ABOUT ME | BLOGS | SOFTWARE PROJECTS | RESEARCH | PUBLICATIONS | wendzel.de

 
Blog: IT-Security
Introducing Protocol Channels

Protocol Channels are a new technique to create storage channels. I uploaded a paper about it.

Autor/Author: Steffen Wendzel Dipl.-Inform. (FH) Steffen Wendzel (Date/Datum: 2008-09-12-02:13, Hits: 2697)

The paper is available since 2:00 this morning and it would be great to receive some feedback. You can find it here.

But what are such 'Protocol Channels'? A protocol channel is a new covert channel technique that only uses different protocols to transfer bit combinations. If -- for example -- the DNS protocol means a 1-bit and RIP means a 0-bit, the packet combination DNS, DNS, RIP, DNS would then transfer the bits 1101 trough the channel.

Abstract: A protocol channel switches one of at least two protocols to send a bit combination to a destination while sent packets include no hidden information themselves.

Edit on Dec-28-2008: The uploaded paper is outdated. I currently write my diploma thesis about this topic and will upload it in a few months giving your many more details, an exact definition of the topic and a proof of concept implementation. But as long as the work is unfinished and as long as I not received my diploma, I can not talk about new details I found out.

Edit on Jul-26-2009: The full version of this paper is online now since I already finished my diploma thesis in May. You can find the paper here. More information is also available if you click the links RESEARCH or PUBLICATIONS on this site.


____________
Bookmark and Share

Kommentare:

Von: TurboBorland
I can t wait to read the new paper as I can not access your old one and haven t read it.
The main problem (and difference) I see is you re using a 2-bit system to send your traffic. Although many protocols can stand for 1 and 0 and still be random, it is still not as dynamic (as a important secret channel should be) to the people who would use it. You have 2 options that the port number could stand for, if someone knew of your technique and knew the 0 and 1 trick, than in time they could easily reverse it. The reason I created mine the way I did is the encryption/encoding process is completely up to the user and can be as simple/complex as you want it.
However, I know that the above was just an example you tried to convey, so it s maybe not how you would use your channel. I would love to talk to you over some other form of communication about any other comparisons between yours and mine as you have probably spent much more time working with yours.
P.S. - I hope you mentioned active wardens and/or network stabilizers in your paper.
____
Von: Steffen
You are right, the 2 bit system was just one example of it. Your port example is also only a example of what I call a protocol channel since this is an abstract protocol information. You can also use protocol ID within ethernet frames and the like. You can contact me via email, I need to mention your paper in my thesis since you published your information faster than I did.
____
Von: Steffen
PS. steffen (at) ploetner-it (dot) de

We maybe can work together in future research projects.
____

____

Kommentar verfassen / Post a comment:

Name:
Enter this Security Code:


 
Current Books


Einstieg in Linux


Linux. Das umfassende Handbuch
Copyright © 2001-2010 Steffen Wendzel (wendzel.de), site v. 7.15 Impressum     |     VeoVes Ltd. & Co. KG Inmolibre Real Estate Portal Engine; Websites I made: inmolibre.com (MX), Inmuebles-Chile.com, Zeitarbeiter-Wohnungen, Neu-im-Studium-Blog
Site Changelog