CCKex: High Bandwidth Covert Channels over Encrypted Network Traffic

CCKex: High Bandwidth Covert Channels over Encrypted Network Traffic

연구 분야: Networking

학회: Nordic Conference on Secure IT Systems

Covert channels, such as the timing behavior of a process or the lowest order bit in a network protocol nonce, can be used to exchange information in a stealthy manner. Storage covert channels are a class of covert channels that modulate data onto unused or redundant protocol fields of existing network communication. Because of this restriction, but also because of the ubiquity of encrypted communication, such channels usually suffer from severe bandwidth limitations. We propose a novel storage-based covert channel that enables the transmission of data inside encrypted network traffic, thus both drastically increasing bandwidth and stealth. In contrast to prior work, we assume the availability of encryption keys on the sender side, a condition usually met by strong attackers applying key extraction from memory. In this way, we are able to embed information into encrypted network traffic, experimentally increasing covert bandwidth by a factor of 11. We demonstrate the practical feasibility of our approach targeting the Android app Signal on a real-world smartphone.