A review of Covert Channels in TCP and HTTP protocols
AbstractCovert channels are communication channels that can be exploited by a process to transfer information in a manner that violates the systems security policy [Abdulla, 2002; Proctor and Neumann, 1992]. They attempt to hide the data a covert user is communicating and the fact that someone is communicating. Thus actual data transfer must look legitimate or innocuous to the casual eye and may or may not include encryption to scramble data. Covert channels are used by crackers who have breached an organisation's systems to download tools from outside, upload internal data to outside, create virtual network to outside machines and communicate to outside paths. They are also used by internal users who want to use forbidden protocols, who want to have non-malicious backdoor access and want to avoid having management and others see their actions [Covert Channels Secure World, 2003].
There are four main types of covert channels, namely, file-based steganography, network packet steganography, protocol encapsulation and application layer tunneling [Covert Channels Secure World, 2003].
This paper focuses on network packet steganography and application layer tunnelling. It reports on the strengths and weaknesses of different covert channels and possible ways of hiding and detecting them.
Global Journal of Pure and Applied Sciences Vol.11(2) 2005: 271-276