Concealed channel

from Wikipedia, the free encyclopedia

A covert channel (engl. Covert channel ) is in the IT security , a parasitic communication channel which bandwidth (information capacity) of a legitimate communication channel used to convey information. Sometimes the term tunnel is used instead of the term concealed channel . However, the term hidden channel is preferable from an academic point of view.

properties

All covert channels require bandwidth from a legitimate communication channel. In doing so, they either reduce the bandwidth of the legitimate channel or load it with further information without reducing the bandwidth. The hidden channel is cleverly hidden in the legitimized channel and is therefore difficult or even impossible to discover.

One example is steganography , in which a few details of an image are changed in order to incorporate further information (text) into the original data set (the image). The additional information is not immediately recognizable for the user.

  • A subtype of steganography uses the low-order bit of each pixel to accommodate the hidden message in the image. Only these bits represent the message, all other bits represent the legitimate picture. This subtle change can only be recognized if an explicit search is made for it.
  • The background noise in sound files can also hide other signals; this can be used as watermarking in order to uniquely assign sound files.

TCSEC

The Trusted Computer Security Evaluation Criteria (TCSEC) are a compilation of criteria that are used for security-critical systems. These criteria guarantee security-relevant properties of a computer system. This also includes the concealed channels , although these are based on safety-critical systems.

A hidden channel relates within the TCSEC criteria to the flow of information from higher-ranking compartments (classification of information) to lower-ranking compartments (classification of information), see also Mandatory Access Control here .

A distinction is made between the following types of concealed channels :

  • Memory channel (channel storage) - Communication via stored data.
  • Time channel (timing channel) - information is transmitted via temporal sequences of information technology processing.

A computer system that has the classification B2 according to TCSEC must have been analyzed for the memory channels and from B3 also for time channels.

Countermeasures

The possibility that hidden channels exist in a computer system can hardly be excluded or prevented in a meaningful way. In practical systems there will always be possibilities to use a "guest channel".

An example of this can be the opening and closing of a file or the setting and deletion of its file attributes according to an agreed pattern: One program manipulates a file according to time criteria, another program monitors this file and interprets the states or time intervals between the changes as binary information . It will hardly be possible for opponents to recognize such behavior.

Countermeasures can be broken down into those that prevent a hidden channel, limit its capacity or detect it, including, for example, the Shared Resource Matrix Methodology, Covert Flow Trees, Pump, Traffic Normalization, and Covert Timing Channel detection with machine learning or statistical methods belong. Depending on the countermeasure, this can be applied at a different point in the software development lifecycle or integrated into existing systems. Different countermeasures exist for timing and storage channels.

Individual evidence

  1. S. Wendzel: Tunnels and covered channels in the network. Springer-Vieweg, 2012, Chapter 1: Prevention and detection of hidden channels , p. 2.
  2. S. Wendzel: Tunnels and covered channels in the network. Springer-Vieweg, 2012, Chapter 6: Prevention and detection of hidden channels , pp. 103–144.