Network covert channels (network steganographic hiding methods) are used to hide communication inside network communications. Within the last decades, various techniques for covert channels arose. We surveyed and analyzed 130+ techniques developed between 1987 and 2015 and show that these techniques can be reduced to only few so-called patterns (Wendzel et al., 2015 (preprint); Wendzel et al., 2016; Mazurczyk et al., 2016). Patterns are simple and abstract descriptions of a hiding technique's core idea.

We found that the majority (83%) of the evaluated hiding techniques can be categorized in only six different patterns; 63% of all hiding techniques can even by categorized in only three different patterns (Wendzel et al., 2016). This shows that most of the techniques we surveyed are very similar.

This website provides our pattern catalog to the scientific community and allows discussion and extension of the catalog. Our pattern catalog will serve as a basis for future covert channel novelty evaluation. In addition, our approach lays the foundation for pattern-based countermeasures: While many current countermeasures were developed for specific channels, a pattern-oriented approach allows to apply one countermeasure to multiple channels. Hence, future countermeasure development can focus on patterns, and the development of real-world protection against covert channels is greatly simplified.

What is the basis for this catalog?
We described the details of the pattern-based approach in the following articles, especially (Wendzel et al., 2015), which also provides various additional ideas related to hiding patterns, such as pattern variation and pattern hopping.

S. Wendzel, S. Zander, B. Fechner, C. Herdin (2015): Pattern-based Survey and Categorization of Network Covert Channel Techniques, ACM Computing Surveys (CACM), Vol. 47, Issue 3, pp. 50:1-26, ACM. The version originally submitted to the journal is available on ResearchGate: download.

S. Wendzel, W. Mazurczyk, S. Zander (2016): Unified Description Method for Network Information Hiding Methods, in: Journal of Universal Computer Science (J.UCS), Vol. 22, Issue 11. (This work proposes a method for the description of hiding methods in a unified and comparable structure.)

W. Mazurczyk, S. Wendzel, S. Zander, A. Houmansadr, K. Szczypiorski (2016): Information Hiding in Communication Networks, Wiley-IEEE. (Chapters 3 and 8 contain discussions on hiding patterns, basically on the basis of the above-mentioned CACM article but with an extension of timing-based patterns.)

More own work on hiding patterns:
S. Wendzel, C. Palmer (2015): Creativity in Mind: Evaluating and Maintaining Advances in Network Steganographic Research, in: Journal of Universal Computer Science (J.UCS), Vol. 21, Issue 12, pp. 1684-1705. (The article provides a framework on how to apply hiding patterns in scientific practice, especially within peer-review.)
S. Wendzel and W. Mazurczyk (2016): An Educational Network Protocol for Covert Channel Analysis Using Patterns (Poster), in Proc. 23rd ACM Conference on Computer and Communications Security (CCS'2016), pp. 1739-1741. (This work explains how our patterns can be used in higher education. You can also download our conference poster (PDF).)

Keine Kommentare: