This document discusses an encrypted covert channel project implemented on mobile devices and a server. It encrypts data using RSA or AES cryptography before hiding the encrypted bytes in forged DNS packets. The mobile apps generate DNS request packets containing small pieces of encrypted data. A server reassembles the full encrypted message by extracting data from packets. The goal is to transmit secret data within ordinary-looking packets to avoid detection by network monitors.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Security Issues in Next Generation IP and Migration NetworksIOSR Journals
This document discusses security issues related to the migration from IPv4 to IPv6 networks. It analyzes common network attacks in IPv4 and how they may impact IPv6 networks. These attacks include reconnaissance attacks, host initialization attacks, broadcast amplification attacks, header manipulation attacks, routing attacks, and firewall evasion through fragmentation. The document provides guidelines to mitigate each of these attacks, such as using random node IDs, securing neighbor discovery protocols, ingress filtering of packets, and deep packet inspection. It addresses that while IPv6 aims to improve security over IPv4, vulnerabilities will still exist and many attacks will continue in a polymorphic manner during the migration process when both protocols must coexist.
This document discusses lightweight cryptography. It begins by defining lightweight cryptography as cryptographic primitives designed for devices with limited resources like memory, speed and power consumption. It then outlines various lightweight cryptographic mechanisms like block ciphers, hash functions, stream ciphers and authenticated ciphers. For each mechanism, it discusses their desirable properties and design principles. It also discusses implementation issues like decryption costs and resistance to related key attacks. Finally, it mentions the Fair Evaluation of Lightweight Cryptographic Systems (FELICS) benchmarking tool for evaluating and comparing the performance of lightweight cryptographic algorithms on different platforms.
Wireshark is an open-source network protocol analyzer tool that can capture and analyze live network packets. It is used by network engineers to troubleshoot network performance issues and by security professionals for network forensics. The document discusses Wireshark's history and development, its modes of operation in Windows including graphical and command line interfaces, how to analyze captured packet data by observing packet colors and filters, and how Wireshark can be used to monitor networks and identify threats such as port scanning and malware downloads.
2.espk external agent authentication and session key establishment using publ...EditorJST
Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed and deployed in a un attend environment, these are vulnerable to numerous security threats. In this paper, describe the design and implementation of public-key-(PK)-based protocols that allow authentication and session key establishment between a sensor network and a third party. WSN have limitations on computational capacity, battery etc which provides scope for challenging problems. We fundamentally focused on the security issue of WSNs The proposed protocol is efficient and secure in compared to other public key based protocols in WSNs.
A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORKijmnct
Nowadays security is an evident matter in designing networks and much research has been done in this
field. The main purpose of the research is to provide an appropriate instruction for data transmission in a
reliable platform. One of the instructions of transferring information is to use public networks like internet.
The main purpose of the present paper is to introduce that enables the users to enter to a new security level.
In this paper, VPN as one of the different instructions for establishing the security proposed to be
examined. In this type, tunneling method of internet protocol security (IPsec) is used. Furthermore, the
advanced method of scanning fingerprint is applied to establish authentication and Diffie-Hellman
algorithm for coding and decoding data, of course with conversion in this algorithm.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Security Issues in Next Generation IP and Migration NetworksIOSR Journals
This document discusses security issues related to the migration from IPv4 to IPv6 networks. It analyzes common network attacks in IPv4 and how they may impact IPv6 networks. These attacks include reconnaissance attacks, host initialization attacks, broadcast amplification attacks, header manipulation attacks, routing attacks, and firewall evasion through fragmentation. The document provides guidelines to mitigate each of these attacks, such as using random node IDs, securing neighbor discovery protocols, ingress filtering of packets, and deep packet inspection. It addresses that while IPv6 aims to improve security over IPv4, vulnerabilities will still exist and many attacks will continue in a polymorphic manner during the migration process when both protocols must coexist.
This document discusses lightweight cryptography. It begins by defining lightweight cryptography as cryptographic primitives designed for devices with limited resources like memory, speed and power consumption. It then outlines various lightweight cryptographic mechanisms like block ciphers, hash functions, stream ciphers and authenticated ciphers. For each mechanism, it discusses their desirable properties and design principles. It also discusses implementation issues like decryption costs and resistance to related key attacks. Finally, it mentions the Fair Evaluation of Lightweight Cryptographic Systems (FELICS) benchmarking tool for evaluating and comparing the performance of lightweight cryptographic algorithms on different platforms.
Wireshark is an open-source network protocol analyzer tool that can capture and analyze live network packets. It is used by network engineers to troubleshoot network performance issues and by security professionals for network forensics. The document discusses Wireshark's history and development, its modes of operation in Windows including graphical and command line interfaces, how to analyze captured packet data by observing packet colors and filters, and how Wireshark can be used to monitor networks and identify threats such as port scanning and malware downloads.
2.espk external agent authentication and session key establishment using publ...EditorJST
Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed and deployed in a un attend environment, these are vulnerable to numerous security threats. In this paper, describe the design and implementation of public-key-(PK)-based protocols that allow authentication and session key establishment between a sensor network and a third party. WSN have limitations on computational capacity, battery etc which provides scope for challenging problems. We fundamentally focused on the security issue of WSNs The proposed protocol is efficient and secure in compared to other public key based protocols in WSNs.
A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORKijmnct
Nowadays security is an evident matter in designing networks and much research has been done in this
field. The main purpose of the research is to provide an appropriate instruction for data transmission in a
reliable platform. One of the instructions of transferring information is to use public networks like internet.
The main purpose of the present paper is to introduce that enables the users to enter to a new security level.
In this paper, VPN as one of the different instructions for establishing the security proposed to be
examined. In this type, tunneling method of internet protocol security (IPsec) is used. Furthermore, the
advanced method of scanning fingerprint is applied to establish authentication and Diffie-Hellman
algorithm for coding and decoding data, of course with conversion in this algorithm.
This document discusses security enhancements for IEEE 802.11i wireless networks. It proposes using physical layer information and channel-based secrets to improve authentication and key establishment. Specifically, it suggests modifying the 802.11i key derivation process to incorporate information-theoretic secure bits extracted from wireless channel measurements. This would make stolen credentials like passwords less useful, improving security. The document outlines integrating channel secrets into the pairwise transient key derivation in 802.11i to provide forward and backward secrecy.
This document summarizes a research paper that proposes improvements to the probabilistic packet marking (PPM) algorithm for detecting the path of distributed denial-of-service attacks. The PPM algorithm allows routers to mark attack packets with identification information based on a predetermined probability. However, its termination condition is not well-defined, which can result in an incorrectly constructed attack path. The paper proposes a modified PPM algorithm called rectified PPM (RPPM) that defines a precise termination condition to guarantee the constructed attack path is correct with a specified level of confidence. An experimental framework is designed to test the RPPM algorithm under different packet marking probabilities and network structures.
The document discusses various topics related to network security:
1. It provides examples of social engineering techniques like pretending to be a network administrator to obtain passwords.
2. It defines denial of service attacks and lists features like flood attacks and SYN attacks that overwhelm the target with useless traffic.
3. It explains honeypots are traps that appear to contain valuable information but are actually isolated and monitored to detect unauthorized access attempts.
4. It also covers encryption methods like RSA and digital signatures, and distinguishes between biometrics and computer forensics techniques.
Efficient packet marking for large scale ip trace back(synopsis)Mumbai Academisc
This document proposes a new probabilistic packet marking (PPM) approach for large-scale IP traceback that improves efficiency and accuracy of traceback and provides incentives for ISPs to deploy traceback. The approach uses a new IP header encoding scheme to store a router's full identification in a single packet, eliminating issues from fragmented IDs. It also does not disclose router IP addresses, alleviating security concerns for ISPs. The approach can control the distribution of marking information to potentially create revenue as a value-added service for ISPs.
This document discusses database access pattern protection using a partial shuffle scheme. It proposes a new encryption algorithm called Reverse Encryption Algorithm (REA) that aims to provide security while limiting performance degradation from encryption. It also discusses prior work on Private Information Retrieval (PIR) techniques and their limitations. The key idea of the proposed scheme is to introduce a trusted component that shuffles only a portion of the database periodically, providing privacy assurances similar to PIR but with lower computation costs than a full database shuffle each time.
This document provides summaries of 7 IEEE papers from 2012 related to software projects in various domains such as Java, J2ME, J2EE, .NET, MATLAB and NS2. The papers discuss topics such as password security, data provenance, trust-aware routing in wireless sensor networks, content distribution via network coding, detecting insider threats, secure message passing interfaces, and the security of an anonymity system with traceability.
IRJET- Cryptography Encryption and Decryption File Protection based on Mo...IRJET Journal
This document discusses encryption and decryption techniques using Bluetooth proximity on mobile devices. It begins with an abstract that outlines using an encryption algorithm to convert meaningful file information into unintelligible data that cannot be read without decrypting. The encryption key would be the Bluetooth MAC address of a registered device.
The introduction explains using AES encryption to encode files into unreadable data, with the Bluetooth MAC address as the decryption key. It also discusses how encryption provides data security for wireless communication.
The document then reviews cryptography purposes like authentication and confidentiality. It examines symmetric key cryptography using the same key for encryption and decryption, and public key cryptography using different keys. It also defines plain text, cipher text, and encryption/
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET Journal
This document proposes implementing a virtual private network (VPN) using IPsec to securely transfer data between two remote networks. IPsec VPN provides an encrypted tunnel for data transmission and ensures privacy, authentication, and integrity. The proposed topology connects two networks using Vyos routers, with the path between them secured through an IPsec VPN tunnel. Vyos is an open-source network operating system that can convert a physical PC into a router. Sensors in one network would collect data and a client on the remote network could access a webpage displaying the sensor data through the private, encrypted VPN tunnel. Cryptography is used for authentication, confidentiality, and integrity of the transmitted data.
A lightweight secure scheme for detecting provenance forgery and packet drop ...Pvrtechnologies Nellore
This document proposes a lightweight scheme for securely transmitting provenance (data history) in wireless sensor networks to detect packet forgery and loss attacks. It introduces an in-packet Bloom filter technique to encode provenance within each data packet in an efficient way. As sensor nodes forward packets, they embed their node IDs into the Bloom filter to record the forwarding path. The base station can then extract and verify the provenance from the Bloom filter to identify compromised or malicious nodes that drop packets. The scheme aims to securely transmit provenance using only low-cost operations like hash functions and message authentication codes, while previous solutions used intensive cryptography. It is evaluated analytically and experimentally to prove its effectiveness and efficiency.
Lightweight secure scheme for detecting provenance forgery and packet drop at...Pvrtechnologies Nellore
The document proposes a lightweight secure scheme to detect packet forgery and loss attacks in wireless sensor networks. It relies on in-packet Bloom filters to encode data provenance. The scheme introduces efficient mechanisms for provenance verification and reconstruction at the base station. Key generation, encryption, and signature techniques are used to securely transmit provenance information and detect suspicious data packets. The proposed technique is evaluated analytically and empirically, proving its effectiveness and efficiency in detecting attacks.
A lightweight secure scheme for detecting provenance forgery and packet drop ...LeMeniz Infotech
The document proposes a lightweight scheme to securely transmit data provenance for sensor networks. It uses in-packet Bloom filters to encode provenance information and transmit it with data packets. This allows for provenance verification and reconstruction at the base station. The scheme also detects packet forgery and drop attacks by malicious nodes. Evaluation shows the scheme is effective and efficient with low energy and bandwidth usage.
Speedy ip trace back(sipt) for identifying sadhanSadan Kumar
The document proposes a new method called Speedy IP Traceback (SIPT) to identify denial-of-service attacks. SIPT works by having routers insert the media access control (MAC) address of the client and the router's IP address into packets. This allows the destination to identify the attacker's boundary router and MAC address, tracing the attack path. Traditionally, mechanisms like ingress filtering, link testing, and packet marking have been used but have not kept pace with evolving attacks. SIPT provides a more direct way to find the router connected to the attacker.
This document proposes a novel method to defend against IP spoofing attacks using packet filtering and marking techniques. It involves a network architecture model with trusted nodes that can access each other after authentication. The proposed method uses packet tracing and cooperation between trusted adjacent nodes to detect and block spoofed packets entering the trusted network from external sources. It aims to effectively defend against distributed denial of service attacks and IP spoofing attacks.
This document discusses security challenges in wireless sensor networks. It outlines key challenges like limited energy and communication capabilities as sensors are often deployed in accessible areas. It discusses approaches for secure key establishment, privacy concerns around surveillance, threats like denial of service attacks, and the need for secure routing, intrusion detection, and data aggregation given the resource constraints of sensor networks. Research is still needed to address security challenges posed by the unique aspects of sensor network environments and applications.
KEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTINGecij
This document summarizes a research paper on generating secret keys for multiple wireless devices using multipath routing. It proposes a framework that uses AES encryption to generate unique 128-bit keys for each device pair, overcoming issues of limited signal range and centralized networks. The methodology observes devices to compare RSS signals and encrypts keys using AES. Performance analysis shows AES key generation is faster than DES and provides stronger security due to longer, randomly generated keys.
An Efficient privacy preserving for Mobile and Pervasive Computinginventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
BRADLEY DEHAVEN v. JP Morgan Chase Bank CA3braddehavenx
This document summarizes a court case between Bradley and Lisa DeHaven and JP Morgan Chase Bank, The Bank of New York Mellon Corporation, and other entities. The DeHavens took out a $900,000 mortgage loan from Chase in 2007 and later defaulted on payments in 2009 during financial hardship. They applied for a loan modification but Chase foreclosed on their home in 2010 despite assurances their application was still under review. The DeHavens sued alleging wrongful foreclosure and other claims. Chase and other defendants filed a demurrer, which the trial court sustained without leave to amend. The DeHavens appealed, arguing they sufficiently alleged facts to support their causes of action.
Fraud Detection Using Signature RecognitionTejraj Thakor
The signature of person is an important bio metric of a human being which can be used to authenticate human identity. The problem arises when someone decide to imitate our signature and steal our identity.
The Image of human signature is collected by camera of mobile phone which can extract dynamic and spatial information of the signature based on Image processing techniques like Convert to gray scale, Noise Removal, Normalization, Border Elimination and Feature Extraction techniques.
The signature matching is depending on SVM. The SVM classifier is trained with sample images in database obtained from those individuals whose signatures have to be authenticated by the system. In our proposed system SQLite database as a back-end and Android platform as a front-end.
The document describes a proposed multimodal image search system for mobile devices. It allows users to search for images using voice queries or text queries. For voice queries, the system converts speech to text and extracts keywords. It then displays exemplar images corresponding to each keyword for the user to select and compose into a visual query image. This visual query image is used to search for similar images from a database of one million images. The system aims to provide a more natural search experience compared to traditional text-based searches on mobile.
secure data retrieval for decentralized disruption-tolerant military networksswathi78
The document proposes a secure data retrieval scheme using ciphertext-policy attribute-based encryption (CP-ABE) for decentralized disruption-tolerant military networks. Existing CP-ABE schemes have challenges including attribute revocation, key escrow, and coordination of attributes from different authorities. The proposed scheme addresses these by enabling immediate attribute revocation, defining access policies over attributes from multiple authorities, and resolving the key escrow problem through an escrow-free key issuing protocol. This allows encryptors to define access policies and securely share encrypted data in disruption-tolerant military networks.
This document discusses security enhancements for IEEE 802.11i wireless networks. It proposes using physical layer information and channel-based secrets to improve authentication and key establishment. Specifically, it suggests modifying the 802.11i key derivation process to incorporate information-theoretic secure bits extracted from wireless channel measurements. This would make stolen credentials like passwords less useful, improving security. The document outlines integrating channel secrets into the pairwise transient key derivation in 802.11i to provide forward and backward secrecy.
This document summarizes a research paper that proposes improvements to the probabilistic packet marking (PPM) algorithm for detecting the path of distributed denial-of-service attacks. The PPM algorithm allows routers to mark attack packets with identification information based on a predetermined probability. However, its termination condition is not well-defined, which can result in an incorrectly constructed attack path. The paper proposes a modified PPM algorithm called rectified PPM (RPPM) that defines a precise termination condition to guarantee the constructed attack path is correct with a specified level of confidence. An experimental framework is designed to test the RPPM algorithm under different packet marking probabilities and network structures.
The document discusses various topics related to network security:
1. It provides examples of social engineering techniques like pretending to be a network administrator to obtain passwords.
2. It defines denial of service attacks and lists features like flood attacks and SYN attacks that overwhelm the target with useless traffic.
3. It explains honeypots are traps that appear to contain valuable information but are actually isolated and monitored to detect unauthorized access attempts.
4. It also covers encryption methods like RSA and digital signatures, and distinguishes between biometrics and computer forensics techniques.
Efficient packet marking for large scale ip trace back(synopsis)Mumbai Academisc
This document proposes a new probabilistic packet marking (PPM) approach for large-scale IP traceback that improves efficiency and accuracy of traceback and provides incentives for ISPs to deploy traceback. The approach uses a new IP header encoding scheme to store a router's full identification in a single packet, eliminating issues from fragmented IDs. It also does not disclose router IP addresses, alleviating security concerns for ISPs. The approach can control the distribution of marking information to potentially create revenue as a value-added service for ISPs.
This document discusses database access pattern protection using a partial shuffle scheme. It proposes a new encryption algorithm called Reverse Encryption Algorithm (REA) that aims to provide security while limiting performance degradation from encryption. It also discusses prior work on Private Information Retrieval (PIR) techniques and their limitations. The key idea of the proposed scheme is to introduce a trusted component that shuffles only a portion of the database periodically, providing privacy assurances similar to PIR but with lower computation costs than a full database shuffle each time.
This document provides summaries of 7 IEEE papers from 2012 related to software projects in various domains such as Java, J2ME, J2EE, .NET, MATLAB and NS2. The papers discuss topics such as password security, data provenance, trust-aware routing in wireless sensor networks, content distribution via network coding, detecting insider threats, secure message passing interfaces, and the security of an anonymity system with traceability.
IRJET- Cryptography Encryption and Decryption File Protection based on Mo...IRJET Journal
This document discusses encryption and decryption techniques using Bluetooth proximity on mobile devices. It begins with an abstract that outlines using an encryption algorithm to convert meaningful file information into unintelligible data that cannot be read without decrypting. The encryption key would be the Bluetooth MAC address of a registered device.
The introduction explains using AES encryption to encode files into unreadable data, with the Bluetooth MAC address as the decryption key. It also discusses how encryption provides data security for wireless communication.
The document then reviews cryptography purposes like authentication and confidentiality. It examines symmetric key cryptography using the same key for encryption and decryption, and public key cryptography using different keys. It also defines plain text, cipher text, and encryption/
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET Journal
This document proposes implementing a virtual private network (VPN) using IPsec to securely transfer data between two remote networks. IPsec VPN provides an encrypted tunnel for data transmission and ensures privacy, authentication, and integrity. The proposed topology connects two networks using Vyos routers, with the path between them secured through an IPsec VPN tunnel. Vyos is an open-source network operating system that can convert a physical PC into a router. Sensors in one network would collect data and a client on the remote network could access a webpage displaying the sensor data through the private, encrypted VPN tunnel. Cryptography is used for authentication, confidentiality, and integrity of the transmitted data.
A lightweight secure scheme for detecting provenance forgery and packet drop ...Pvrtechnologies Nellore
This document proposes a lightweight scheme for securely transmitting provenance (data history) in wireless sensor networks to detect packet forgery and loss attacks. It introduces an in-packet Bloom filter technique to encode provenance within each data packet in an efficient way. As sensor nodes forward packets, they embed their node IDs into the Bloom filter to record the forwarding path. The base station can then extract and verify the provenance from the Bloom filter to identify compromised or malicious nodes that drop packets. The scheme aims to securely transmit provenance using only low-cost operations like hash functions and message authentication codes, while previous solutions used intensive cryptography. It is evaluated analytically and experimentally to prove its effectiveness and efficiency.
Lightweight secure scheme for detecting provenance forgery and packet drop at...Pvrtechnologies Nellore
The document proposes a lightweight secure scheme to detect packet forgery and loss attacks in wireless sensor networks. It relies on in-packet Bloom filters to encode data provenance. The scheme introduces efficient mechanisms for provenance verification and reconstruction at the base station. Key generation, encryption, and signature techniques are used to securely transmit provenance information and detect suspicious data packets. The proposed technique is evaluated analytically and empirically, proving its effectiveness and efficiency in detecting attacks.
A lightweight secure scheme for detecting provenance forgery and packet drop ...LeMeniz Infotech
The document proposes a lightweight scheme to securely transmit data provenance for sensor networks. It uses in-packet Bloom filters to encode provenance information and transmit it with data packets. This allows for provenance verification and reconstruction at the base station. The scheme also detects packet forgery and drop attacks by malicious nodes. Evaluation shows the scheme is effective and efficient with low energy and bandwidth usage.
Speedy ip trace back(sipt) for identifying sadhanSadan Kumar
The document proposes a new method called Speedy IP Traceback (SIPT) to identify denial-of-service attacks. SIPT works by having routers insert the media access control (MAC) address of the client and the router's IP address into packets. This allows the destination to identify the attacker's boundary router and MAC address, tracing the attack path. Traditionally, mechanisms like ingress filtering, link testing, and packet marking have been used but have not kept pace with evolving attacks. SIPT provides a more direct way to find the router connected to the attacker.
This document proposes a novel method to defend against IP spoofing attacks using packet filtering and marking techniques. It involves a network architecture model with trusted nodes that can access each other after authentication. The proposed method uses packet tracing and cooperation between trusted adjacent nodes to detect and block spoofed packets entering the trusted network from external sources. It aims to effectively defend against distributed denial of service attacks and IP spoofing attacks.
This document discusses security challenges in wireless sensor networks. It outlines key challenges like limited energy and communication capabilities as sensors are often deployed in accessible areas. It discusses approaches for secure key establishment, privacy concerns around surveillance, threats like denial of service attacks, and the need for secure routing, intrusion detection, and data aggregation given the resource constraints of sensor networks. Research is still needed to address security challenges posed by the unique aspects of sensor network environments and applications.
KEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTINGecij
This document summarizes a research paper on generating secret keys for multiple wireless devices using multipath routing. It proposes a framework that uses AES encryption to generate unique 128-bit keys for each device pair, overcoming issues of limited signal range and centralized networks. The methodology observes devices to compare RSS signals and encrypts keys using AES. Performance analysis shows AES key generation is faster than DES and provides stronger security due to longer, randomly generated keys.
An Efficient privacy preserving for Mobile and Pervasive Computinginventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
BRADLEY DEHAVEN v. JP Morgan Chase Bank CA3braddehavenx
This document summarizes a court case between Bradley and Lisa DeHaven and JP Morgan Chase Bank, The Bank of New York Mellon Corporation, and other entities. The DeHavens took out a $900,000 mortgage loan from Chase in 2007 and later defaulted on payments in 2009 during financial hardship. They applied for a loan modification but Chase foreclosed on their home in 2010 despite assurances their application was still under review. The DeHavens sued alleging wrongful foreclosure and other claims. Chase and other defendants filed a demurrer, which the trial court sustained without leave to amend. The DeHavens appealed, arguing they sufficiently alleged facts to support their causes of action.
Fraud Detection Using Signature RecognitionTejraj Thakor
The signature of person is an important bio metric of a human being which can be used to authenticate human identity. The problem arises when someone decide to imitate our signature and steal our identity.
The Image of human signature is collected by camera of mobile phone which can extract dynamic and spatial information of the signature based on Image processing techniques like Convert to gray scale, Noise Removal, Normalization, Border Elimination and Feature Extraction techniques.
The signature matching is depending on SVM. The SVM classifier is trained with sample images in database obtained from those individuals whose signatures have to be authenticated by the system. In our proposed system SQLite database as a back-end and Android platform as a front-end.
The document describes a proposed multimodal image search system for mobile devices. It allows users to search for images using voice queries or text queries. For voice queries, the system converts speech to text and extracts keywords. It then displays exemplar images corresponding to each keyword for the user to select and compose into a visual query image. This visual query image is used to search for similar images from a database of one million images. The system aims to provide a more natural search experience compared to traditional text-based searches on mobile.
secure data retrieval for decentralized disruption-tolerant military networksswathi78
The document proposes a secure data retrieval scheme using ciphertext-policy attribute-based encryption (CP-ABE) for decentralized disruption-tolerant military networks. Existing CP-ABE schemes have challenges including attribute revocation, key escrow, and coordination of attributes from different authorities. The proposed scheme addresses these by enabling immediate attribute revocation, defining access policies over attributes from multiple authorities, and resolving the key escrow problem through an escrow-free key issuing protocol. This allows encryptors to define access policies and securely share encrypted data in disruption-tolerant military networks.
secure data retrieval for decentralized disruption-tolerant military networksSneha Joshi
DTN technologies allow wireless devices carried by soldiers to communicate and access information reliably using external storage nodes. CP-ABE provides scalable encryption such that encryptors define the attributes needed for decryption, allowing different access policies. The proposed system uses CP-ABE for secure data retrieval in decentralized DTNs, resolving key escrow problems by having multiple independent key authorities manage attributes. Fine-grained key revocation is enabled for each attribute group. This mechanism securely and efficiently manages confidential data distribution in disruption-tolerant military networks.
Modern devices with spread spectrum application opportunities for wireless co...Олександр Мазуренко
Can be downloaded here: https://drive.google.com/open?id=0B5J_auuoZpgbZTFzLWJhM3FiUW8
Topic: ”Modern devices with spread spectrum application opportunities for wireless communications services performing”
Theses:
- Technologies and devices of “Covert Wireless Communications”.
- Test results of new devices of the company.
- Features of new devices of the company.
- Opportunities and prospects of wireless communication services based on products of the company.
Tunneling encapsulates one network protocol within another protocol to allow communication through a network. Covert channels transmit information through channels not intended for communication. The general covert channel framework has properties of being undetectable and robust. Tunneling and covert channels can be used for penetration testing firewalls and secure communication over ad-hoc networks, though they are somewhat subversive in nature. Various tools and scenarios for ICMP, SSH, and HTTPS tunneling as well as using proxies are described.
The document discusses covert channels, which are secret communication channels that violate security policies. It provides background on covert channels and defines them. It describes classic examples of covert channels from the 1980s that operated at the operating system level. It then discusses more modern covert channels that can operate over networks by encoding data in normally unused fields in network protocol headers, such as the IP ID or initial TCP sequence number fields. It notes that application proxies or firewalls can prevent many network covert channels by terminating and recreating network connections.
Back Channels Can be Useful! – Layering Authentication Channels to Provide Co...Mohammed Almeshekah
This paper argues the need for providing a covert back- channel communication mechanism in authentication protocols, discusses various practical uses for such a channel, and desirable features for its design and deployment. Such a mechanism would leverage the current authentication channel to carry out the covert communication rather than introducing a separate one. The communication would need to be oblivious to an adversary observing it, possibly as a man-in-the-middle. We discuss the properties that such channels would need to have for the various scenarios in which they would be used. Also, we show their potential for mitigating the effects of a number of security breaches currently occurring in these scenarios.
This document discusses techniques for detecting digital image forgeries. It begins by defining different types of forgeries such as image retouching, splicing, and cloning. It then discusses mechanisms for forgery detection, distinguishing between active methods that embed hidden information in images and passive methods that analyze image traces. A key technique presented is using rotation angle estimation to detect cloned regions, with details on calculating variance to determine the rotation angle. The document concludes by presenting an algorithm for region duplication detection using hybrid wavelet transforms like DCT, Walsh, and Hadamard transforms.
A Project Report on Insurance System with Tracking Manager Sachin Kariyattin
This document outlines the technologies that will be used to develop an insurance system with a tracking manager. It will use the NetBeans IDE, Glassfish server, and Rational Rose UML modeling tool for development. The backend database will be DB2, which is a cross-platform relational database management system originally developed by IBM in 1983. The front end will use JSP for display and interfacing with users. The system will have three types of users - policy holders, company officials, and an administrator - and will provide functions like viewing profiles, paying premiums, generating new policies, and more.
Here are the key points about XHTML:
- XHTML is an XML (Extensible Markup Language) application. XML is a stricter, more structured version of HTML.
- XHTML documents must follow strict syntax rules. For example, all elements must be closed properly, elements must be nested correctly, and elements must be in lowercase.
- XHTML is designed to be displayed in web browsers the same way as HTML, but it can also be run through XML parsers. This makes XHTML documents both human- and machine-readable.
- XHTML documents are also stricter about following standards. For example, all elements must have a closing tag, empty elements must be closed with a slash, and elements cannot overlap.
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...IRJET Journal
This document proposes a multi-factor authentication security framework using blockchain for cloud computing. It discusses using one-time passwords and unique codes for login along with blockchain technology to securely store data in the cloud. The framework aims to improve security, securely share data online, and secure cloud data storage. It presents a system architecture with three modules - data owner, user, and authority - to allow data owners to securely upload files via blockchain that users can view and download with authentication.
The document describes experiments conducted using Cisco Packet Tracer software to simulate and test different computer network topologies. It includes 15 experiments covering topics like connecting devices using hubs and switches, implementing bus, star, ring, tree and hybrid topologies, creating local and wireless networks, and connecting multiple networks using routers. Each experiment lists the aim, steps to set up the topology, and provides a brief explanation of the networking concepts tested.
This document proposes a secure communication framework for embedded networking. The framework aims to be platform neutral and hardware independent. It incorporates a secured database containing all possible system events. Embedded systems can authenticate and access this database. The framework also protects the communication channel by encrypting transmissions, secure handshaking, and using self-adaptive frame structures. It references event indexes from the database rather than transmitting actual information. The database is dynamically recreated on each power-on to change event indexes and improve security. The framework is designed to be easily implemented using proven security technologies while providing modest protection for embedded network devices.
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
The document discusses techniques for providing location privacy in sensor networks against a global eavesdropper. It proposes four techniques - periodic collection, source simulation, sink simulation, and backbone flooding - to provide location privacy for monitored objects (source location privacy) and data sinks (sink location privacy). These techniques provide trade-offs between privacy, communication cost, and latency. Analysis and simulation demonstrate that the proposed techniques are efficient and effective for providing source and sink location privacy in sensor networks.
Implementation of Steganographic Method Based on IPv4 Identification Field ov...IJERA Editor
This document presents a study on implementing a steganographic method (covert channel) to hide secret data in the IP identification field. The implementation was carried out using the Network Simulator 3 (NS-3).
The document first provides background on covert channels and discusses their application in TCP/IP layers for VoIP. It then analyzes each TCP/IP layer for their technical difficulty, generality, and reachability for covert channels. Specifically, the network layer presents opportunities due to unused or optional bits in the IP header.
The implementation hides the word "hello" by encoding each character into the IP identification field of successive packets. The simulation confirms successful transmission of the hidden message across the point-to-
This project mainly focuses on remotely scanning the organization’s internal network using precise, advanced and most efficient tools built installed on the Raspberry Pi. Keeping all the security aspects in scope, this tool is built and configured to meet and protect one’s required operations through the process. The whole scanning operation is done through the Secured Shell because it’s open source and uses open protocol, so it’s hard to plant a backdoor attack. The encryption will provide privacy and maintain integrity throughout the operation and will protect against network sniffers, eavesdropping and Man in the Middle Attack. This tool is made to completely eliminate the physical traveling of security team to the client’s location and to perform any contractual based security operations. Sharique Raza | Feon Jaison Maliyekkal | Nitin Choudhary "Remotely Scanning Organization’s Internal Network" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33636.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-network/33636/remotely-scanning-organization’s-internal-network/sharique-raza
Security Testing of Network Protocol ImplementationIRJET Journal
This document discusses security testing methods for network protocol implementations. It proposes a new framework called FuSeBMC that uses a combination of fuzzing and symbolic execution to detect security vulnerabilities. FuSeBMC generates test input packets using fuzzing to guide symbolic execution, allowing it to achieve higher code coverage than using the techniques individually. The document evaluates FuSeBMC on a vulnerable FTP server, finding it can detect vulnerabilities faster than other tools like ESBMC, KLEE, and Map2Check. FuSeBMC provides an effective approach for security testing of network protocol implementations.
Internet Of Things(IoT) is emerging technology in future world.The term IoT comprises of Cloud computing, Data mining,
Big data analytics, hardware board. The Security and Interoperability is a main factor that influences the IoT Enegy
consumption is also main fator for IoT application designing.The various protocols such as MQTT,AMQP,XMPP are used in
IoT.This paper analysis the various protocols used in Internet of Things.
IRJET- Security in Ad-Hoc Network using Encrypted Data Transmission and S...IRJET Journal
This document discusses security techniques for data transmission in ad-hoc networks, specifically encrypted data transmission and steganography. It proposes a system that enables encrypted data transmission between nodes and uses steganography to hide encrypted data in cover files like images, audio, and video during transmission for additional security. The system architecture includes modules for user interface, embedding secret data in cover files, extracting secret data, sending files between nodes, and receiving files. It aims to securely transmit data in ad-hoc networks using both encryption and steganography to protect confidentiality and integrity of transmitted data.
This document provides an overview of virtual private networks (VPNs). It discusses the history of VPNs and how they arose from the need for secure remote access and communication between corporate networks without needing expensive dedicated private lines. The document defines key VPN terms and concepts, describes the main types of VPN topologies, and examines the components, benefits, and quality of service aspects of VPNs. It aims to serve as an introduction to VPNs, their implementation, and applications in business networks.
Analysis Of Internet Protocol ( IP ) DatagramsEmily Jones
Here are the key points about wireless sensor networks:
- WSN consist of small, low-cost sensors that can sense and monitor various environments and phenomena. They communicate wirelessly to form dense networks.
- The sensors have limited processing, storage and power capabilities. They must operate autonomously for long periods with small batteries or energy harvesting.
- WSN enable ubiquitous sensing and monitoring without being constrained by wires. They provide more flexibility in deployment compared to wired networks.
- Common applications of WSN include environmental/habitat monitoring, healthcare applications, home automation, traffic control, and industrial/machine monitoring.
- Key technical challenges in WSN include limited power/energy, dynamic network topology, fault tolerance
Quantum Cryptography Approach for Resolving Cyber Threatsijtsrd
The research work focused on the future of the internet security transaction without allowing unauthorized user from accessing the secret document. The system was implemented with python flask framework been the lightest micro framework. The quantum key distribution generator model used is the BB84. Users can create account one the sender and other receiver then peered together in single communication channel. The sender attach file and send it in an encrypted manner to be received by receiver on presenting the same quantum key used for encrypting it. Once the eavesdropper click the link of the protocol, an alarm is raised and the system quantum key is change instantly and committed into the database. The other application is the Quantum Simulator, this application is used for generating a simulation for a quantum cryptography. Madubuezi Christian Okoronkwo | Onwuzo J. C | Gregory E. Anichebe "Quantum Cryptography Approach for Resolving Cyber Threats" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-6 , October 2021, URL: https://www.ijtsrd.com/papers/ijtsrd46458.pdf Paper URL : https://www.ijtsrd.com/computer-science/artificial-intelligence/46458/quantum-cryptography-approach-for-resolving-cyber-threats/madubuezi-christian-okoronkwo
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET Journal
This document discusses using homomorphic encryption to securely store and process data in the cloud. It begins with an introduction to cloud computing and data security challenges. The proposed system would encrypt user data before transferring it to the cloud server using homomorphic encryption. This allows computations to be performed on the encrypted data without decrypting it first, protecting data privacy. The document reviews related work on authentication schemes and secure file storage using encryption. It presents the proposed system architecture and concludes that homomorphic encryption can help address cloud computing security issues by allowing operations on encrypted user data.
Securing the digital landscape is paramount in our interconnected world. This abstract delves into the fundamentals of cyber security, exploring its vital role in safeguarding individuals, organizations, and nations against the pervasive threat of cybercrime. It examines the evolving challenges posed by cyber threats, from sophisticated attacks to emerging vulnerabilities, while elucidating practical strategies to mitigate risks and fortify defenses. Through an exploration of cybercrime's multifaceted nature, coupled with insights into the latest antivirus and firewall technologies, this abstract equips readers with essential knowledge to navigate the digital realm safely and responsibly.
In today's interconnected world, the protection of digital assets is paramount. This abstract serves as a deep dive into the foundational principles and advanced strategies of cyber security, illuminating its indispensable role in safeguarding individuals, organizations, and nations against the ever-looming specter of cybercrime. Beginning with an exploration of cyber security's core tenets, including confidentiality, integrity, and availability, readers are introduced to the fundamental principles that underpin effective defense strategies. Through insightful analysis and real-world examples, the abstract highlights the critical importance of maintaining these principles in the face of evolving cyber threats.
IRJET- Multimedia Content Security with Random Key Generation Approach in...IRJET Journal
This document proposes a double stage encryption algorithm to securely store multimedia content like images, audio, and video in the cloud. In the first stage, multimedia content is encrypted into ciphertext using AES symmetric encryption. The ciphertext is then encrypted again in the cloud using a randomly generated symmetric key for added security. This makes it difficult for attackers to extract the encryption key and recover the original multimedia content even if they obtain the ciphertext. The algorithm aims to provide security against side channel attacks in cloud computing through its use of random key generation and double encryption. It is described as having low complexity and wide applicability for safeguarding multimedia content in the cloud.
Its is project based on one of the most interesting and wide topic of Computer Science, named Cyber Security
CONTENT :
1. What is Cyber Security
2. Why Cyber Security is Important
3. Brief History
4. Security Timeline
5. Architecture
6. Cyber Attack Methods
7. Technology for Cyber Secuirty
8. Development in Cyber Security
9. Future Trend in Cyber Security
11.secure data transmission by using steganographyAlexander Decker
This document summarizes a research paper that proposes a system for secure data transmission using steganography and cryptography. The system encrypts secret data using elliptic curve cryptography before embedding it in unused fields of the TCP/IP header to create a covert channel. This allows for covert transmission of encrypted data over a communication channel in a way that is not detectable by third parties. The paper reviews related work on using network protocols for steganography and discusses applying the proposed system to applications like secure file transfers and network auditing.
This document discusses using steganography and cryptography together to securely transmit data over a network. It proposes hiding encrypted data in unused fields of TCP/IP packet headers, creating a covert channel. Specifically, the secret message would be encrypted, embedded into a carrier file like an image to create a "stego object." This object would then be divided into packets and hidden in the TCP sequence number, option fields, IP type of service, or identification fields before transmission. By encrypting the message and using steganography, the transmission would be secure and covert, avoiding detection by third parties.
Design of A Home Surveillance System Based on the Android PlatformIRJET Journal
This document describes the design of a home surveillance system based on the Android platform. The system consists of a server and client. The server captures video, encodes it using H.264, and transmits the data to clients over RTP/UDP. It also performs face detection to save critical frames. The client receives the data, decodes it using FFmpeg, and displays the video. The system aims to monitor elderly family members and provide emergency alerts. It offers mobility through Android devices and stable wireless transmission.
Virtual private networks (VPNs) allow users to securely access an internal network from remote locations over a public network like the internet. VPNs use tunneling protocols to encrypt data transmission and make it appear as if the remote computer is part of the private network. There are various VPN implementation methods, including those using IPSec, MPLS, PPTP, or L2TP. MPLS VPNs in particular offer scalability and centralized services like multicast and quality of service controls. VPNs provide security through authentication, encryption, and authorization controls to prevent unauthorized access to internal network resources.
2. 1
Table of Contents
EXECUTIVE SUMMARY ................................................................................................................................... 2
PROJECT BACKGROUND ................................................................................................................................ 4
PROBLEM STATEMENT.................................................................................................................................. 6
PROJECT OBJECTIVE....................................................................................................................................... 7
TECHNICAL DETAILS ..................................................................................................................................... 8
PROJECT PROCESS..........................................................................................................................................11
DATA STRUCTURE DESIGN ..........................................................................................................................12
SYSTEM ANALYSIS AND DESIGN – UML DIAGRAMS ...............................................................................14
PROJECT ACHIEVEMENT ............................................................................................................................ 25
IMPORTANT FINDINGS ................................................................................................................................ 28
INNOVATIONS ................................................................................................................................................ 29
FUTURE ENHANCEMENTS ......................................................................................................................... 30
UNACHIEVED PROJECT GOALS.................................................................................................................. 32
VULNERABILITY ANALYSIS OF PACKET FORGERY............................................................................... 33
TEST RESULT .................................................................................................................................................. 39
CONCLUSION.................................................................................................................................................. 43
REFERENCES .................................................................................................................................................. 44
APPENDICES.................................................................................................................................................... 45
3. 2
Executive Summary
The main objective of this project is to implement encrypted covert channels on mobile devices
using secrete data camouflage in a UDP packet. While the implementation of the software on
mobile devices and a server, the project compares the packet networking and cryptographic
software developing environment of each mobile platform and the development frameworks for
UDP packet communication. In addition, the mobile apps and the server programming
techniques are applied to each packet level mobile framework.
In the end, this project will apply packet level network programming skills which have been
taught through the CST BTech program at BCIT.
Functionalities implemented
In order to complete the objectives of this project, the following functionalities are to be
integrated into the client module and the server module.
Data encryption and decryption using cryptographic algorithms such as RSA (Rivest-
Shamir-Adleman cryptosystem) and AES (Advanced Encryption Standard).
Design and implement a covert channel using forged packets between client mobile
devices and a server host.
Splitting and hiding encrypted data bytes into a covert channel using forged DNS
packets.
Background worker process mechanism to send the encrypted bytes secretly on mobile
devices.
Acknowledgement mechanism of UDP packet transmission between client mobile
devices and a server module.
Reassembling on server the data being received in the form of numerous packets with
each packet containing very small piece of the data.
Real-time packet forgery and forwarding of the DNS query along with the DNS
response.
4. 3
Figure 1 Encrypted Covert Channel using Mobile Phone
Development Methodology
This project adopts a model-driven software development methodology for design and agile
software development methodology to implement the server application. The exploration of this
project has two paths of software development:
1) Client mobile apps for three different mobile platforms are developed from a PIM
(Platform Independent Model) to the implementation of multiple PSMs (Platform
Specific Model) based on the PIM. To design the models, this project adopts rapid agile
methodology with UML (Unified Modeling Language).
2) Server application based on Windows platform is also developed using agile
methodology.
5. 4
Project Background
As we know, mobile device technology varies across the mobile platforms. Each mobile
platform has different development environments that are updated on a regular basis. The
market share of the mobile device platforms is rapidly increasing. This project is primarily a
mobile covert channel using simple and fast packet encryption on various mobile platforms such
as Android, iOS, and Windows Phone. Packet encryption on laptops or desktops is very well
known with their cryptographic libraries; however, packet cryptography on mobile devices has
several limits to implement because mobile devices have limited resources such as CPU
performance, network speed, and memory. Nowadays, mobile communication using wireless
network is rapidly expanding. More and more apps on the mobile platforms require critical data
communication. Mobile banking and mobile financing markets are soaring, but mobile network
providers don’t guarantee network security. This project implements a customized Point-to-
Point Encryption (P2PE) to be used for the security purposes.
On the other hand, the customized Point-to-Point Encryption through a covert channel might
be needed for special purposes in specific fields. This project has implemented a covert channel
adopting this mobile packet cryptography.
Covert channel is a type of computer software attack that allows the communication of
information by secretly transferring data through existing information channels or networks. It
uses the structure of the existing medium to transmit the data in small parts. This technique
makes data transfer through a covert channel virtually undetectable by administrators or users.
Covert channels have been used to steal data from highly secure systems.
Covert channel can pass the undetected payload through most firewalls and IDS (Intrusion
Detection System) hiding its data in a packet header or payload. It camouflages its data as a part
of an ordinary packet header or a packet body so that packets pass most firewalls and IDSs.
However, it is possible for covert channels to be detected by an intelligent IDS or highly skilled
network administrators even though it can hide the data in Sequence number or ACK
(Acknowledge) of TCP/IP header reserved field or use a tool. The encrypted covert channel can
prevent extracting the encrypted payload in any case. This technique can be applied to both TCP
and UDP packets. This project implements a covert channel using the UDP protocol.
Covert channel is created by using some of the space available either within the padding or
within other parts of a network packet. Covert channels use any means where data can be added
to a data stream without affecting the main body of data being transmitted. This allows the
covert receiver to abstract data from a system without creating any type of data trail. A single
6. 5
packet might only contain one or two bytes of the covert data stream, making it difficult to
detect the unauthorized transmission.
Creating a covert channel takes some ingenious programming. Having access to the file system
at the source end of the communication is also essential. This means that a covert channel can
only be instigated by infecting system with a malicious program or through a programming
effort that has administrative or other authorized access to the system.
Covert channel analysis is one of the few ways to detect a covert channel. System performance
degradation can be used to show covert channel use, but as computers have advanced, the
degradation is insignificant compared to the amount of data processed. This makes detection
more difficult. The primary way of defending against covert channel attacks is to examine the
source code running on the source machine, as well as monitor resource use by the system in
question.
This data encryption is also useful to transmit packets through a covert channel on mobile
devices because the encrypted packets of the covert channel could not be suspicious even if the
forged packets were caught by IDS. This makes the covert channel detection be almost
impossible. Therefore, this project develops methods to detect the forged and encrypted covert
channel though studying the packet communication.
7. 6
Problem statement
Packet communication on computer network is easily detected by network experts or spoofed
by hackers using advanced tools. Even covert channel delivering secret data can be detected and
even stolen. To avoid a detection of IDS or network administrators, a more advanced solution is
needed to hide and deliver secret data so that even the forged packets are caught avoiding
suspicion by network administrators.
This solution will require techniques such as collecting and decrypting the encrypted data from
DNS question query packets and how to reassemble the original camouflaged data at the
receive-side server host. These skills are needed to hide secret data into regular DNS question
and response of UDP packets after the data is encrypted.
On the other hand, defenders do not have a method to detect the forged DNS packets on
encrypted covert channel. Especially, network administrators who will need an advanced method
to detect and to block suspicious and forged packet communication.
8. 7
Project Objective
The objective of this project is to deliver a running software using encrypted covert channel on
mobile devices and a server program including the achievements, lessons learned from failures,
and important findings during this project. In addition, the knowledge of CST BTech program
such as UML modeling, SDLC (Software Development Life Cycle), is applied to build the
software. The encrypted covert channel has three major functional requirements
The first functional requirement is that packets should be encrypted by RSA or AES
cryptography. This project focuses on RSA which uses two different keys at once - a
combination of a private key and a public key. The private key is known only to a device, while
the public key is given to any device or system that wants to communicate securely with it. To
decode an encrypted message, a device must use the public key, provided by the originating
device, and its own private key. Although a message sent from one device to another won't be
secure since the public key used for encryption is published and available to anyone, anyone who
picks it up can't read it without the private key. The key pair is based on prime numbers
(numbers that only have divisors of itself and one, such as 2, 3, 5, 7, 11 and so on) of long
length. This makes the system extremely secure, because there is essentially an infinite number of
prime numbers available, meaning there are nearly infinite possibilities for keys.
The second functional requirement is that the encrypted data should be hidden or camouflaged
in a part of the header or its payload which is designated by the covert channel server to avoid
any doubts when the packets are caught, the packet payloads are designed using very ordinary
DNS packets with a “standard domain name query” requesting IP addresses of well-known
websites. Thus, the covert channel server can extract the camouflaged and encrypted data from
the designated offset of the header or the payload.
The final functional requirement is that the client mobile device should control the transmission
interval to avoid suspicions of IDSs and network administrators. The packet transmission of
covert channel should be controlled with irregular or regular interval. The best method to avoid
a doubt from IDS or network administration is that the mobile device checks the packet traffic
in a Wi-Fi zone and sends its encrypted covert packets during peak time.
9. 8
Technical Details
As described earlier, covert channel is one of the effective methods to transmit secret data using
ordinary packets. Not only a network attacker but also a network security defender, covert
channel could be an option for secure packet transmission because the forged packets of covert
channel are hidden critical data into ordinary packet such as DNS (Domain Name System)
question or ICMP (Internet Control Message Protocol). However, the hidden secret data could
be collected if it is detected and found by IDS or network administrators.
Therefore, to cover the weakness of covert channel, to make it harder to see the data being
transmitted over covert channel. Consequently, the encrypted covert channel can hide critical
data using encryption algorithm and deliver using seemingly ordinary packet format without any
suspicions of IDS and network administrators.
However, for an attacker, UDP packet communication is a challenging programming because
DNS request and response packets of UDP are connectionless packet transmission which means
the socket does not guarantee the packets reach to a receive-side server host and there is no
acknowledge signal for a sending-side client host.
Therefore, this project has implemented the following two critical techniques:
Each encrypted covert packet should have an index number of the packet in its body
and the sequence number should have maximum 4 byte length. This 4 bytes can make
maximum 65535 index numbers which is enough to send large data.
The sending host should get back a DNS response packet with the acknowledge bytes of
a DNS response packet.
The server which is a receiver collecting forged DNS queries should return DNS response
packets to the sender, or should forward the DNS response packets in the middle of the two
hosts, the sender and a real DNS. This is similar to a delegation between low-level DNS and
high-level DNS server. When a DNS server doesn't have the contents of a zone, but knows how
to find the owner, it's said to delegate service of that zone to another DNS server. Informally,
it's a pass-the-buck mechanism. This project develops a forwarding module with a real-time
forging technique of the response packets returned from a well-known the Global Top Level
Domain (GTLD) such as Google DNS server.
It is a very well-known fact that DNS request and response UDP packets can easily pass through
IDS and firewalls in any case because the packets are used frequently and regularly to access
10. 9
websites. This is the reason why this project has chosen DNS request and response packets as
forged UDP packets to implement encrypted covert channel.
This project has used the following core technique to implement the client and server module.
Cryptography ( Encryption and Decryption using RSA or AES algorithm)
Real-time Packet Forgery ( UDP packet, DNS query and response )
Parity Check Byte ( similar to parity check bit, but it is for acknowledge packet from the
server)
DNS query forwarding and real-time camouflage the DNS response packet
Three ways for packet camouflage
The main technique to implement a covert channel is UDP packet camouflage. The following
are three methods to achieve this technique:
1. IP Header camouflage
a. There are two different versions of IP headers which have been defined, IPv4
and IPv6.
b. This project adopts only IPv4 because of a camouflage issue of IPv6.
c. IPv4 Header consists of 13 fields and the final field “Option” can be modified by
socket methods in a raw packet library of Windows Phone and iOS platform.
2. UDP Header camouflage
a. It consists of four fields, source port, destination port, length and checksum. The
four fields are 4 bytes each. Source and destination ports are predefined by their
UDP socket. Therefore, port camouflage is not possible. Most well-known UDP
server ports are located under 1023 port. Length field is the number of bytes in
entire datagram including header. The three fields are used for correct
transmissions between hosts. However, the Checksum field is used to check the
payload parity check bytes.
3. UDP payload camouflage
a. UDP payload varies by the application protocol such as DHCP, DNS, or RIP
(Routing Information Protocol).
b. This project chooses DNS request and response headers because they are often
used in any case of the Internet access, especially, web browsing.
Unfortunately, it is found the fact that Android an iPhone platform doesn’t allow a raw socket
transmission unlike Windows Phone platform. Therefore, this project adopts the UDP payload
camouflage to implement.
11. 10
Software modeling
This project adopts model-driven architecture approach for design and implement the
client modules.
Figure 2Model-driven approach - PIM and PSM
The model-driven architecture approach defines system functionality using a platform-
independent model using an appropriate domain-specific language (DSL). The PIM of this
project consists of six main UML diagrams such as Usecase, Sequence, Statechart, Activity,
Deployment, and Class diagram. The PIM is translated to the multiple platform-specific models
that mobile devices can be implemented. This requires mappings and transformations and
should be modeled too. The PSMs consist of Sequence, Deployment, and Class diagram for
each platform.
Through the PSMs, source codes are concretely designed for each mobile apps on each
platform. For instance, Java class diagram with specific methods are designed for Android
platform, Object-C class diagram with specific methods are designed for iOS 8, and C# class
diagram with specific methods are designed for Windows phone platform. The each source code
is implemented by the PSMs then.
12. 11
Project Process
This project has been conducted since January, 2015 and took 8 months to finish and submit
the report. During the duration, this project has faced a lot of barriers and failures such as
obtaining device, applying the network and cryptographic API libraries of the platforms, and
setting up the development environments. Especially, the network and cryptographic API
libraries are very different on each platform even though the cryptographic algorithms are
same. In addition, the Appstore of Apple company requires a developer license to connect
an iPhone with the development tool, X-Code. They also do not allow debugging of a
mobile app on the iPhone device without the provisioning.
The detail process and the Gantt chart are attached on the appendices.
1. Researching and studying the mobile platforms and their network APIs
2. Analysis of the prototype for Android
3. Designing Data structure
4. Designing PIM( Platform Independent Model) using UML
5. Designing PSM( Platform Specific Model) using UML
6. Designing User Interface of mobile devices and server
7. Setting up the developing environment
8. Prototyping
9. Designing and Programming
10. Testing and Debugging
11. Documentation and Final Report
13. 12
Data Structure Design
This project designs the data structure to be applied on the mobile apps.
Target File (Any file type)
o The target file to send through the encrypted covert channel.
Unencrypted Data (byte array)
o In-memory byte array data from the target file to be encrypted
Encrypted Data(byte array)
o In-memory byte array data from unencrypted data by any cipher algorithms
Decrypted Data(byte array)
o In-memory byte array data from encrypted data by any cipher algorithms
DNS question query list ( Hexadecimal )
o Packet payload of DNS request for query various websites
o To generate forged DNS request packet, mobile devices read the list file and
insert encrypted data and its index number into packet header or payload.
Figure 3 DNSRequestQueryList.txt
Forged DNS query (UDP packet)
o Made by mobile devices (clients) from the randomly selected forged DNS
request in the forged DNS request list.
Forged DNS response (UDP packet)
o Made in real-time by the target server using the real DNS response packet.
RSA key pair - private and public keys(Binary or XML)
e235010000010000000000000377777706676f6f676c650263610000010001
d3120100000100000000000003777777057961686f6f03636f6d0000010001
a4f701000001000000000000037777770766697265666f7803636f6d0000010001
992a010000010000000000000232370e636c69656e742d6368616e6e656c06676f6f676c6503636f6d0001
70d2010000010000000000000777696e646f777308706f6c6963696573046c697665036e657400001c0001
a66f01000001000000000000037777770362626302636f02756b0000010001
2532010000010000000000000773657276696365096d6178796d69736572036e65740000010001
7f3001000001000000000000056963686566046262636902636f02756b0000010001
ff9601000001000000000000037777770362626303636f6d0000010001
4a3f01000001000000000000056e6f64653106626263696d6702636f02756b0000010001
6bb7010000010000000000000473686f700362626303636f6d0000010001
b7e7010000010000000000000273610362626302636f02756b0000010001
9452010000010000000000000470696e6709636861727462656174036e65740000010001
d0ab0100000100000000000002676f096d6963726f736f667403636f6d0000010001
2100010000010000000000000377777703636e6e03636f6d0000010001
14. 13
o Pre-generated and encoded binary byte data file or XML file to be used for RSA
algorithm by the server and installed into mobile device module (public key) and
the server module (private key).
Figure 4 public.key.xml
Figure 5private.key.xml
AES(Advanced Encryption Standard) key (string)
o Pre-generated a simple string data to be used for AES algorithm and installed
into mobile device module and the server module.
o The same strings are used to encrypt by the sender and to decrypt by the receiver
both.
o The length of the string does not matter because it is pointless if the string is
more than 100 bytes.
<RSAKeyValue>
<Modulus>gPWPquMFSu7XcBBZC9ulml3ifNpPe3RB4gcnH5ZBdNKxlm+Bza96ZsIWoQIcjdSl3mxDyqz
xxKFLSHPKuHZOzckhRuqOv+A6bvgS5KPXlFlwtQ491H7qhutMVMEsIBzXlecMK2b7beVirPRcuiNFkPQm+iDTOL
FrKd3TivcxHec= </Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
<RSAKeyValue>
<Modulus>gPWPquMFSu7XcBBZC9ulml3ifNpPe3RB4gcnH5ZBdNKxlm+Bza96ZsIWoQIcjdSl3mxDyq
zxxKFLSHPKuHZOzckhRuqOv+A6bvgS5KPXlFlwtQ491H7qhutMVMEsIBzXlecMK2b7beVirPRcuiNFkPQm+iDT
OLFrKd3TivcxHec=</Modulus>
<Exponent>AQAB</Exponent>
<P>ucjt4wW1baoPE5XVx6iMr0XonIXL4oedQL4/zl5yZVd8GGCQ+DzwUZnQeqo66lvtHIrBE9kmGYkd
tx34zgyP0w==</P>
<Q>sbKh4jCLwUGqxqmooHmFsH3jFuuCCWYQb0YMrg2hnWiU7Srzq/gSVZDOj6COFXPqX5riT6bXfkwD
++/nc9cBHQ==</Q>
<DP>k7gUlfb7C+g0tqDjay40NkTCsHmd5E9qFIlw2Fi2YqfN7uARRJ/HgUpovq/NynwvKwuUe4CkT5d
7fhchtku8qw==</DP>
<DQ>G77xqfi8iaNwP+7TxqLS7hjp8XU6a69FF6rPZgn41zQyNMoFHC/y5OtkZWbDaLQdv2nWtmstsKm
74YW3FQ5YPQ==</DQ>
<InverseQ>XQjfWmxsuGU8UbhX6cIITZBoHnoRtjMWlI48ZcyPh9nZo9k+wPfPL12BYA05EjQ7Yg4e5
wRtjF3KtmjiBnB+hQ==</InverseQ>
<D>VPNupL/QKMCVovjh7/HNcZcPL/gQC99V1zOnDiPJEtAItHTYKUrDcxXAGmhtrvC6I39mWQj8au9l
zGCa1lD5L58xHyi21x6uHpl7PQlwVCLJSR/LQ4tojSGEHg5MBKzbeWmjejcsxlDCVEgxcYxObNMk7qLhRTlhoB
etBvtQDuE=</D>
</RSAKeyValue>
15. 14
System Analysis and Design – UML Diagrams
Through the analysis of encrypted covert channel usage, there are two types of users are defined
– sender and receiver. The followings are analysis and design diagrams using UML.
Analysis – Use case Diagram
A mobile device as a sender module consists of four use cases and target server consists of five
use cases based on the above scenario.
Figure 6Analysis – Use case Diagram
Basic scenario
If a sender chooses a file to send, then main Usecase includes a file reader module and an
encryption module.
Receiver side host waits the transmissions from a sender side host then receives the encrypted
packets. After receiving, the server extracts and collects the encrypted data, then decrypts the
data. Finally, the data is saved to a file.
16. 15
Analysis – Activity Diagram
Activity Diagram shows the detail process of the mobile device and the target server.
Figure 7Analysis – Activity Diagram
17. 16
Analysis – Sequence Diagram for Mobile Device (Platform Independent Model)
Mobile device module consists of three major modules:
Encrypted Covert Channel Client: the main module to combine other module and to
make a forged DNS packets.
Cipher module: includes encryption and decryption methods
Socket UDP Packet Library: packet transmission API of a platform library
Figure 8Analysis – Sequence Diagram for Mobile Device (Platform Independent Model)
18. 17
Analysis - Sequence Diagram for Android (Platform Specific Model)
Android platform specific model is designed based on the Platform Independent Model of
mobile device module.
Encrypted Covert Channel Client: MainAcitivity contains the most of all the functions of
the PIM.
Cipher module: includes encryption and decryption methods using Android API.
Socket UDP Packet Library: packet transmission API of a platform library
Figure 9Analysis - Sequence Diagram for Android (Platform Specific Model)
19. 18
Analysis - Sequence Diagram for Windows Phone (Platform Specific Model)
Figure 10Analysis - Sequence Diagram for Windows Phone (Platform Specific Model)
Analysis - Sequence Diagram for the Server (Platform Independent Model)
Figure 11Analysis - Sequence Diagram for the Server (Platform Independent Model)
20. 19
Analysis - Sequence Diagram for Server (Platform Specific Model)
Figure 12Analysis - Sequence Diagram for Server (Platform Specific Model)
Analysis – State Chart Diagram
State Chart Diagram shows asynchronous communication between the mobile device and the
target server. When the mobile device is ready to send, the target server is waiting for the first
initial packet from the mobile device.
When the mobile device starts sending forged DNS question query packets to the target server,
the target server receives the packets then it sends response packets to the mobile devices. This
circular state continues until there is no more packets to send from the mobile device.
21. 20
Design – Deployment Diagram
Deployment Diagram shows four nodes which are consisted of the system. Internal firewall is
between the mobile device and the target server opening DNS port 53. The internal firewall
could be a mobile firewall of each platform or an intranet firewall. Top-level DNS server is for
responding real DNS response packets.
Figure 13Design – Deployment Diagram
22. 21
Design – Class Diagram for Android
During the design process, Exception Handler class is added to handle the exceptions and error
of classes. Most of the functions are located in the MainActivity1 class and only Crypto1 class
includes the encryption and decryption methods.
Figure 14Design – Class Diagram for Android
23. 22
Design – Class Diagram for Windows Phone
Encrypted Covert Channel on Windows Phone platform consists of five classes. MainPage and
Crypto Classes are same as Android version; however, Protocol Class contains the all raw IPv4
and IPv6 Protocol Header format. In addition, FileReader Class reads the data files. Creating a
socket client and sending and receiving packet classes is separated from the MainPage Class
unlike Android version.
Figure 15Design – Class Diagram for Windows Phone
24. 23
Design – Class Diagram for iPhone
Figure 16 Class Diagram for iPhone
25. 24
Design – Class Diagram for the Server on Windows
The server module is designed for Windows Platform to be implemented. It consists of six
classes.
Figure 17 Design – Class Diagram for the Server on Windows
26. 25
Project Achievement
Micro-Byte level packet manipulation
o This project has brought very useful experiences of micro level packet handling.
Especially, inserting encrypted data into ordinary IP header, UDP header and
UDP payload is the most critical programming because each mobile platform
and its library is very sensitive validation of the packets which pass through the
mobile networking modules.
o Unfortunately, there are not many explanations on the mobile platform APIs and
books about the packet validation.
o Therefore, the failures in this project have formed the lessons learned by
experience.
Forging DNS query and response packets
o Making DNS query on mobile devices is one of critical problems because it
should be randomized and automatically generated by the module.
o This project makes a DNS query list file which contains DNS request query and
randomly fetches for each hexadecimal data of them.
o After fetching a hexadecimal data, forging logic inserts two following important
byte data: the first data is one byte size of encrypted data to be transmitted to the
server module, and the second one is 4 byte size of index number of the
encrypted data byte in the encrypted data array.
Encryption and Decryption on mobile platforms
o RSA (Rivest-Shamir-Adleman cryptosystem) and AES (Advanced Encryption
Standard) algorithms are very well-known cryptographic algorithms; however,
each mobile platform adopts different implementations and APIs.
o For instance, Android platform using Java programming language adopts and
supports binary and XML key pair (pubic key and private key) both, while
Windows Phone only supports string based XML key pair.
o This project applies both, but AES algorithm with string based XML key pair has
given “invalid padding property value exception” on Windows platform when
Android client module sends encrypted bytes.
o The cause was the encrypted bytes are different between Java API and Windows
API.
o Therefore, this project applies RSA algorithms to implement both sides of the
client and server module cryptography.
27. 26
Real-time UDP packet forgery
o As it is mentioned, an important factor of UDP packet communication is a
connectionless transmission model with a minimum of protocol mechanism
unlike TCP. It doesn’t have a handshaking dialogues, and no guarantee of
delivery, ordering, or duplicate protection. It has checksums for data integrity.
o Because DNS packet communication is the most believable and unsuspicious
method to pass through firewall systems and IDS, this project chooses DNS
query and response packets which are UDP application protocol.
o However, the DNS packets should be transmitted asynchronously.
o This project uses a forged DNS server to fabricate the DNS response packet in
real-time.
o Following simple process describes the real-time UDP packet fabrication on the
target server.
Acknowledge technique using connectionless packet transmissions.
o There is an IP identification field and DNS Query ID field to check the packet
delivery without loss; however, encrypted covert channel requires another
acknowledge methods to confirm safe delivery. Using the DNS request and
response packets does not guarantee it. Therefore, this project covers the issues
of no guarantee of delivery.
1. Receive a forged DNS query packet from a client module of a test
mobile device.
2. Fetch the specific camouflage bytes of the packets to reassemble an
encrypted data.
3. Keep the socket with the source port number of the sender client
module.
4. Forward the camouflage DNS packet to a well-known the Global
Top Level Domain (GTLD) DNS server such as Google DNS
server. ( IP address : 8.8.8.8 or 8.8.4.4 )
5. Wait and receive the DNS response packet from the top-level DNS
server.
6. Insert an index byte and parity check bytes to be used as a guarantee
of delivery and ordering of the whole encrypted packets in real-time.
7. Forward the camouflage packet to the client module of test mobile
device using the socket and the source port number which are kept at
step 3.
28. 27
o Each DNS query packet delivers a specific value using reserved bytes such as
encrypted packet index number, and expects the value in the DNS response
packet from the forged DNS server module.
o A function in the client module of mobile device compares the two values and
decides to resend or decides to send next packet.
o However, to avoid a suspicion of IDS, the two values of DNS request and
response can be different during the acknowledge process. To implement the
acknowledge technique, it requires a simple f(x) = y formula to compare the two
acknowledge values. For instance, if the client sends x value, then the server
returns y value using the simple f(x) = y formula.
Background worker process technique on mobile devices.
o During the forged DNS packet transmission process technique of the client apps
on mobile devices, the program allows that users can send the process to the
back of a touch screen.
o This background worker process technique supports the secret transmissions on
the mobile devices without intervention of a user.
o However, it also allows a user to stop the background process by touching the
“Cancel” button whenever the user wants.
o This background worker process technique can be applied for many purpose of
mobile applications such as machine-to-machine communication or data
buffering.
29. 28
Important Findings
In the beginning of this project, the deep knowledge of each mobile platform and cryptography
API were required in advance. Especially, the low-level packet networking environment of each
mobile platform was analyzed very carefully. After the research, some important facts were
found.
Android, Windows Phone and iPhone platform don’t allow the source IP address
forgery: IP packets are not sent if the source IP address of the packet is different from a
given host IP address by DHCP (Dynamic Host Configuration Protocol) server.
Encryption and decryption APIs of each platform are not compatible: Windows Phone
doesn’t have any API to read encoded binary RSA key pairs (public and private keys);
however, Android doesn’t support XML based RSA key pairs. Therefore, this project
generated two different types of RSA key pairs for Windows Phone and Android
Platform.
AES Encryption and decryption API using password are similar and easily compatible.
Android and iPhone doesn’t allow mobile app developers to forge IP packet header, but
Windows Phone OS allows it. However, native code which is a binary module of mobile
OS can make it possible, if the native code can be installed into the mobile OS. Mobile
device producers modify and customize the mobile OS installing their own module into
the native code.
30. 29
Innovations
During this project, three innovative skills have been developed and adopted.
Byte-level packet fabrication
o This project implements packet camouflage replacing the ordinary bytes of the
typical DNS request and response to encrypted secret bytes.
Real-time DNS packet fabrication
o DNS response packets from a real DNS server are forged by an encrypted covert
channel server and forwarded to a client mobile device in real-time.
o Of course, there is a slight time gap between request and response transmission
comparing to a normal transmission; however, the time gap can be overcome if
the server and network environment support higher speed to minimize the time
gap.
Methodology of forged packet detection
o Through the research of the potential vulnerabilities of DNS packets and the
forging techniques, this project develops the methods to detect forged packets.
o This may be useful to develop and to improve an advanced IDS or a firewall.
31. 30
Future Enhancements
IPv6 packet fabrication and camouflage
o More and more devices and hosts has already adopted IPv6. This project
implements the client and server program using IPv4 only because there was a
camouflage issue and there was not much time to adopt IPv6. However, it is
easily implemented if the PIM (Platform Independent Model) of this project is
used for extending to IPv6.
Multi-to-multi encrypted covert channel
o This project implements only one-to-one encrypted covert channel at one time.
The server and clients could create one channel at a time. However, if multi-
thread technique is adopted, the server and clients could create multiple
encrypted covert channels.
Byte-level packet camouflage with the packet header and payload forging can be
extended to create the securest covert channel to transmit maximum secret data. It is
suitable for small and critical packet transmission between devices and a host, or
between devices such as IoT (Internet of Things) technology.
Figure 18 Multi-to-multi encrypted covert channel
32. 31
On the other hand, the detection technique of encrypted covert channel is useful to
improve IDS functionalities using detection algorithms which is implemented based on
the technique of byte-level camouflage and detection.
In addition, mobile devices upgrading their network modules can be extended to validate
and block the packets which are forged by hackers.
33. 32
Unachieved Project Goals
A forged DNS server on Linux platform
o To implement the server module, this project chose Linux platform at the
beginning. However, this project changes to Windows platform after comparing
the development environment between Linux and Windows.
o Server programming on Windows using Visual Studio and C# is more effective
and productive than a server programming on Linux.
o However, the program can be easily converted to other platforms because this
project designs the PIM (Platform Independent Model) to transfer the
implementation.
Two mobile client version on Tizen and FireOS platform
o This project had a plan to implement client modules on Tizen and FireOS
platforms; however, obtaining the devices was not easy, and the development
environment of socket communication are not stable yet because the platforms
are relatively new.
34. 33
Vulnerability analysis of packet forgery
The other goal of this project is how to detect the forged and encrypted packets using covert
channel and prove that the covert channel packets contain critical data. As a network security
defender or a hacker, this goal is more difficult than the first goal because the attacker’s spear is
too strong and the defender’s shield cannot conduct its duty. On the other hand the spear, the
encrypted covert channel does perfectly conduct its duty; therefore, the shield, IDS might not
easily conduct its duty. The only way to detect the encrypted covert channel is by analyzing each
of the packets and finding the suspicious patterns of the forged packets.
Network administrators are concerned as a defender, worry about system security such as
potential data leaking or heart bleeding through the Internet. Advanced detection techniques or
solutions are required. Encrypted covert channel is an attack that is difficult to detect because
the packet is forged to look a typical DNS request query and response. However, there is are
some ways to detect the encrypted covert channel.
During the course of this project, it is found that there are many potential vulnerabilities through
packet forgery. This chapter explains the each forgery and camouflage detection method.
IP Header forgery and camouflage detection
Figure 19 IPv4 Header Structure
o IP header contains important information of IP version, source IP, destination IP, time-to-
live, etc.
o In the structure, The Internet Header Length (IHL) (4bits), Total Length (16 bits),
Identification (16 bits), Fragment Offset (13 bits) and Header Checksum (16 bits) have
possibilities of forgery to hide and to deliver secrete data passing an IDS and a firewall.
35. 34
Internet Header Length (IHL) – 4 bits
o Internet Header Length of IPv4 header may contain a variable number of options, this
field specifies the size of the header. It can defines a minimum of 20byte size using 5
bits (5 bit×32bits = 160 bits = 20 bytes) to a maximum of 60 byte length of 15 words
(15×32 bits) or 480 bits. All mobile platforms already have the validation mechanism for
IHL field. Socket libraries of each platform assign the IHL value when the packet is
generated automatically. However, there is a small window to forge the IHL field using
native code for each platform.
o To detect the forgery of the field, IHL should be compared to the real length of a
header.
Total Length – 16 bits
o Total Length defines the total IP datagram length in bytes. Since the header length gives
the length of header and this field gives the total length, so the length of data and its
starting point can easily be calculated using these two fields. In addition, this is a 16 bit
field and it represents length of IP datagram; therefore, the maximum size of IP
datagram is 65535 bytes. When IP fragmentation takes place over the network then
value of this field also changes. There are cases when IP datagrams are very small in
length but some data links like Ethernet pad these small frames to be of a minimum
length, 46 bytes. To know the exact length of IP header in case of Ethernet padding, this
field is very useful.
o However, total length field also has a possibility of being forged into the same as IHL.
o To detect the forgery of Total Length, it should be compared to the total length of the
IP datagram.
Identification field – 16 bits
o Identification field is used for uniquely identifying the IP datagrams. This value is
incremented every-time an IP datagram is sent from source to the destination host. This
field is used while reassembling the fragmented IP data grams. However, this field is
easily forged to hide secret data bytes because it is hard to detect if the field contains a
fake fragmented IP data gram ID to reassemble them. Therefore, the field can easily be
used to deliver a secrete data.
o In order to detect the forgery of Identification field, it is needed that the value should be
traced while the packet has the same source IP address and destination IP address;
however, it is technically impossible because IDS should keep the source IP address and
destination IP address of each packet and check the Identification field value comparing
to the previous Identification field value while the packet is passing through the IDS.
Therefore, the Identification field forgery is the hardest one to detect.
36. 35
Fragment Offset – 12 bits
o Fragment Offset field, measured in units of eight-byte blocks (64 bits), is 13 bits long
and specifies the offset of a particular fragment relative to the beginning of the original
none-fragmented IP datagram. The first fragment has an offset of zero. This allows a
maximum offset of (213 – 1) × 8 = 65,528 bytes, which would exceed the maximum IP
packet length of 65,535 bytes with the header length included (65,528 + 20 = 65,548
bytes).
o This field has a possibility to be forged delivering secrete bytes instead of Fragment
Offset of datagram because it is hard to detect the field calculating the offset of each
packet datagram.
o To detect the field forged, IDS should trace the offsets of the each datagram for the
same source IP address and same destination IP address of each packet.
Header Checksum – 16 bits
o Header Checksum (16bits) represents a value that is calculated using an algorithm
covering all the fields in header (assuming this very field to be zero). This value is
calculated and stored in the header when IP data gram is sent from source to destination
and at the destination side this checksum is again calculated and verified against the
checksum present in the header. If the value is same then the datagram was not
corrupted else it’s assumed that datagram was received corrupted. So this field is used to
check the integrity of an IP datagram.
o However, the Header Checksum can be forged to deliver a secrete data if the source and
destination host determine the field as a covert channel field.
o To detect the Header Checksum forgery, IDS should calculate and verify against the
checksum present in the header. It is easy to calculate, but it might occur packet
transmission delay.
Options field – variable
o Options has a variable length and represents a list of options that are active for a
particular IP datagram. This is an optional field that may or may not be used. If any
option is present in the header then the first byte is represented as follows :
class number length description
0 0 – end of option list
0 1 – no operation
0 2 11 security
0 3 var. loose source routing
0 9 var. strict source routing
0 7 var. record route
0 8 4 stream id
2 4 var. INTERNET time stamp
Figure 20Options Table
37. 36
o Options field is easily forged if the field is not used for the original purpose, and it is
hard to detect the field is forged because there are a lot of possibilities to be used.
o Only way to detect the forgery is the option number and its length should be compared
and matched.
UDP Header forgery and camouflage detection
Figure 21 UDP Header Structure
o UDP Header represents 4 default fields: Source Port (2bytes), Destination Port (16bits),
Length (16bits), and UDP Checksum (16bits); however, Java and iPhone platform do not
allow UDP packet header forgery.
o Among the fields, UDP Length (16bits) and UDP Checksum (16bits) have possibilities to be
forged and to deliver secure data bytes.
UDP Length – 16 bits
o UDP Length represents the length of UDP Header and payload data in bytes. This
means the minimum value of the length is the UDP Header size, 8 bytes and maximum
value is 65,535 bytes.
o To detect UDP Length forgery, the real length of the UDP should be compared to
UDP Length value.
UDP Checksum – 16 bits
o UDP Checksum is computed as the 16-bit one's complement of the one's complement
sum of a pseudo header of information from the IP header, the UDP header, and the
data, padded as needed with zero bytes at the end to make a multiple of two bytes. If the
checksum is cleared to zero, then it is disabled.
o UDP Checksum forgery is similar to UDP Length forgery. It is easily forged but should
be checked to see if the validation is detected.
38. 37
UDP Payload forgery and camouflage detection
o Numerous key Internet applications use UDP, including: the Domain Name System (DNS),
where queries must be fast and only consist of a single request followed by a single reply
packet, the Simple Network Management Protocol (SNMP), the Routing Information
Protocol (RIP) and the Dynamic Host Configuration Protocol (DHCP).
o This project deals with DNS payload which consists of 14 fields.
DNS Query ID – 16 bits
o DNS Query ID is a 16bits and unique identifier created in the query packet and left
intact by the server sending the reply; it allows the server making the request to associate
the answer with the question. A DNS server might have many queries outstanding at
one time. Even multiple queries to the same server; therefore, this Query ID helps
match the answers with the awaiting questions. This is also sometimes called the
Transaction ID (TXID). This project forges the field to deliver an encrypted byte
because it is easily forged using ordinary socket API on mobile platforms and almost
impossible to detect the forgery.
o Query ID is only related a client host and a DNS server; therefore, an IDS doesn’t have
any method to detect if it is forged or not.
Figure 22 DNS query packet and Payload Structure
39. 38
Question Record Count – 16 bits
o Question Record Count is filled by the client host in the next section with a single
"question" record that specifies what it's looking for: it includes the name (www.bcit.ca),
the type (A, NS, MX, etc.), and the class (virtually always IN=Internet). The server
repeats the question in the response packet, so the question count is almost always 1. It
is a major barrier to forge the field.
o Question Record Count forgery is easily detected by checking the value. It should be 1.
DNS Question/Answer – variable
o DNS Question/Answer data is the field that holds the question/answer data referenced
by the count fields above. This field is the most vulnerable to be forged by the client and
the DNS server host because the payloads are varied by the DNS query and the
response answer.
o There is no way to detect if the field is forged or not because there is no fixed pattern to
detect the forgery.
40. 39
Test result
In order to test the mobile apps and the server, testing is conducted in two phases:
1. Module test is conducted in data encryption module, covert channel module and server
module.
1) Encryption module is tested on each platform
a. Encryption module on Android
b. Encryption module on Windows phone
c. Encryption module on iOS
2) The covert channel module is tested on each platform
3) Decryption server module is tested on Windows 8.
2. Integration test is conducted the developed apps with the server.
1) Integration test in Wi-Fi zone by the developer, myself, and a third party tester
2) Integration test in 3G/4G cellphone zone by the developer, myself, and a third party
tester
During the integration test, the testers conduct following steps:
1) Tester installs the developed encrypted covert channel app on each mobile device in
advance.
2) Tester works in a Wi-Fi-zone, 3G/4G and LTE zone that are distant from the
designated covert channel server.
3) Tester chooses the data file that is a normal plain text or binary/media contents (image,
sound, video) in the mobile device.
4) Tester touches the “send” button of the covert channel app.
5) The app irregularly or regularly sends the generated packets using the encryption module
to the designated covert channel server.
6) During the data transmission, an IDS and a packet capture application which is installed
in advance for the test, capture and analyze the packets.
7) The covert channel server receives the encrypted packets from the mobile devices and
extracts the encrypted data from the packets.
8) The server decrypts the extracted data and writes it to a local file.
9) The receiver opens the saved file.
41. 40
Module Test
Encrypted Covert Channel – Android Client
Functions Tested Comments
Installing successful Download from Playstore
Encrypting successful
File selecting successful
Packet sending on Covert Channel successful
Job canceling successful Response time 2.5 seconds
Encrypted Covert Channel – Windows Phone Client
Functions Tested Comments
Installing successful Download from Windows
store
Encrypting successful
File selecting successful
Packet sending on Covert Channel successful
Job canceling successful Response time1.5 seconds
Encrypted Covert Channel – Target Server on Windows Platform
Functions Tested Comments
Installing successful
Decrypting successful
File saving successful
Server Starting successful
Server Stopping successful
Integration Test
WiFi – Zone Test
Functions Tested Comments
Encryption successful
File selecting successful
Packet sending on Covert Channel successful
Job canceling successful Response time 2.5 seconds
Decryption successful
File saving successful
Server Starting successful
Server Stopping successful
42. 41
3G, 4G and LTE Zone Test
Functions Tested Comments
Encryption successful
File selecting successful
Packet sending on Covert Channel successful
Job canceling successful Response time 2.5 seconds
Decryption successful
File saving successful
Server Starting successful
Server Stopping successful
Packets captured
Figure 23 Captured DNS packets
The above picture shows the DNS packet transmission between the target server (IP address:
142.232.129.48) and the mobile device (IP address: 142.232.129.137). The target server forwards
the DNS queries from the mobile device to the top-level DNS server of Google (IP Address:
8.8.4.4).
43. 42
Figure 24 Encrypted covert Channel Packet Transmission
Each set of the transmission consists of four packets:
①. Sending a DNS question query from the mobile device to the target server
②. Forwarding a DNS question query from the target server to the Google DNS server
③. Responding a DNS answer for the query from Google DNS server to the target server
④. Forwarding a DNS answer from the target server to the mobile device
In any case, the packets look ordinary DNS question query and answer packets; therefore, the
internal firewall between the mobile device and the target server lets the packets pass through.
44. 43
Conclusion
As described earlier, Encrypted Covert Channel is the most secure method to transmit critical
data using ordinary packets. This project has implemented encrypted covert channels on mobile
devices using secrete data camouflage in UDP packets. Through the implementation of the
software on mobile devices and the server, this project conducted a comparative study of the
packet networking and cryptographic software developing environment of each mobile platform
and the development frameworks for UDP packet communication. Furthermore, the mobile
apps and the server programming techniques have been applied to each packet level mobile
framework. Consequently, this project adopts packet level software development skills which
have been taught through the CST BTech program.
Last but not least, this project recommends further actions or skills with the encrypted covert
channel attack and countermeasures against it.
For Ethical attacker or Network security software developer
To make a perfect encrypted covert channel, ethical attackers or network security software
developers can transmit the packets during the peak time of an intranet or LAN adding a
module which checks packet I/O amount. Hiding the covert packets among ordinary packets is
a good strategy that make the suspicious packets harder to detect.
Sniffing and sending a password after installing the module into a target device is another useful
way to use encrypted covert channel because a firewall would not block port 53 being used for
DNS. It could be a perfect crime.
For Defender or Network security administrator
To prevent an attack using an encrypted covert channel and to prevent critical data leaks,
network security administrators as defenders should operate a local delegation DNS server
between intranet clients and higher-level DNS server in the LAN, which means only a local
delegation DNS server could go through port 53(DNS request port). Eventually, all other client
hosts in an Intranet should query the local delegation DNS server to obtain IP addresses of
domain names. However, if attacker’s mobile devices connect to a 3G or 4G wireless
connection, the local delegation DNS server may be useless because the local delegation DNS
server influences the hosts which are accessing the DNS server in the LAN.
45. 44
References
Sean Petterson (2013) “Mobile Encryption Market to Hit $230 Million This Year”,
WebProNews. Retrieved from
http://www.webpronews.com/mobile-encryption-market-to-hit-230-million-this-year-
2013-10
Vanessa Pegueros (2011) “Security of Mobile Banking and Payments,” SANS Institute.
Jim Tanous (2012) “iSuppli Predicts Windows Phone’s Edge Over iOS by 2015”, the
MacObserver.com