, e.g., one packet everysecond, communication from MitE to MitM is still possible.We present efficient traffic shapers against covert channels between MitM and MitE. Our solutions preserve efficiency and bounded delay (QoS), while limiting covert traffic leakage, in both directions.

Item Type: Conference or Workshop Item
Erschienen: 2013
Creators: Herzberg, Amir and Shulman, Haya
Title: Limiting MitM to MitE Covert-Channels
Language: English
Abstract:

We study covert channels between a MitM attacker, and her MitE 'malware', running within the protected network of a victim organisation, and how to prevent or limit such channels. Our focus is on advanced timing channels, that allow communication between the MitM and MitE, even when hosts inside the protected network are restricted to only communicate to other (local and remote) hosts in the protected network. Furthermore, we assume communication is encrypted with fixed packet size (padding). We show that these do not suffice to prevent covert channels between MitM and MitE; furthermore, we show that even if we restrict communication to a constant rate, e.g., one packet everysecond, communication from MitE to MitM is still possible.We present efficient traffic shapers against covert channels between MitM and MitE. Our solutions preserve efficiency and bounded delay (QoS), while limiting covert traffic leakage, in both directions.

Title of Book: 2013 International Conference on Availability, Reliability and Security
Series Name: ARES 2013
Publisher: IEEE Computer Society
Uncontrolled Keywords: Logic gates, Delays, Virtual private networks, Internet, Quality of service, Bandwidth
Divisions: Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Event Location: Regensburg, Germany
Date Deposited: 24 Aug 2017 17:06
DOI: 10.1109/ARES.2013.138
Identification Number: TUD-CS-2013-0473
Export:

Optionen (nur für Redakteure)

View Item View Item