TY - GEN
T1 - Limiting MitM to MitE covert-channels
AU - Herzberg, Amir
AU - Shulman, Haya
PY - 2013
Y1 - 2013
N2 - We study covert channels between a MitM attacker, and her MitE 'malware', running within the protected network of a victim organisation, and how to prevent or limit such channels. Our focus is on advanced timing channels, that allow communication between the MitM and MitE, even when hosts inside the protected network are restricted to only communicate to other (local and remote) hosts in the protected network. Furthermore, we assume communication is encrypted with fixed packet size (padding). We show that these do not suffice to prevent covert channels between MitM and MitE; furthermore, we show that even if we restrict communication to a constant rate, e.g., one packet everysecond, communication from MitE to MitM is still possible.We present efficient traffic shapers against covert channels between MitM and MitE. Our solutions preserve efficiency and bounded delay (QoS), while limiting covert traffic leakage, in both directions.
AB - We study covert channels between a MitM attacker, and her MitE 'malware', running within the protected network of a victim organisation, and how to prevent or limit such channels. Our focus is on advanced timing channels, that allow communication between the MitM and MitE, even when hosts inside the protected network are restricted to only communicate to other (local and remote) hosts in the protected network. Furthermore, we assume communication is encrypted with fixed packet size (padding). We show that these do not suffice to prevent covert channels between MitM and MitE; furthermore, we show that even if we restrict communication to a constant rate, e.g., one packet everysecond, communication from MitE to MitM is still possible.We present efficient traffic shapers against covert channels between MitM and MitE. Our solutions preserve efficiency and bounded delay (QoS), while limiting covert traffic leakage, in both directions.
KW - Covert channels; covert communication; information leakage; erasure codes
UR - http://www.scopus.com/inward/record.url?scp=84892387677&partnerID=8YFLogxK
U2 - 10.1109/ares.2013.138
DO - 10.1109/ares.2013.138
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84892387677
SN - 9780769550084
T3 - Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013
SP - 236
EP - 241
BT - Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013
T2 - 2013 8th International Conference on Availability, Reliability and Security, ARES 2013
Y2 - 2 September 2013 through 6 September 2013
ER -