Renaud Bidou - Radware Frédéric Raynal - MISC Magazine
keywords : covert, channels, storage, timing, resource, subliminal, network, bounce, multiplexing, portknocker
Information and communication dissimulation is not a new topic. However applications remains numerous and most recent techniques make such channels more difficult to detect. This can be a good thing if covert channels are used to protect privacy or increase security of critical communication. However when applied to security policy bypassing, information leak or compromised system control the knowledge of such techniques becomes mandatory to enhance detection engine. This article will focus on the concept of covert channels, from the genesis of the computer age to actual protocol and applications, providing examples of application and detailing advantages and drawbacks.
Covert Channels are not everywhere. However they CAN be everywhere, thus providing answers to several issues raised by the use of encryption : legal restrictions and lack of discretion. In the first case the main concern is the protection of personal privacy. One may want his communications not to become public. In the second one the issue is to have communications remain undetected. If the content of an encrypted mail should not be readable, the communication itself is not stealth. And this piece of information may be valuable, mainly if one knows that two entities tries to protect the privacy of their communication. As most security concepts, covert channels do have a dark side. As they provide a stealth and secure communication channel, they can undoubtedly be used to establish connections that are theoretically prohibited by the security policy. Then information leaks become possible as well as asynchronous command channels between the compromised system and its master.
History and concepts
Lampson's Covert Channels
Covert Channels have be defined for the first time by...