Global ETD Search

1	Protokollwechsel zur Realisierung von Covert Channels und Header-Strukturveränderungen zur Vermeidung von Covert Channels Wendzel, Steffen 13 May 2009 (has links) (PDF) Diese Diplomarbeit befasst sich mit mehreren Unterthemen der verdeckten Kommunikationskanäle (Covert Channels) und möchte vor allen Dingen neue Themen vorstellen und diskutieren: Erstmalige und detaillierte Behandlung von Protocol Hopping Covert Channels: Protocol Hopping Covert Channels sind Storage Channels die, während sie existieren, das Netzwerkprotokoll, in dem die versteckten Informationen untergebracht werden, wechseln. Vorstellung der Idee der Protocol Channels: Im Gegensatz zu Protocol Hopping Covert Channels sind Protocol Channels schwerer zu detektieren, da sie ausschließlich durch den Wechsel eines Protokolls (ohne zusätzliche Informationen zu verstecken), versteckte Daten übertragen. Sowohl für Protocol Hopping Covert Channels als auch für Protocol Channels beschreibt diese Arbeit deren jeweilige Technik und untersucht deren Detektionsmöglichkeiten. Vorstellung der Idee der Header-Strukturveränderung: Ziel der Header-Strukturveränderung ist es, die Möglichkeiten, die Angreifer bei der Erstellung von Storage Channels innerhalb von Paket-Headern haben, einzugrenzen. Bei der Header-Strukturveränderung wird der Aufbau von Paket-Headern für jedes neu verschickte Paket verändert. Eine entsprechende Strukturinformation, die den Headeraufbau bestimmt, ist nur vertrauenswürdigen Komponenten beim Empfänger bzw. Sender zugänglich. Diese Arbeit stellt sowohl ein theoretisches Modell der Header-Strukturveränderung als auch eine praktische Umsetzung vor. Covert Channel Q1 QA75
2	STEGANOGRAPHIC COVERT COMMUNICATION CHANNELS AND THEIR DETECTION Amiruzzaman, Md 13 July 2011 (has links) No description available. Computer Science covert channel steganography detection
3	Improving WiFi Sensor Network Security Through Unassociated Device Communication Using Wireless Latency Shift Keying Johnson, Jacob Edward 16 April 2024 (has links) (PDF) IEEE 802.11 (WiFi) only has two modes of trust--complete trust or complete untrust. The lack of nuance leaves no room for sensors that a user does not fully trust, but wants to connect to their network, such as a WiFi sensor. Solutions exist, but they require advanced knowledge of network administration. We solve this problem by introducing a new way of modulating data in the latency of the network, called Latency Shift Keying. We use specific characteristics of the WiFi protocol to carefully control the latency of just one device on the network. We build a transmitter, receiver, and modulation scheme that is designed to encode data in the latency of a network. We develop an application, Wicket, that solves the WiFi trust issue using Latency Shift Keying to create a new security association between an untrusted WiFi sensor and a wired device on the trusted network. We evaluate its performance and show that it works in many network conditions and environments. WiFi 802.11 Covert Channel Internet of Things Engineering
4	Detection of covert channel communications based on intentionally corrupted frame check sequences Najafizadeh, Ali 01 July 2011 (has links) This thesis presents the establishment of a covert-channel in wireless networks in the form of frames with intentionally corrupted Frame Check Sequences (FCSs). Previous works had alluded to the possibility of using this kind of covert-channel as an attack vector. We modify a simulation tool, called Sinalgo, which is used as a test bed for generating hypothetical scenarios for establishing a covert-channel. Single and Multi-Agent systems have been proposed as behaviour-based intrusion detection mechanisms, which utilize statistical information about network traffic. This utilized statistical information is used to detect covert-channel communications. This work highlights the potential impact of having this attack perpetrated in communications equipment with a low chance of being detected, if properly crafted. / UOIT Wireless networks Covert-channel Hidden-channel Behavioural intrusion detection
5	Covert DCF - A DCF-Based Covert Timing Channel In 802.11 Networks Holloway, Russell 22 November 2010 (has links) Covert channels are becoming more popular as security risks grow in networks. One area that is promising for covert channels is wireless networks, since many use a collision avoidance scheme such as carrier sense multiple access with collision avoidance (CSMA/CA). These schemes often introduce randomness in the network, which provides good cover for a covert timing channel. In this thesis, we use the 802.11 standard as an example to demonstrate a wireless covert channel. In particular, most 802.11 configurations use a distributed coordinated function (DCF) to assist in communications. This DCF uses a random backoff to avoid collisions, which provides the cover for our covert channel. Our timing channel provides great improvements on other recent covert channels in the field of throughput, while maintaining high accuracy. We are able to achieve throughput over 8000 bps using Covert DCF, or by accepting a throughput of 1800 bps we can achieve higher covertness and 99% accuracy as well. covert channel mac misbehavior steganography 802.11 DCF wireless LANs
6	Detecting Compute Cloud Co-residency with Network Flow Watermarking Techniques Bates, Adam, Bates, Adam January 2012 (has links) This paper presents co-resident watermarking, a traffic analysis attack for cloud environments that allows a malicious co-resident virtual machine to inject a watermark signature into the network flow of a target instance. This watermark can be used to exfiltrate co-residency data, compromising isolation assurances. While previous work depends on virtual hypervisor resource management, our approach is difficult to defend without costly underutilization of the physical machine. We evaluate co-resident watermarking under many configurations, from a local lab environment to production cloud environments. We demonstrate the ability to initiate a covert channel of 4 bits per second, and we can confirm co-residency with a target VM instance in less than 10 seconds. We also show that passive load measurement of the target and behavior profiling is possible. Our investigation demonstrates the need for the careful design of hardware to be used in the cloud. This thesis includes unpublished co-authored material. Cloud Computing Cloud Security Covert Channel Network Flow Watermarking
7	What's the Deal with Stegomalware? : The Techniques, Challenges, Defence and Landscape / Vad händer med Stegomalware? : Teknikerna, utmaningarna, skyddet och landskapet Björklund, Kristoffer January 2021 (has links) Stegomalware is the art of hiding malicious software with steganography. Steganography is the technique of hiding data in a seemingly innocuous carrier. The occurrence of stegomalware is increasing, with attackers using ingenious techniques to avoid detection. Through a literature review, this thesis explores prevalent techniques used by attackers and their efficacy. Furthermore, it investigates detection techniques and defensive measures against stegomalware. The results show that embedding information in images is common for exfiltrating data or sending smaller files to an infected host. Word, Excel, and PDF documents are common with phishing emails as the entry vector for attacks. Most of the common Internet protocols are used to exfiltrate data with HTTP, ICMP and DNS showed to be the most prevalent in recent attacks. Machine learning anomaly-based detection techniques show promising results for detecting unknown malware, however, a combination of several techniques seems preferable. Employee knowledge, Content Threat Removal, and traffic normalization are all effective defenses against stegomalware. The stegomalware landscape shows an increase of attacks utilizing obfuscation techniques, such as steganography, to bypass security and it is most likely to increase in the near future. Stegomalware steganography information hiding covert channel Computer Sciences Datavetenskap (datalogi)
8	802.11 Fingerprinting to Detect Wireless Stealth Attacks Venkataraman, Aravind 20 November 2008 (has links) We propose a simple, passive and deployable approach for fingerprinting traffic on the wired side as a solution for three critical stealth attacks in wireless networks. We focus on extracting traces of the 802.11 medium access control (MAC) protocol from the temporal arrival patterns of incoming traffic streams as seen on the wired side, to identify attacker behavior. Attacks addressed include unauthorized access points, selfish behavior at the MAC layer and MAC layer covert timing channels. We employ the Bayesian binning technique as a means of classifying between delay distributions. The scheme requires no change to the 802.11 nodes or protocol, exhibits minimal computational overhead and offers a single point of discovery. We evaluate our model using experiments and simulations. 802.11 MAC protocol Distributed coordination function Rogue access points MAC misbehavior Covert channel. Computer Sciences
9	A command-and-control malware design using cloud covert channels : Revealing elusive covert channels with Microsoft Teams / En kommando och kontroll av skadlig programvara som använder en hemlig molnkana : Avslöjar svårfångade hemliga kanaler med Microsoft Team Bertocchi, Massimo January 2023 (has links) With the rise of remote working, business communication platforms such as Microsoft Teams have become indispensable tools deeply ingrained in the workflow of every employee. However, their increasing importance have made the identification and analysis of covert channels a critical concern for both individuals and organizations. In fact, covert channels can be utilized to facilitate unauthorized data transfers or enable malicious activities, thereby compromising confidentiality and system integrity. Unfortunately, traditional detection methods for covert channels may face challenges in detecting covert channels in such cloud-based platforms, as the complexities introduced may not be adequately addressed. Despite the importance of the issue, a comprehensive analysis of covert channels in business communication platforms has been lacking. In fact, to the best of the our knowledge, this Master’s thesis represents the first endeavor in identifying and analysing covert channels within Microsoft Teams. To address this problem, an in-depth literature review was conducted to identify existing research and techniques related to covert channels, their detection and their countermeasures. A thorough analysis of Microsoft Teams was then carried out and a threat scenario was selected. Through extensive experimentation and analysis, three covert channels were then identified, exploited and compared based on bandwidth, robustness and efficiency. This thesis sheds light on the diversity of covert channels in Microsoft Teams, providing valuable insights on their functioning and characteristics. The insights gained from this work pave the way for future research on effective detection systems for covert channels in cloud-based environments, fostering a proactive approach towards securing digital business communication. / Med ökningen av distansarbete har företagskommunikationsplattformar som Microsoft Teams blivit oumbärliga verktyg som är djupt rotade i arbetsflödet för varje anställd. Deras ökande betydelse har dock gjort identifiering och analys av dolda kanaler till ett kritiskt problem för både individer och organisationer. I själva verket kan dolda kanaler användas för att underlätta obehöriga dataöverföringar eller möjliggöra skadliga aktiviteter, vilket äventyrar sekretess och systemintegritet. Tyvärr kan traditionella detekteringsmetoder för dolda kanaler möta utmaningar när det gäller att upptäcka dolda kanaler i sådana molnbaserade plattformar, eftersom komplexiteten som introduceras kanske inte hanteras på ett adekvat sätt. Trots frågans betydelse har det saknats en omfattande analys av dolda kanaler i plattformar för affärskommunikation. Såvitt vi vet är denna masteruppsats det första försöket att identifiera och analysera dolda kanaler inom Microsoft Teams. För att ta itu med detta problem genomfördes en djupgående litteraturgenomgång för att identifiera befintlig forskning och tekniker relaterade till dolda kanaler, deras upptäckt och deras motåtgärder. Därefter gjordes en grundlig analys av Microsoft Teams och ett hotscenario valdes ut. Genom omfattande experiment och analys identifierades, utnyttjades och jämfördes sedan tre dolda kanaler baserat på bandbredd, robusthet och effektivitet. Denna avhandling belyser mångfalden av dolda kanaler i Microsoft Teams och ger värdefulla insikter om deras funktion och egenskaper. Insikterna från detta arbete banar väg för framtida forskning om effektiva detekteringssystem för hemliga kanaler i molnbaserade miljöer, vilket främjar en proaktiv strategi för att säkra digital affärskommunikation. Covert channel Command and Control Microsoft Teams Detection Hemlig kanal ledning och kontroll Microsoft Teams upptäckt Computer and Information Sciences Data- och informationsvetenskap
10	Fuites d'information dans les processeurs récents et applications à la virtualisation / Information leakage on shared hardware : evolutions in recent hardware and applications to virtualization Maurice, Clémentine 28 October 2015 (has links) Dans un environnement virtualisé, l'hyperviseur fournit l'isolation au niveau logiciel, mais l'infrastructure partagée rend possible des attaques au niveau matériel. Les attaques par canaux auxiliaires ainsi que les canaux cachés sont des problèmes bien connus liés aux infrastructures partagées, et en particulier au partage du processeur. Cependant, ces attaques reposent sur des caractéristiques propres à la microarchitecture qui change avec les différentes générations de matériel. Ces dernières années ont vu la progression des calculs généralistes sur processeurs graphiques (aussi appelés GPUs), couplés aux environnements dits cloud. Cette thèse explore ces récentes évolutions, ainsi que leurs conséquences en termes de fuites d'information dans les environnements virtualisés. Premièrement, nous investiguons les microarchitectures des processeurs récents. Notre première contribution est C5, un canal caché sur le cache qui traverse les coeurs d'un processeur, évalué entre deux machines virtuelles. Notre deuxième contribution est la rétro-ingénierie de la fonction d'adressage complexe du dernier niveau de cache des processeurs Intel, rendant la classe des attaques sur les caches facilement réalisable en pratique. Finalement, dans la dernière partie nous investiguons la sécurité de la virtualisation des GPUs. Notre troisième contribution montre que les environnements virtualisés sont susceptibles aux fuites d'informations sur la mémoire d'un GPU. / In a virtualized environment, the hypervisor provides isolation at the software level, but shared infrastructure makes attacks possible at the hardware level. Side and covert channels are well-known issues of shared hardware, and in particular shared processors. However, they rely on microarchitectural features that are changing with the different generations of hardware. The last years have also shown the rise of General-Purpose computing on Graphics Processing Units (GPGPU), coupled to so-called cloud environments. This thesis explores these recent evolutions and their consequences in terms of information leakage in virtualized environments. We first investigate the recent processor microarchitectures. Our first contribution is C5, a cross-core cache covert channel, evaluated between virtual machines. Following this work, our second contribution is the reverse engineering of the complex addressing function of the last-level cache of Intel processors, rendering the class of cache attacks highly practical. In the last part, we investigate the security of GPU virtualization. Our third contribution shows that virtualized environments are susceptible to information leakage from the GPU memory. Sécurité informatique Fuite d'information Virtualisation Canal caché Canal auxiliaire Processeur Cache GPU Computer security Information leakage Virtualization Covert channel Side channel Processor Cache GPU

Search results