Limiting MitM to MitE covert-channels

Amir Herzberg, Haya Shulman

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Scopus citations

Abstract

We study covert channels between a MitM attacker, and her MitE 'malware', running within the protected network of a victim organisation, and how to prevent or limit such channels. Our focus is on advanced timing channels, that allow communication between the MitM and MitE, even when hosts inside the protected network are restricted to only communicate to other (local and remote) hosts in the protected network. Furthermore, we assume communication is encrypted with fixed packet size (padding). We show that these do not suffice to prevent covert channels between MitM and MitE; furthermore, we show that even if we restrict communication to a constant rate, e.g., one packet everysecond, communication from MitE to MitM is still possible.We present efficient traffic shapers against covert channels between MitM and MitE. Our solutions preserve efficiency and bounded delay (QoS), while limiting covert traffic leakage, in both directions.

Original languageEnglish
Title of host publicationProceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013
Pages236-241
Number of pages6
DOIs
StatePublished - 2013
Event2013 8th International Conference on Availability, Reliability and Security, ARES 2013 - Regensburg, Germany
Duration: 2 Sep 20136 Sep 2013

Publication series

NameProceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

Conference

Conference2013 8th International Conference on Availability, Reliability and Security, ARES 2013
Country/TerritoryGermany
CityRegensburg
Period2/09/136/09/13

Keywords

  • Covert channels; covert communication; information leakage; erasure codes

Fingerprint

Dive into the research topics of 'Limiting MitM to MitE covert-channels'. Together they form a unique fingerprint.

Cite this