A Covert Channel Using Named Resources
Joshua Davis, Victor S. Frost
TL;DR
This paper presents a covert communication method that embeds messages within resource names like URLs, mimicking normal user behavior to evade detection, applicable across various protocols including HTTP.
Contribution
It introduces a covert channel leveraging resource names for hidden data transmission that blends in with typical user activity, enhancing stealth and versatility.
Findings
Effective in mimicking user behavior to avoid detection
Applicable to multiple protocols beyond HTTP
Does not alter standard protocol structures
Abstract
A network covert channel is created that uses resource names such as addresses to convey information, and that approximates typical user behavior in order to blend in with its environment. The channel correlates available resource names with a user defined code-space, and transmits its covert message by selectively accessing resources associated with the message codes. In this paper we focus on an implementation of the channel using the Hypertext Transfer Protocol (HTTP) with Uniform Resource Locators (URLs) as the message names, though the system can be used in conjunction with a variety of protocols. The covert channel does not modify expected protocol structure as might be detected by simple inspection, and our HTTP implementation emulates transaction level web user behavior in order to avoid detection by statistical or behavioral analysis.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Cryptography and Data Security · Advanced Steganography and Watermarking Techniques