International Journal of Innovative Research and Development

Open Access Open Access  Restricted Access Subscription Access

New Approach towards Covert Communication using TCP-SQN Reference Model


 

Covert channel stands for transfer of unintended information. It allows the attacker to send as well as receive the secrete message without being identified or detected by the Network administrator or the warden in the network. There are several ways to implement such covert channels; one of them is storage covert channel where data is sent through certain header field of TCP, IP protocol stack. However there is always some possibility of these covert channels being identified. Here, we propose a new covert channel technique, ‘TCP-SQN Reference Model’. In this technique a new covert channel is created in Linux kernel, using TCP Sequence Number as a reference for sending the covert information. The idea of our proposed model is, sender is not actually embedding the secrete message into the TCP-SQN filed; instead the sender uses it as a reference, to convey the secret message to the receiver. As sender is not actually modifying the TCP-SQN filed, the sequence number is observed as a normal packet distribution, which is created by any Linux or BSD Kernel. So it is difficult to distinguish overt and covert packet in the network.


Keywords

Covert channel, TCP/IP, TCP Headers, TCP ISN, TCP-SQN (Sequence Number)
User
Notifications
Font Size

Abstract Views: 129

PDF Views: 0




  • New Approach towards Covert Communication using TCP-SQN Reference Model

Abstract Views: 129  |  PDF Views: 0

Authors

Abstract


Covert channel stands for transfer of unintended information. It allows the attacker to send as well as receive the secrete message without being identified or detected by the Network administrator or the warden in the network. There are several ways to implement such covert channels; one of them is storage covert channel where data is sent through certain header field of TCP, IP protocol stack. However there is always some possibility of these covert channels being identified. Here, we propose a new covert channel technique, ‘TCP-SQN Reference Model’. In this technique a new covert channel is created in Linux kernel, using TCP Sequence Number as a reference for sending the covert information. The idea of our proposed model is, sender is not actually embedding the secrete message into the TCP-SQN filed; instead the sender uses it as a reference, to convey the secret message to the receiver. As sender is not actually modifying the TCP-SQN filed, the sequence number is observed as a normal packet distribution, which is created by any Linux or BSD Kernel. So it is difficult to distinguish overt and covert packet in the network.


Keywords


Covert channel, TCP/IP, TCP Headers, TCP ISN, TCP-SQN (Sequence Number)