Difference between revisions of "Hidden channels"

Revision as of 14:15, 10 October 2008

Hidden channels (covert channels) are communication channels that transmit information without the authorization or knowledge of the channel's designer, owner, or operator.

Common Uses

Bypassing network filters;
Bypassing network sniffers.

Techniques

Information can be hidden within:

IP ID;
TCP SEQ/ACK numbers;
TCP options;
etc.

Detection of hidden channels

Generally, it is impossible to detect well-designed hidden channels by means of traffic analysis. For example, information hidden within TLS Client/Server Hello random bytes in encrypted form cannot be distinguished from bytes produced by secure random number generator.

However, it is possible to detect hidden channels by detecting attendant events, such as successful intrusion attempts.

External Links

Covert Channels in the TCP/IP Protocol Suite

@@ Line 1: / Line 1: @@
-{{expand}}
 '''Hidden channels''' (covert channels) are communication channels that transmit information without the authorization or knowledge of the channel's designer, owner, or operator.
@@ Line 16: / Line 14: @@
 * TCP options;
 * etc.
+== Detection of hidden channels ==
+Generally, it is impossible to detect well-designed hidden channels by means of traffic analysis. For example, information hidden within TLS ''Client/Server Hello'' random bytes in encrypted form cannot be distinguished from bytes produced by secure random number generator.
+However, it is possible to detect hidden channels by detecting attendant events, such as successful intrusion attempts.
 == External Links ==

Difference between revisions of "Hidden channels"

Revision as of 14:15, 10 October 2008

Contents

Common Uses

Techniques

Detection of hidden channels

External Links

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation:

About forensicswiki.org:

Toolbox