• International Journal of Internet, Broadcasting and Communication
• /
• 제13권1호
• /
• pp.243-248
• /
• 2021

Although many different types of covert channels have been suggested in the literature, there are little work in directly applying game theory to building up covert channel. This is because researchers have mainly focused on tailoring game theory for covert channel analysis, identification, and covert channel problem solving. Unlike typical adaptation of game theory to covert channel, we show that game theory can be utilized to establish a new type of covert channel in IoT devices. More specifically, we propose a covert channel that can be constructed by utilizing the Nash Equilibrium with sensor data collected from IoT devices. For covert channel construction, we set random seed to the value of sensor data and make payoff from random number created by running pseudo random number generator with the configured random seed. We generate I × J (I ≥ 2, J ≥ 2) matrix game with these generated payoffs and attempt to obtain the Nash Equilibrium. Covert channel construction method is distinctly determined in accordance with whether or not to acquire the Nash Equilibrium.

• International journal of advanced smart convergence
• /
• 제10권3호
• /
• pp.10-16
• /
• 2021

In this paper, we devise a Shapley-value-based covert channel in smartphones. More specifically, unlike ordinary use of Shapley value in cooperative game, we make use of a series of Shapley values, which are computed from sensor data collected from smartphones, in order to create a covert channel between encoding smartphone and decoding smartphone. To the best of our knowledge, we are the first to contrive covert channel based on Shapley values. We evaluate the encoding process of our proposed covert channel through simulation and present our evaluation results.

• 정보보호학회논문지
• /
• 제29권5호
• /
• pp.961-971
• /
• 2019

공유 자원 간섭으로 인해 가상머신 간의 격리가 위반되고 은닉 채널 구현이 가능해서 클라우드 컴퓨팅 환경에서 가상머신 간의 격리는 중요 보안 요소이다. 본 논문에서는 Hyper-V 하이퍼바이저의 구조를 분석하여 가상머신 간의 은닉 채널을 구현한다. Hyper-V는 가상머신 간의 상호 배제를 위해 mutex(mutual exclusion) 기법을 사용한다. Mutex로 인해 가상머신 간의 간섭이 발생하고 은닉 채널 구현이 가능함을 밝힌다. 구조가 복잡한 Hyper-V에 적용가능한 mutex 자원 탐색 방안을 고안하여 은닉 채널을 다수 구현하였다. Mutex 기반 은닉 채널은 하드웨어 의존적이지 않으며, 은닉 채널이 탐지되거나 방어되는 경우 다수의 은닉 채널 중에서 다른 은닉 채널을 이용하면 방어 기법 회피가 가능하다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권8호
• /
• pp.3550-3566
• /
• 2020

As a widely used way to exfiltrate information, wireless covert channel (WCC) brings a serious threat to communication security, which enables the wireless communication process to bypass the authorized access control mechanism to disclose information. Unlike the covert channel on the network layer, wireless covert channels on the physical layer (WCC-P) is a new covert communication mode to implement and improve covert wireless communication. Existing WCC-P scheme modulates the secret message bits into the Gaussian noise, which is also called covert digital communication system based on the joint normal distribution (CJND). Finding the existence of this type of covert channel remains a challenging work due to its high undetectability. In this paper, we exploit the square autocorrelation coefficient (SAC) characteristic of the CJND signal to distinguish the covert communication from legitimate communication. We study the sharp increase of the SAC value when the offset is equal to the symbol length, which is caused by embedding secret information. Then, the SAC value of the measured sample is compared with the threshold value to determine whether the measured sample is CJND sample. When the signal-to-noise ratio reaches 20db, the detection accuracy can reach more than 90%.

• ETRI Journal
• /
• 제43권3호
• /
• pp.561-570
• /
• 2021

This paper presents master key identifier based protocol steganography (MKIPS), a new approach toward creating a covert channel within the Secure Real-time Transfer Protocol, also known as SRTP. This can be achieved using the ability of the sender of Voice-over-Internet Protocol packets to select a master key from a pre-shared list of available cryptographic keys. This list is handed to the SRTP sender and receiver by an external key management protocol during session initiation. In this work, by intelligent utilization of the master key identifier field in the SRTP packet creation process, a covert channel is created. The proposed covert channel can reach a relatively high transfer rate, and its capacity may vary based on the underlying SRTP channel properties. In comparison to existing data embedding methods in SRTP, MKIPS can convey a secret message without adding to the traffic overhead of the channel and packet loss in the destination. Additionally, the proposed covert channel is as robust as its underlying user datagram protocol channel.

• International journal of advanced smart convergence
• /
• 제6권4호
• /
• pp.56-59
• /
• 2017

In this paper, we design a covert channel based on instruction gadgets in smart sensing devices. Unlike the existing convert channels that usually utilize diverse physical characteristics or user behaviors or sensory data of smart sensing devices, we show that instruction gadgets could be exploited for covert channel establishment in smart sensing devices. In our devised covert channels, trojan smart sensing devices exchange attack packets in such a way that they encode an attack bit in attack packet to a series of addresses of instruction gadgets and decode an attack bit from a series of addresses of instruction gadgets.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권4호
• /
• pp.1866-1883
• /
• 2019

As the youngest branch of information hiding, network covert timing channels conceal the existence of secret messages by manipulating the timing information of the overt traffic. The popular model-based framework for constructing covert timing channels always utilizes cumulative distribution function (CDF) of the inter-packet delays (IPDs) to modulate secret messages, whereas discards high-order statistics of the IPDs completely. The consequence is the vulnerability to high-order statistical tests, e.g., entropy test. In this study, a rich security model of covert timing channels is established based on IPD chains, which can be used to measure the distortion of multi-order timing statistics of a covert timing channel. To achieve rich security, we propose two types of covert timing channels based on nested lattices. The CDF of the IPDs is used to construct dot-lattice and interval-lattice for quantization, which can ensure the cell density of the lattice consistent with the joint distribution of the IPDs. Furthermore, compensative quantization and guard band strategy are employed to eliminate the regularity and enhance the robustness, respectively. Experimental results on real traffic show that the proposed schemes are rich-secure, and robust to channel interference, whereas some state-of-the-art covert timing channels cannot evade detection under the rich security model.

• 한국정보보호학회:학술대회논문집
• /
• 한국정보보호학회 2001년도 종합학술발표회논문집
• /
• pp.340-347
• /
• 2001

MAC(Mandatory Access Control)이나 MLS(Multi Level Security) 보안정책이 적용된 보안운영체제는 주체와 객체에 보안등급(Security Level)과 영역(Category) 값을 부여하고, 부여된 이들 정보에 의해 객체에 행해지는 주체의 접근을 제한한다. 하지만, 이러한 MAC과 MLS 보안이 적용된 경우라 하더라도 시스템의 보안정책을 위반하며 불법적 정보를 유통하게 하는 경로가 있을 수 있다. 본 논문에서는 불법적 정보의 유통경로가 되고 있는 IPC(Inter Process Communication) 메커니즘과 스토리지에 의한 비밀채널을(Covert Channel) 문제 해결 위해 커널 수준의 설계와 구현을 시도하였다. IPC 메커니즘에 의한 불법적 정보흐름 제거를 위해 IPC 메커니즘에 MLS 보안정책을 적용하였고, 스토리지 비밀채널는 시스템 콜 명세를 분석하여 이를 식별, 감사, 지연처리가 가능토록 하였다.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2024년도 춘계학술발표대회
• /
• pp.395-396
• /
• 2024

최근 국가 핵심 기반시설을 중단시키거나 파괴시킴으로서 사회적 혼란 및 국가 경제적 손실을 일으키는 공격 사례가 증가되고 있는 실정이다. 이와 같은 사이버 공격에 대응하기 위해 각 국가는 인터넷이나 다른 네트워크와 물리적 또는 논리적으로 분리되어 있는 폐쇄망 환경을 기반으로 기반시설을 구성함으로서 높은 수준의 보안성과 안정성을 유지하고자 한다. 하지만, 악의적인 공격자들은 Covert Channel을 통해 폐쇄망 환경 내 민감한 데이터 및 기밀 데이터를 탈취하고 있는 실정이다. 이에 본 논문에서는 음향신호 기반 Covert Channel 공격 기술에 대해 분석함으로써 안전한 폐쇄망 환경 구축의 필요성을 보이고자 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권4호
• /
• pp.1927-1943
• /
• 2016

Jitterbug is a passive network covert timing channel supplying reliable stealthy transmission. It is also the basic manner of some improved covert timing channels designed for higher undetectability. The existing entropy-based detection scheme based on training sample binning may suffer from model mismatching, which results in detection performance deterioration. In this paper, a new detection method based on the feature of Jitterbug covert channel traffic is proposed. A fixed binning strategy without training samples is used to obtain bins distribution feature. Coefficient of variation (CV) is calculated for several sets of selected bins and the weighted mean is used to calculate the final CV value to distinguish Jitterbug from normal traffic. Furthermore, the timing window parameter of Jitterbug is estimated based on the detected traffic. Experimental results show that the proposed detection method can achieve high detection performance even with interference of network jitter, and the parameter estimation method can provide accurate values after accumulating plenty of detected samples.