DOCSLIB.ORG

Covert Channels

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Covert Channels Covert Channels Paul Seymer [email protected] Some (Good) Definitions Covert Channels: ● (official) Prof. Fleck's Covert Channel Slides 9: “A covert channel is a path for the illegal flow of information between subjects within a system, utilizing system resources that were not designed to be used for inter-subject communication.” ● “A path of illegal information flow using mediums not intended for communication” (a liberal paraphrasing) ● (general) Communication through a medium that violates a global security policy without violating local ones. Some (Good) Definitions ● Prof. Fleck's Covert Channel Slide 9: “two human users talking over coffee is not a covert channel” ● This is an example of an overt channel: communication channels being used as intended. • downloading web content from a public web server • using emailing to submit a class assignment to your TA • talking to a relative on the telephone • waving to a friend Some More (Good) Definitions Covert Channels: ● (general) Communication through a medium that violates a global security policy without violating local ones ● (specific) DoD standards : Orange Book circa early 1980s ● Storage Channel: via a shared storage location ● Timing Channel: via some observed event frequency Timing Channels ● Sita and Rama want to communicate without anyone else knowing. They both sit on the same computer network. ● Rama knows to watch his local network traffic starting at the top of every hour, for 5 minutes. ● Sita wants to send Rama the following message : “Dogs barking. Can't fly without umbrella” How could this be accomplished? Timing Channels ● Sita converts her message into ASCII decimal values: D o g s b a r k i n g . C a n ' t f l y ... 68 111 103 115 32 98 ... ● Sita pings (the ICMP one) Rama's computer 68 times, then 111, then 103, …. ● Rama observes the network, counts the pings, and looks up the values in an ASCII table to recover the text. Storage Channels ● Sita and Rama want to communicate. This time, Rama is in a foreign country, on a network that blocks the ICMP protocol, so the timing channel wont work. ● Rama is in another time zone, and the two won't be online at the same time. ● Sita must leave Rama the message via some Storage Channel, so he may retrieve it later, when he is online. How could this be accomplished? Storage Channels ● Sita runs a web server. Rama has access to the server via HTTP, and can download pages without raising suspicion. ● Sita sticks are reverse proxy in front of the web server that modifies outgoing TCP packets to store custom bit patterns in a reserved (unused) field of the packet header. S o u r c e P o r t D e s t i n a t i o n P o r t S e q u e n c e N u m b e r A c k n o w l e d g m e n t N u m b e r 0 0 0 W i n d o w S i z e C h e c k s u m U r g e n t P o i n t e r ● As these bits are usually ignored, they will remain when sent Storage Channels ● Rama connects to the server to download some web page. ● He has a browser plug-in that reads these bits, and reconstructs the message. ● But wait a sec... 3 bits can only hold values 0 through 7 ? Can this still be used? ● Sita and Rama must mitigate an issue with the channel's bandwidth (capacity), or create a larger channel. ● The two will need to modify how the messages are sent through the channel...as the maximum size of the channel is smaller the message fragments that need to be sent. ● “D” = 68, which needs a minimum of 7 bits to send. Channel Capacity ● Shannon-Hartley Theorem C = B log2 (1 + S/N) B: bandwidth S/N : Signal (power) to Noise (power) Ratio * but lets assume a noiseless channel for now: ● Packets from Web Server : 10 packets / sec ● Sita's storage channel capacity: 3 bits * 10 packets / sec = 30 bits / sec Some (Bad) Definitions ● The Characteristics section of the “Covert Channels” Wikipedia* page. Some True or False: • Steganography is not a type of Covert Channel? (paragraph 2) • Covert channels are hard to create in modern environments? (paragraph 1) • Covert channels are easily detectable by “monitoring system performance”? • A covert channel is not the same thing as means for “disallowed” communication relayed through an Overt channel? (paragraph 3) • “Secure operating systems can easily control legitimate Channels” (paragraph 3) * http://en.wikipedia.org/wiki/Covert_channel Some (Bad) Definitions ● The Characteristics section of the “Covert Channels” Wikipedia* page. Some True or False: (false) • Steganography is not a type of Covert Channel? (paragraph 2) (false) • Covert channels are hard to create in modern environments? (paragraph 1) (false) • Covert channels are easily detectable by “monitoring system performance”? (false) • A covert channel is not the same thing as means for “disallowed” communication relayed through an Overt channel? (paragraph 3) (false) • “Secure operating systems can easily control legitimate Channels” (paragraph 3) * http://en.wikipedia.org/wiki/Covert_channel Steganography ● Greek origin → steganos : “covered” + graphei : “writing” ● Broad definition : Hiding some information inside some thing so that an outside observer cannot distinguish the version of the thing with the hidden information from the version without it. ● Examples: • Replacing bits in an image file, with bits from some message • Writing on a post card with “disappearing ink” (ink that is only viewable after contact with some chemical) th • Replacing every 20 frame of a video (like in the Pitt, Norton movie) ● The thing being hidden within is the Cover and provides a Cover Channel. The means through with information is hidden in the Cover provides the Covert Channel. Steganography 7 1 8 2 5 4 3 6 Steganography 7 1 789BEC 8 789BDC 789BED 689BEC 2 4 5 788BEC 789AEC 789BEC 3 6 779BEC F3EDAC Steganography 78 = 01111000 1 9B = 10011011 ED = 11101101 789BED 789BEC 68 = 01101000 8 9B = 10011011 78 = 01111000 EC = 11101100 9B = 10011011 689BEC EC = 11101100 F3 = 11110011 6 ED = 11101101 AC = 10101100 F3EDAC Steganography 78 = 01111000 1 9B = 10011011 ED = 11101101 789BED 789BEC 1 bit / Pixel 68 = 01101000 8 9B = 10011011 78 = 01111000 EC = 11101100 9B = 10011011 689BEC EC = 11101100 1 bit / Pixel F3 = 11110011 What is the 6 ED = 11101101 Channel AC = 10101100 F3EDAC Capacity ? 9 bit / Pixel Better Steganography ● “Russian Spies' Use of Steganography Is Just the Beginning” (2010) http://www.technologyreview.com/view/419833/russian-spies-use-of-steganography-is-just-the-beginning/ ● “Silent Skype calls can hide secret messages” (2013) http://www.newscientist.com/article/dn23044-silent-skype-calls-can-hide-secret-messages.html#.Undaa_k_tXs ● “4 New Ways to Smuggle Messages Across the Internet” (2013) http://spectrum.ieee.org/telecom/security/4-new-ways-to-smuggle-messages-across-the-internet Steganography creates a covert channel over an overt channel, by hiding secrets within a cover channel. The difference then becomes a matter of intent. The nature of the message decides if it is a covert channel or an overt one...if the intent of the sender is to communicate covertly, in a way other than the intended use of the channel, it is...by definition, a covert channel. Not-So-Obvious Covert Channels “a” Not-So-Obvious Covert Channels “a” could mean: • “a” • “0” • “61” • “Attack at dawn” • “Get the the embassy asap” Pre-shared knowledge between sender and receiver dictates the contents of the channel Book Ciphers ● A means of sending secret messages where a book (remember those?) was used as an index reference for code words. Only the sender and receiver know which book to use. ● A message sender would send a receiver a list of places in the book to look up and find the message word. ● Index Examples: 400, 302, 423 Page 6, line 2, character position 6 ● “Book” examples A particular edition of an english dictionary A particular translation of a bible. More Covert Channels ● “DNS as a Covert Channel Within Protected Networks” Seth Bromberger, NESCO http://energy.gov/sites/prod/files/oeprod/DocumentsandMedia/DNS_Exfiltration_2011-01-01_v1.1.pdf ● “Embedding Covert Channels into TCP/IP” Steven J. Murdoch and Stephen Lewis, http://www.cl.cam.ac.uk/~sjm217/papers/ih05coverttcp.pdf ● Embedding plain text, over HTTP • Leveraging the volume of HTTP traffic, and variation on content • How is this Overt? How is this Covert? Will using HTTP change your answers? SSH Tunneling? Is this Covert, or Overt? Using Covert Channels ● (almost) Everything is “Dual Use” • Using magical powers for good Protecting free speech and free press Protecting other forms of clandestine communication • Using magical powers for evil Communicating illegal content Exfiltrating data out of “secure” environments Coordinating Terrorist Attacks Controlling Botnets and RATs Prisoner Problem ● “The Prisoner's Problem and the Subliminal Channel” Gustavus J. Simmons (CRYPTO '83) http://www.iacr.org/cryptodb/data/paper.php?pubkey=1754 ● Two prisoners, physically isolated from one another wish to communicate: They create a covert channel within legitimate looking messages (the cover channel). ● The warden's employees transport the messages only if they appear to be innocent (e.g. an overt channel) “Journalist” Adversary Model ● A foreign correspondent “Jill” is reporting under a cover identity in a country without a free press, ruled by an oppressive regime. ● Jill wishes to submit an inflammatory news story about the regime to her bosses back home. ● The Regime owns every domestic ISP, and is capable of filtering inbound and outbound Internet traffic based on IP address and TCP/UDP port.
Load more

Recommended publications
  • Covert Channel Capacity
    COVERT CHANNEL CAPACITY Jonathan K. Millen The MITRE Corporation Bedford, MA 01730 Techniques for detecting covert channels are Some models are aimed at defining information based on information flow models. This paper flow exactly, with necessary and sufficient conditions. establishes a connection between Shannon’s theory These models share the philosophy that information of communication and information flow models, such flow in a computer security context is related to as the Goguen-Meseguer model, that view a reference inference: if one user can, by observing outputs monitor as a state-transition automaton. The channel available to him, deduce something about inputs from associated with a machine and a compromise policy is another user, there has been some information flow. defined, and the capacity of that channel is taken as a Conversely, if there is no information flow, the user’s measure of covert channel information rate. outputs would be the same regardless of the input from the other user. This ap roach was suggested in f INTRODUCTION a paper by Jones and Lipton investigating protection mechanisms in the context of computations, considered as functions rather than machines. This One of the objectives of computer security is to paper defined a security policy as an prevent the unauthorized disclosure of information. information-hiding function applied to the input, and Models of protection mechanisms and policies that said that a protection mechanism was “sound” if the espouse this objective fall into one of two categories: computational values received by the user could have access control models or information flow models. been obtained from such censored input.
    [Show full text]
  • POWER-Supplay: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers
    POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers Mordechai Guri Ben-Gurion University of the Negev, Israel Cyber-Security Research Center [email protected] Air-Gap research page: http://www.covertchannels.com Demo video: http://www.covertchannels.com Abstract—It is known that attackers can exfiltrate data from insiders. Famous air-gap breaching cases include Stuxnet [4] air-gapped computers through their speakers via sonic and and Agent.BTZ [5], but other incidents have also been reported ultrasonic waves. To eliminate the threat of such acoustic covert [6], [7]. In 2018, The US Department of Homeland Security channels in sensitive systems, audio hardware can be disabled and the use of loudspeakers can be strictly forbidden. Such audio-less accused Russian government hackers of penetrating America’s systems are considered to be audio-gapped, and hence immune power utilities [8]. Due to reports in the Washington Post to acoustic covert channels. in November 2019, the Nuclear Power Corporation of India In this paper, we introduce a technique that enable attackers Limited (NPCIL) confirmed that the Kudankulam Nuclear leak data acoustically from air-gapped and audio-gapped systems. Power Plant suffered a cyber-attack earlier that year [9]. Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary A. Air-Gap Covert Channels speaker with limited capabilities. The malicious code manipulates the internal switching frequency of the power supply and hence While the infiltration of such networks has been shown to be controls the sound waveforms generated from its capacitors and feasible, the exfiltration of data from non-networked computers transformers.
    [Show full text]
  • Detecting Covert Storage Channels Using Relative Entropy
    Raising Flags: Detecting Covert Storage Channels Using Relative Entropy Josephine Chow Xiangyang Li Xenia Mountrouidou University of Maryland, College Park Johns Hopkins University Information College of Charleston College Park, Maryland, US Security Institute Charleston, South Carolina, US [email protected] Baltimore, Maryland, US [email protected] [email protected] Abstract— This paper focuses on one type of Covert Storage Storage Channel (CSC) and Covert Timing Channel (CTC) [1]. Channel (CSC) that uses the 6-bit TCP flag header in TCP/IP A CSC writes to a storage location by a sender process and network packets to transmit secret messages between then a receiver process reads the message according to a pre- accomplices. We use relative entropy to characterize the defined coding scheme of information [2]. In order to transmit irregularity of network flows in comparison to normal traffic. A information secretly, a CTC schematically modulates the normal profile is created by the frequency distribution of TCP temporal characteristic of a process by a sender, which is then flags in regular traffic packets. In detection, the TCP flag measured by the receiver. frequency distribution of network traffic is computed for each unique IP pair. In order to evaluate the accuracy and efficiency Unlike most other exploits, covert channels often go of the proposed method, this study uses real regular traffic data unnoticed by the access control mechanisms of most operating sets as well as CSC messages using coding schemes under systems. They can use a regular medium, such as unused assumptions of both clear text, composed by a list of keywords protocol bits in a networking protocol, in a way that does not common in Unix systems, and encrypted text.
    [Show full text]
  • Understanding Microarchitectural Channels and Using Them for Defense
    Understanding Microarchitectural Channels and Using Them for Defense Casen Hunger Mikhail Kazdagli Ankit Rawat Alex Dimakis Sriram Vishwanath Mohit Tiwari UT Austin {casen.h, mikhail.kazdagli, ankitsr}@utexas.edu, {dimakis, sriram, tiwari}@austin.utexas.edu Abstract networks-on-chip [9, 8]; clearing out leftover state in Microarchitectural resources such as caches and pre- caches [10] and branch predictor on a context switch [11]; dictors can be used to leak information across security and even complete systems-on-chip where processes cannot domains. Significant prior work has demonstrated attacks interfere with each other [12, 13, 14]. Alternatively, archi- and defenses for specific types of such microarchitectural tects have also proposed the introduction of random noise side and covert channels. In this paper, we introduce a to hardware counters [15] or cache replacement policies [7]. general mathematical study of microarchitectural channels While these approaches are promising, they either address using information theory. Our conceptual contribution is a only known, specific sources of leaks [7, 8, 9] or require simple mathematical abstraction that captures the common far-reaching changes to the entire microarchitecture [12, 14] characteristics of all microarchitectural channels. We call that hamper adoption. this the Bucket model and it reveals that microarchitectural A complementary software-only approach to protect sen- channels are fundamentally different from side and covert sitive data in the cloud is to rent dedicated physical ma- channels in networking. chines, so that only friendly virtual machines co-reside We then quantify the communication capacity of sev- on a physical machine. The challenge for a cloud tenant eral microarchitectural covert channels (including chan- then is to audit whether an attacker has exploited a vulner- nels that rely on performance counters, AES hardware ability in the cloud provider’s software to co-reside on the and memory buses) and measure bandwidths across both same hardware [1].
    [Show full text]
  • Covert Channel Vulnerabilities in Anonymity Systems
    UCAM-CL-TR-706 Technical Report ISSN 1476-2986 Number 706 Computer Laboratory Covert channel vulnerabilities in anonymity systems Steven J. Murdoch December 2007 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2007 Steven J. Murdoch This technical report is based on a dissertation submitted August 2007 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Girton College. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Covert channel vulnerabilities in anonymity systems Steven J. Murdoch Summary The spread of wide-scale Internet surveillance has spurred interest in ano- nymity systems that protect users’ privacy by restricting unauthorised access to their identity. This requirement can be considered as a flow control policy in the well established field of multilevel secure systems. I apply previous re- search on covert channels (unintended means to communicate in violation of a security policy) to analyse several anonymity systems in an innovative way. One application for anonymity systems is to prevent collusion in compe- titions. I show how covert channels may be exploited to violate these pro- tections and construct defences against such attacks, drawing from previous covert channel research and collusion-resistant voting systems. In the military context, for which multilevel secure systems were designed, covert channels are increasingly eliminated by physical separation of intercon- nected single-role computers. Prior work on the remaining network covert channels has been solely based on protocol specifications.
    [Show full text]
  • Covert Channel in the Bittorrent Tracker Protocol Joseph Desimone Rochester Institute of Technology
    Rochester Institute of Technology RIT Scholar Works Presentations and other scholarship Faculty & Staff choS larship 7-2012 Covert Channel in the BitTorrent Tracker Protocol Joseph Desimone Rochester Institute of Technology Daryl Johnson Rochester Institute of Technology Bo Yuan Rochester Institute of Technology Peter Lutz Rochester Institute of Technology Follow this and additional works at: https://scholarworks.rit.edu/other Recommended Citation Desimone J., Johnson D., Yuan B., and Lutz P. Covert Channel in the BitTorrent Tracker Protocol. In SAM'12 - The 2012 nI ternational Conference on Security and Management (Las Vegas, NV, USA, July 2012). This Conference Paper is brought to you for free and open access by the Faculty & Staff choS larship at RIT Scholar Works. It has been accepted for inclusion in Presentations and other scholarship by an authorized administrator of RIT Scholar Works. For more information, please contact [email protected]. Covert Channel in the BitTorrent Tracker Protocol Joseph Desimone, Daryl Johnson, Bo Yuan, Peter Lutz B. Thomas Golisano College of Computing & Information Sciences Rochester Institute of Technology, Rochester NY {jwd1063, daryl.johnson, bo.yuan, peter.lutz}@rit.edu Abstract— Covert channels have the unique quality of masking single point of failure for the botnet and they are more easily evidence that a communication has ever occurred between two dismantled. As a result, malware writers have tried to devise parties. For spies and terrorist cells, this quality can be the better ways to control their army of compromised machines. difference between life and death. However, even the detection Command and control over HTTP or HTTPS is common of communications in a botnet could be troublesome for its nowadays due to the prevalence of these protocols on the creators.
    [Show full text]
  • Covert Botnet Command and Control Using Twitter
    Covert Botnet Command and Control Using Twitter Nick Pantic Mohammad I Husain Cal Poly Pomona Cal Poly Pomona 3801 W Temple Ave 3801 W Temple Ave Pomona, CA Pomona, CA [email protected] [email protected] ABSTRACT and portability, ranging from handheld smartphones and tablets to Botnets are one of the primary threats in computer security today. notebooks and desktop computers. Although these devices appear They are used for launching denial of service attacks, sending spam different, they are all essentially the same. They act as general pur- and phishing emails, and collecting private information. However, pose computers that connect to the Internet to communicate with every botnet requires coordination. In order to initiate an attack, a other devices across the globe. botmaster must communicate to all of the bots in the network. In Cyber-criminals make use of this vast global Internet by installing this paper, we present a steganographic system that demonstrates or convincing users to install malicious software, or malware, on to the feasibility of the social networking website Twitter as a bot- their devices that allow the criminals to control them remotely. A net command and control center that an attacker could use to reli- collection of these “zombie” computers is called a botnet. Botnets ably communicate messages to a botnet with low latency and nearly are one of the most prominent modern computer security threats perfect rate of transmission. Our system generates plausible cover [17] and are often used for various forms of cyber crime such as messages based on a required tweet length determined by an en- sending spam emails or performing denial-of-service (DoS) attacks coding map that has been constructed based on the structure of the against other computer networks.
    [Show full text]
  • Department of Defense (DOD) Zero Trust Reference Architecture
    Department of Defense (DOD) Zero Trust Reference Architecture Version 1.0 February 2021 Prepared by the Joint Defense Information Systems Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited. Refer to the Department Chief Information Officer Cybersecurity (DCIO-CS) for other requests that pertain to this document. UNCLASSIFIED UNCLASSIFIED February 2021 Document Approval Document Approved By Date Approved Name: Joseph Brinker FEB 2021 DISA Portfolio Manager, Security Enablers Portfolio (ID2) ii UNCLASSIFIED February 2021 Revision History VERSION DATE PRIMARY AUTHOR(S) REVISION/CHANGE PAGES AFFECTED Added Vocabulary & Updated Joint DISA/NSA Zero Trust 0.8 27 Aug 2020 Template- submitted for internal All Engineering Team DISA/NSA/USCC review Joint DISA/NSA Zero Trust Adjudication of internal feedback and 0.9 04 Nov 2020 All Engineering Team submission to EAEP for review Joint DISA/NSA Zero Trust 0.95 24 Dec 2020 Adjudication of feedback from EAEP All Engineering Team Joint DISA/NSA Zero Trust Final review and classification header 0.96 30 Dec 2020 All Engineering Team update Prepared for DMI EXCOM Approval – Joint DISA/NSA Zero Trust Removed CS RA location description. 1.0 04 Feb 2021 All Engineering Team Removal of CV-3, SvcV8, and SvcV-9 for classification purposes. iii UNCLASSIFIED February 2021 Table of Contents 1 STRATEGIC PURPOSE (AV-1, CV-1, CV-2, OV-1) ................................................... 1 1.1 Introduction ......................................................................................................
    [Show full text]
  • Circumventing Web Surveillance Using Covert Channels
    Bard College Bard Digital Commons Senior Projects Fall 2019 Bard Undergraduate Senior Projects Fall 2019 CovertNet: Circumventing Web Surveillance Using Covert Channels Will C. Burghard Bard College, [email protected] Follow this and additional works at: https://digitalcommons.bard.edu/senproj_f2019 Part of the OS and Networks Commons This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License. Recommended Citation Burghard, Will C., "CovertNet: Circumventing Web Surveillance Using Covert Channels" (2019). Senior Projects Fall 2019. 38. https://digitalcommons.bard.edu/senproj_f2019/38 This Open Access work is protected by copyright and/or related rights. It has been provided to you by Bard College's Stevenson Library with permission from the rights-holder(s). You are free to use this work in any way that is permitted by the copyright and related rights. For other uses you need to obtain permission from the rights- holder(s) directly, unless additional rights are indicated by a Creative Commons license in the record and/or on the work itself. For more information, please contact [email protected]. COVERTNET: CIRCUMVENTING WEB CENSORSHIP USING COVERT CHANNELS Senior Project submitted to The Division of Science, Mathematics and Computing by Will Burghard Annandale-on-Hudson, New York December 2019 ACKNOWLEDGMENTS Thanks to all professors in the Computer Science department, including my advisor Robert McGrail, for making this project possible and for an enriching experience at Bard. TABLE OF
    [Show full text]
  • An Efficient Approach to Resolve Covert Channels
    International Journal of Network Security, Vol.20, No.5, PP.898-906, Sept. 2018 (DOI: 10.6633/IJNS.201809 20(5).11) 898 An Efficient Approach to Resolve Covert Channels Muawia A. Elsadig1 and Yahia A. Fadlalla2 (Corresponding author: Muawia A. Elsadig) College of Computer Science and Technology, Sudan University of Science and Technology1 Khartoum, Sudan Lead Consultant/Researcher, InfoSec Consulting, Hamilton, Ontario, Canada2 (Email: [email protected]) (Received May 8, 2017; revised and accepted Oct. 21, 2017) Abstract dition, the database user must obtain security clearance that allows them to access a particular data level [16]. In The competitive edge of many companies and public trust other words, any system must ensure that the users ob- in government institutions can often depend on the secu- tain the data which they are authorized for [35]. There- rity of the information held in their systems. Breaches fore, civilian and military government agencies are used of that security, whether deliberate or accidental, can be to building up their relational database systems based on profoundly damaging. Therefore, security is a highly topi- the hierarchical classification levels such as Top Secret, cal issue for both designers and users of computer systems. Secret, Confidential and Unclassified. A system is said to be secure if it supports the policy of The Mandatory Access Control (MAC) is a common a security model in a demonstrable way. Two users, or security access control model that requires users and re- processes operating on their behalf, are communicating sources to be classified and assigned security labels [14], indirectly or covertly in such a system if they are com- In other words, objects and subject are labelled with dif- municating through means that violate the interpretation ferent security levels [13].
    [Show full text]
  • Processor Hardware Security Vulnerabilities and Their Detection by Unique Program Execution Checking
    1 Processor Hardware Security Vulnerabilities and their Detection by Unique Program Execution Checking Mohammad Rahmani Fadiheh∗, Dominik Stoffel∗, Clark Barrettz, Subhasish Mitrayz, Wolfgang Kunz∗ ∗Dept. of Electrical and Computer Engineering yDept. of Electrical Engineering zDept. of Computer Science Technische Universitat¨ Kaiserslautern, Stanford University, Stanford, CA, Stanford University, Stanford, CA, Germany USA USA Abstract—Recent discovery of security attacks in advanced caused by secret data, this may open a “side channel”. An processors, known as Spectre and Meltdown, has resulted in high attacker may trigger and observe these alterations to infer public alertness about security of hardware. The root cause of secret information. these attacks is information leakage across ”covert channels” that reveal secret data without any explicit information flow between In microarchitectural side channel attacks, the possible the secret and the attacker. Many sources believe that such covert leakage of secret information is based on some microarchitec- channels are intrinsic to highly advanced processor architectures tural resource which creates an information channel between based on speculation and out-of-order execution, suggesting that different software (SW) processes that share this resource. such security risks can be avoided by staying away from high- For example, the cache can be such a shared resource, and end processors. This paper, however, shows that the problem is of wider scope: we present new classes of covert channel attacks various attacking schemes have been reported which can which are possible in average-complexity processors with in-order deduce critical information from the footprint of an encryption pipelining, as they are mainstream in applications ranging from software on the cache [3], [4], [5], [6].
    [Show full text]
  • Trends and Challenges in Network Covert Channels Countermeasures
    applied sciences Article Trends and Challenges in Network Covert Channels Countermeasures Luca Caviglione Institute for Applied Mathematics and Information Technologies, 16149 Genova, Italy; [email protected] Abstract: Network covert channels are increasingly used to endow malware with stealthy behaviors, for instance to exfiltrate data or to orchestrate nodes of a botnet in a cloaked manner. Unfortunately, the detection of such attacks is difficult as network covert channels are often characterized by low data rates and defenders do not know in advance where the secret information has been hidden. Moreover, neutralization or mitigation are hard tasks, as they require to not disrupt legitimate flows or degrade the quality perceived by users. As a consequence, countermeasures are tightly coupled to specific channel architectures, leading to poorly generalizable and often scarcely scalable approaches. In this perspective, this paper investigates trends and challenges in the development of countermeasures against the most popular network covert channels. To this aim, we reviewed the relevant literature by considering approaches that can be effectively deployed to detect general injection mechanisms or threats observed in the wild. Emphasis has been put on enlightening trajectories that should be considered when engineering mitigation techniques or planning the research to face the increasing wave of information-hiding-capable malware. Results indicate that many works are extremely specialized and an effective strategy for taming security risks caused by network covert channels may benefit from high-level and general approaches. Moreover, mechanisms to prevent the exploitation of ambiguities should be already considered in early design phases of both protocols and services.
    [Show full text]