التفاصيل البيبلوغرافية
| العنوان: |
A TCP-based covert channel with integrity check and retransmission. |
| المؤلفون: |
Bistarelli, Stefano, Imparato, Andrea, Santini, Francesco |
| المصدر: |
International Journal of Information Security; Dec2024, Vol. 23 Issue 6, p3481-3512, 32p |
| مصطلحات موضوعية: |
CRYPTOGRAPHY, STATISTICS, MALWARE, STORAGE |
| مستخلص: |
We propose a covert channel and its implementation in Windows OS. This storage channel uses the Initial Sequence Number of TCP to hide four characters of text and the identification field to "sign" the message and thus understand if it has been altered during the transmission. The secret is sent in the first SYN segment to open a connection, and an ACK-RST response acknowledges the receipt. Designed error-correction codes make the protocol more robust and able to handle (IP) packet drops and transmission errors. In this paper, we provide a detailed discussion of the implementation and an evaluation of the stealthiness of the proposed channel: we inspect the generated traffic with two IDSs and RITA, a tool performing statistical analysis to detect malware beaconing. [ABSTRACT FROM AUTHOR] |
|
Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) |
| قاعدة البيانات: |
Complementary Index |