- The document discusses a performance analysis of a transport layer based hybrid covert channel detection engine. A hybrid covert channel combines two or more types of covert channels, such as a simple network covert channel in TCP and a subliminal channel in SSL.
- The authors designed a hybrid covert channel involving a subliminal channel in the Digital Signature Algorithm of SSL and a simple network covert channel manipulating TCP sequence numbers. They also designed a detection engine to analyze TCP packet headers and SSL signature components.
- The detection engine was tested on an experimental test bed with 5 nodes. Testing showed the detection rate varied between 70-97% while detection content was between 15-30%, depending on the number of covert channel invocations.
Design of Transport Layer Based Hybrid Covert Channel Detection Engineijasuc
Computer network is unpredictable due to information warfare and is prone to various
attacks. Such attacks on network compromise the most important attribute, the privacy. Most of such
attacks are devised using special communication channel called ``Covert Channel''. The word ``Covert''
stands for hidden or non-transparent. Network Covert Channel is a concealed communication path within
legitimate network communication that clearly violates security policies laid down. The non-transparency
in covert channel is also referred to as trapdoor. A trapdoor is unintended design within legitimate
communication whose motto is to leak information. Subliminal channel, a variant of covert channel works
similarly except that the trapdoor is set in a cryptographic algorithm. A composition of covert channel with
subliminal channel is the ``Hybrid Covert Channel''. Hybrid covert channel is homogenous or
heterogeneous mixture of two or more variants of covert channels either active at same instance or at
different instances of time. Detecting such malicious channel activity plays a vital role in removing threat
to the legitimate network. In this paper, we present a study of multi-trapdoor covert channels and
introduce design of a new detection engine for hybrid covert channel in transport layer visualized in TCP
and SSL.
Covert channels is a vital setup in the analysing the strength of security in a network. Covert Channel is
illegitimate channelling over the secured channel and establishes a malicious conversation. The trap-door
set in such channels proliferates making covert channel sophisticated to detect their presence in network
firewall. This is due to the intricate covert scheme that enables to build robust covert channel over the
network. From an attacker's perspective this will ameliorate by placing multiple such trapdoors in
different protocols in the rudimentary protocol stack. This leads to a unique scenario of “Hybrid Covert
Channel", where different covert channel trapdoors exist at the same instance of time in same layer of
protocol stack. For detection agents to detect such event is complicated due to lack of knowledge over the
different covert schemes. To improve the knowledge of the detection engine to detect the hybrid covert
channel scenario it is required to explore all possible clandestine mediums used in the formation of such
channels. This can be explored by different schemes available and their entropy impact on hybrid covert
channel. The environment can be composed of resources and subject under at-tack and subject which
have initiated the attack (attacker). The paper sets itself an objective to understand the different covert
schemes and the attack scenario (modelling) and possibilities of covert mediums along with metric for
detection.
Modified AODV Algorithm using Data Mining Process: Classification and Clusteringidescitation
Security of Wireless Ad hoc network has a primary
concern to provide protected communication between mobile
nodes. When we routing some packet it can use both malicious
node or authenticate node for forwarding and receiving data.
Malicious node can attack like black hole, misuse of data or
hacked information. Our aim is to discuss the feasibility of
monitoring the node of different networks, to analyze it for
providing better security in AODV routing protocol. We
implement data mining techniques for search large amount
of data according characteristic rules and patterns to detect
malicious node. We have used growing neural gas (GNS)
clustering algorithm to make clusters and analysis data. Using
soft computing technique we find patterns, analysis node and
take decision based on decision tree.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Consensus Routing And Environmental Discrete Trust Based Secure AODV in MANETsIJCNCJournal
The Mobile Adhoc Network (MANET) is a wireless network model for infrastructure-less communication, and it provides numerous applications in different areas. The MANET is vulnerable to a Black-hole attack, and it affects routing functionality by dropping all the incoming packets purposefully. The Black-hole attackers pretend that it always has the best path to the destination node to mislead the source nodes. Trust is the critical factor for detecting and isolating the Black-hole attackers from the network. However, the harsh channel conditions make it difficult to differentiate the Black-hole routing activities and accurate trust measurement. Hence, incorporating the consensus-based trust evidence collection from the neighbouring nodes improves the accuracy of trust. For improving the accuracy of trust, this work suggests Consensus Routing and Environmental DIscrete Trust (CREDIT) Based Secure AODV. The CREDIT incorporates Discrete and Consensus trust information. The Discrete parameters represent the specific characteristics of the Black-hole attacks, such as routing behaviour, hop count deviation, and sequence number deviation. The direct trust accurately differentiates the Black-hole attackers using Discrete parameters, only when the nodes perform sufficient communication between the nodes. To solve such issues, the CREDIT includes the Consensus-based trust information. However, secure routing against the Black-hole attack is challenging due to incomplete preferences. The in-degree centrality and Importance degree measurement on the collected consensus-based trust from decisionmakers solve the incomplete preference issue as well as improves the accuracy of trust. The performance of the proposed scheme is evaluated using Network Simulator-2 (NS2). From the simulation results, it is proved that the detection accuracy and throughput of the proposed CREDIT are substantially high and the proposed CREDIT scheme outperforms the existing work.
Design of Transport Layer Based Hybrid Covert Channel Detection Engineijasuc
Computer network is unpredictable due to information warfare and is prone to various
attacks. Such attacks on network compromise the most important attribute, the privacy. Most of such
attacks are devised using special communication channel called ``Covert Channel''. The word ``Covert''
stands for hidden or non-transparent. Network Covert Channel is a concealed communication path within
legitimate network communication that clearly violates security policies laid down. The non-transparency
in covert channel is also referred to as trapdoor. A trapdoor is unintended design within legitimate
communication whose motto is to leak information. Subliminal channel, a variant of covert channel works
similarly except that the trapdoor is set in a cryptographic algorithm. A composition of covert channel with
subliminal channel is the ``Hybrid Covert Channel''. Hybrid covert channel is homogenous or
heterogeneous mixture of two or more variants of covert channels either active at same instance or at
different instances of time. Detecting such malicious channel activity plays a vital role in removing threat
to the legitimate network. In this paper, we present a study of multi-trapdoor covert channels and
introduce design of a new detection engine for hybrid covert channel in transport layer visualized in TCP
and SSL.
Covert channels is a vital setup in the analysing the strength of security in a network. Covert Channel is
illegitimate channelling over the secured channel and establishes a malicious conversation. The trap-door
set in such channels proliferates making covert channel sophisticated to detect their presence in network
firewall. This is due to the intricate covert scheme that enables to build robust covert channel over the
network. From an attacker's perspective this will ameliorate by placing multiple such trapdoors in
different protocols in the rudimentary protocol stack. This leads to a unique scenario of “Hybrid Covert
Channel", where different covert channel trapdoors exist at the same instance of time in same layer of
protocol stack. For detection agents to detect such event is complicated due to lack of knowledge over the
different covert schemes. To improve the knowledge of the detection engine to detect the hybrid covert
channel scenario it is required to explore all possible clandestine mediums used in the formation of such
channels. This can be explored by different schemes available and their entropy impact on hybrid covert
channel. The environment can be composed of resources and subject under at-tack and subject which
have initiated the attack (attacker). The paper sets itself an objective to understand the different covert
schemes and the attack scenario (modelling) and possibilities of covert mediums along with metric for
detection.
Modified AODV Algorithm using Data Mining Process: Classification and Clusteringidescitation
Security of Wireless Ad hoc network has a primary
concern to provide protected communication between mobile
nodes. When we routing some packet it can use both malicious
node or authenticate node for forwarding and receiving data.
Malicious node can attack like black hole, misuse of data or
hacked information. Our aim is to discuss the feasibility of
monitoring the node of different networks, to analyze it for
providing better security in AODV routing protocol. We
implement data mining techniques for search large amount
of data according characteristic rules and patterns to detect
malicious node. We have used growing neural gas (GNS)
clustering algorithm to make clusters and analysis data. Using
soft computing technique we find patterns, analysis node and
take decision based on decision tree.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Consensus Routing And Environmental Discrete Trust Based Secure AODV in MANETsIJCNCJournal
The Mobile Adhoc Network (MANET) is a wireless network model for infrastructure-less communication, and it provides numerous applications in different areas. The MANET is vulnerable to a Black-hole attack, and it affects routing functionality by dropping all the incoming packets purposefully. The Black-hole attackers pretend that it always has the best path to the destination node to mislead the source nodes. Trust is the critical factor for detecting and isolating the Black-hole attackers from the network. However, the harsh channel conditions make it difficult to differentiate the Black-hole routing activities and accurate trust measurement. Hence, incorporating the consensus-based trust evidence collection from the neighbouring nodes improves the accuracy of trust. For improving the accuracy of trust, this work suggests Consensus Routing and Environmental DIscrete Trust (CREDIT) Based Secure AODV. The CREDIT incorporates Discrete and Consensus trust information. The Discrete parameters represent the specific characteristics of the Black-hole attacks, such as routing behaviour, hop count deviation, and sequence number deviation. The direct trust accurately differentiates the Black-hole attackers using Discrete parameters, only when the nodes perform sufficient communication between the nodes. To solve such issues, the CREDIT includes the Consensus-based trust information. However, secure routing against the Black-hole attack is challenging due to incomplete preferences. The in-degree centrality and Importance degree measurement on the collected consensus-based trust from decisionmakers solve the incomplete preference issue as well as improves the accuracy of trust. The performance of the proposed scheme is evaluated using Network Simulator-2 (NS2). From the simulation results, it is proved that the detection accuracy and throughput of the proposed CREDIT are substantially high and the proposed CREDIT scheme outperforms the existing work.
International Refereed Journal of Engineering and Science (IRJES) is a leading international journal for publication of new ideas, the state of the art research results and fundamental advances in all aspects of Engineering and Science. IRJES is a open access, peer reviewed international journal with a primary objective to provide the academic community and industry for the submission of half of original research and applications
A Mobile Ad-Hoc Network (MANET) is a self configuring, infrastructure less network of mobile devices
connected by wireless links. Loopholes like wireless medium, lack of a fixed infrastructure, dynamic
topology, rapid deployment practices, and the hostile environments in which they may be deployed, make
MANET vulnerable to a wide range of security attacks and Wormhole attack is one of them. During this
attack a malicious node captures packets from one location in the network, and tunnels them to another
colluding malicious node at a distant point, which replays them locally. This paper presents a cluster based
Wormhole attack avoidance technique. The concept of hierarchical clustering with a novel hierarchical 32-
bit node addressing scheme is used for avoiding the attacking path during the route discovery phase of the
DSR protocol, which is considered as the under lying routing protocol. Pinpointing the location of the
wormhole nodes in the case of exposed attack is also given by using this method.
Prevention of Selective Jamming Attacks by Using Packet Hiding MethodsIOSR Journals
Abstract: The open nature of the wireless medium leaves it too weak to intentional interference attacks,
typically defined as jamming. This intentional interference with wireless transmissions can be used as a launch
pad for mounting Denial-of-Service attacks on wireless networks. Typically, jamming has been introduced
under an external threat model. However, intruders with internal knowledge of protocol specifications and
network secrets can launch low-effort jamming attacks that are difficult to detect and counter. In this work, we
address the problem of selective jamming attacks in wireless networks. In these attacks, the hacker is active only
for a short period of time, selectively targeting messages of high importance. We demonstrate the advantages of
selective jamming in terms of network performance degradation and hacker effort by presenting two case
studies; a selective attack on TCP and one on routing. We show that selective jamming attacks can be
forwarded by performing real-time packet classification at the physical layer. To reduce these attacks, we
develop three schemes that prevent real-time packet classification by combining cryptographic primitives with
physical-layer attributes. We analyze the security of the proposed methods and evaluate their computational and
communication overhead.
Secure and Reliable Data Routing in Wireless Sensor Networkdbpublications
Wireless Sensor Networks (WSNs) are materializing as one of the dominant technologies of the future because of their large range of applications in military and civilian fields. Because of their operating behavior, they are often neglected and thus vulnerable to various types of attacks. For instance, an attacker could catch sensor nodes, getting all the information saved therein-sensor nodes are generally considered to not be temper-proof. Hence, an attacker may clone cached sensor nodes and use them in the network to conduct a variety of mischievous activities. As the decisions taken by a sensor network rely on the information gathered by the sensor nodes, if an adversary inhibits the necessary or confidential data from being forwarded to the BS/ target, this will cause the whole breakdown of the network or outcomes in the wrong judgment being made, possibly causing deliberate loss. There are many types of attacks such as compromised node, denial of service attack, black hole attack, etc. Hence there is a necessity to find all such attacks in WSN, and to safely route our sensitive information to the target. This paper represents the survey of some types of attacks and there detection techniques. Also the survey includes different techniques for secure and reliable data collection in Wireless Sensor Networks.
PACKET DROP ATTACK DETECTION TECHNIQUES IN WIRELESS AD HOC NETWORKS: A REVIEWIJNSA Journal
Wireless ad hoc networks have gained lots of attention due to their ease and low cost of deployment. This
has made ad hoc networks of great importance in numerous military and civilian applications. But, the lack
of centralized management of these networks makes them vulnerable to a number of security attacks. One
of the attacks is packet drop attack, where a compromised node drops packets maliciously. Several
techniques have been proposed to detect the packet drop attack in wireless ad hoc networks. Therefore, in
this paper we review some of the packet drop attack detection techniques and comparatively analyze them
basing on; their ability to detect the attack under different attack strategies (partial and or cooperate
attacks), environments and the computational and communication overheads caused in the process of
detection.
SECURED GREEDY PERIMETER STATELESS ROUTING FOR WIRELESS SENSOR NETWORKS ijasuc
Wireless sensor networks are collections of large number of sensor nodes. The sensor nodes are featured
with limited energy, computation and transmission power. Each node in the network coordinates with
every other node in forwarding their packets to reach the destination. Since these nodes operate in a
physically insecure environment; they are vulnerable to different types of attacks such as selective
forwarding and sinkhole. These attacks can inject malicious packets by compromising the node.
Geographical routing protocols of wireless sensor networks have been developed without considering the
security aspects against these attacks. In this paper, a secure routing protocol named secured greedy
perimeter stateless routing protocol (S-GPSR) is proposed for mobile sensor networks by incorporating
trust based mechanism in the existing greedy perimeter stateless routing protocol (GPSR). Simulation
results prove that S-GPSR outperforms the GPSR by reducing the overhead and improving the delivery
ratio of the networks.
Mobile Ad-hoc Network is group of wireless mobile device with restricted broadcast range and no use of base Infrastructure. The secure routing model helps for reduced honest elicitation and free riding problem. The term honest elicitation means it forward high recommendation for malicious node in order to avoid itself. It means the high recommendation for colludingmalicious node. When operating in hostile or suspicious setting, MANETs require privacy and ,communication security in routing protocol. In this paper we present the type of attacks and operation on network layer with routing protocol technique i.e. based on an on-demand locationbased anonymous MANET routing protocol called SMRT (secure MANET routing technique ,with trust model) that achieves security and privacy against insider and outsider adversaries.
Prevention of Packet Hiding Methods In Selective Jamming AttackIJCERT
The sharing nature of wireless medium provides various challenging features among various set of users. It is very important in real world and it provides better transfer rate but authentication is ignored. The limitations of existing wired network are overcome by wireless network. These networks act as source for various types of jamming attacks. In analysis and detection of jamming attack various methods are available but sometime they fail. In case of external threat the analysis and reporting of jamming attack is very easy model but it is quite difficult in terms of internal threat model, these internal term uses the knowledge about network secrets and network protocols to launch various attacks with very low effort. Various cryptographic techniques are implemented to prevent these attacks. The main goal of this project is to prevent the information at the wireless physical layer and allowed the safe transmission among communicated nodes although the attacker is present.
INFRINGEMENT PRECLUSION SYSTEM VIA SADEC: STEALTHY ATTACK DETECTION AND COUNT...ijp2p
In this paper we are providing a implementation details about simulated solution of stealthy packet drop
attack. Stealthy packet drop attack is a suite of four attack types, includes colluding collision, packet
misrouting, identity delegation and power control. Stealthy packet drop attacks disrupts the packet from
reaching to it’s destination through malicious behaviour. These attacks can be easily breakdown the
multi-hop wireless ad-hoc networks. Most widely preferred method for detecting attacks in wireless
network is behaviour based detection method. In this method a normal network overhears
communication from its neighbourhood. Here we are implementing a SADEC protocol which is
proposed solution of stealthy packet drop attacks. SADEC overlaid the base line local monitoring. In
base line local monitoring each neighbour maintains additional information about routing path also it
adds some checking responsibility to all its neighbours. SADEC proves more efficient than baseline local
monitoring to mitigate successfully all the stealthy attack types.
Securing mobile cloud using finger print authenticationIJNSA Journal
Mobile cloud computing becomes part of mobile users daily life transactions. Mobile devices with Internet
capabilities have increased the use of mobile clouding computing. Due to hardware limitations in mobile
devices, these devices can't install and run applications require heavy CPU processing or extensive
memory. Cloud computing allows mobile users to synchronize their data with remote storage and utilize
applications require heavy CPU processing or extensive memory such as Microsoft Office or Adobe
Photoshop, as they run in a desktop computer.
Investigating the effects of the common control channel challenge in multicha...IJNSA Journal
Multichannel MAC protocols have become a design choice of wireless access networks as they increase the
achievable throughput. However, the implementation of a common control channel has been a challenge.
The common control channel challenge has not been investigated in opportunistic networks where the
availability of medium is temporary and unpredictable. The uncertainty of the availability of the channel
coupled with the common control channel challenge makes this area an interesting research topic.
Unfortunately, this challenge requires further investigation in Cognitive Radio Ad Hoc Networks
(CRAHN), a promising next generation technology. The challenge makes an interesting study in CRAHN
given the opportunistic access and use of channels. Given a hypothetical spectrum hole of any size coupled
with the implementation of a control channel in a multi-channel environment, how much of good put can be
realized and be effectively utilized for data transmission. We investigate the common control channel
challenge in CRAHN through network simulations. The opportunistic nature of CRAHNs in the presence of
the common control channel challenge is investigated. The simulation results show that the combination of
the control channel challenge and the size of the spectrum hole degrade gracefully the network.
Furthermore, the size of the spectrum hole has a bearing on good put. The results show that a big hole
improves performance. Unfortunately, the opportunistic attribute of CRAHNs does not guarantee desirable
spectrum holes.
International Refereed Journal of Engineering and Science (IRJES) is a leading international journal for publication of new ideas, the state of the art research results and fundamental advances in all aspects of Engineering and Science. IRJES is a open access, peer reviewed international journal with a primary objective to provide the academic community and industry for the submission of half of original research and applications
A Mobile Ad-Hoc Network (MANET) is a self configuring, infrastructure less network of mobile devices
connected by wireless links. Loopholes like wireless medium, lack of a fixed infrastructure, dynamic
topology, rapid deployment practices, and the hostile environments in which they may be deployed, make
MANET vulnerable to a wide range of security attacks and Wormhole attack is one of them. During this
attack a malicious node captures packets from one location in the network, and tunnels them to another
colluding malicious node at a distant point, which replays them locally. This paper presents a cluster based
Wormhole attack avoidance technique. The concept of hierarchical clustering with a novel hierarchical 32-
bit node addressing scheme is used for avoiding the attacking path during the route discovery phase of the
DSR protocol, which is considered as the under lying routing protocol. Pinpointing the location of the
wormhole nodes in the case of exposed attack is also given by using this method.
Prevention of Selective Jamming Attacks by Using Packet Hiding MethodsIOSR Journals
Abstract: The open nature of the wireless medium leaves it too weak to intentional interference attacks,
typically defined as jamming. This intentional interference with wireless transmissions can be used as a launch
pad for mounting Denial-of-Service attacks on wireless networks. Typically, jamming has been introduced
under an external threat model. However, intruders with internal knowledge of protocol specifications and
network secrets can launch low-effort jamming attacks that are difficult to detect and counter. In this work, we
address the problem of selective jamming attacks in wireless networks. In these attacks, the hacker is active only
for a short period of time, selectively targeting messages of high importance. We demonstrate the advantages of
selective jamming in terms of network performance degradation and hacker effort by presenting two case
studies; a selective attack on TCP and one on routing. We show that selective jamming attacks can be
forwarded by performing real-time packet classification at the physical layer. To reduce these attacks, we
develop three schemes that prevent real-time packet classification by combining cryptographic primitives with
physical-layer attributes. We analyze the security of the proposed methods and evaluate their computational and
communication overhead.
Secure and Reliable Data Routing in Wireless Sensor Networkdbpublications
Wireless Sensor Networks (WSNs) are materializing as one of the dominant technologies of the future because of their large range of applications in military and civilian fields. Because of their operating behavior, they are often neglected and thus vulnerable to various types of attacks. For instance, an attacker could catch sensor nodes, getting all the information saved therein-sensor nodes are generally considered to not be temper-proof. Hence, an attacker may clone cached sensor nodes and use them in the network to conduct a variety of mischievous activities. As the decisions taken by a sensor network rely on the information gathered by the sensor nodes, if an adversary inhibits the necessary or confidential data from being forwarded to the BS/ target, this will cause the whole breakdown of the network or outcomes in the wrong judgment being made, possibly causing deliberate loss. There are many types of attacks such as compromised node, denial of service attack, black hole attack, etc. Hence there is a necessity to find all such attacks in WSN, and to safely route our sensitive information to the target. This paper represents the survey of some types of attacks and there detection techniques. Also the survey includes different techniques for secure and reliable data collection in Wireless Sensor Networks.
PACKET DROP ATTACK DETECTION TECHNIQUES IN WIRELESS AD HOC NETWORKS: A REVIEWIJNSA Journal
Wireless ad hoc networks have gained lots of attention due to their ease and low cost of deployment. This
has made ad hoc networks of great importance in numerous military and civilian applications. But, the lack
of centralized management of these networks makes them vulnerable to a number of security attacks. One
of the attacks is packet drop attack, where a compromised node drops packets maliciously. Several
techniques have been proposed to detect the packet drop attack in wireless ad hoc networks. Therefore, in
this paper we review some of the packet drop attack detection techniques and comparatively analyze them
basing on; their ability to detect the attack under different attack strategies (partial and or cooperate
attacks), environments and the computational and communication overheads caused in the process of
detection.
SECURED GREEDY PERIMETER STATELESS ROUTING FOR WIRELESS SENSOR NETWORKS ijasuc
Wireless sensor networks are collections of large number of sensor nodes. The sensor nodes are featured
with limited energy, computation and transmission power. Each node in the network coordinates with
every other node in forwarding their packets to reach the destination. Since these nodes operate in a
physically insecure environment; they are vulnerable to different types of attacks such as selective
forwarding and sinkhole. These attacks can inject malicious packets by compromising the node.
Geographical routing protocols of wireless sensor networks have been developed without considering the
security aspects against these attacks. In this paper, a secure routing protocol named secured greedy
perimeter stateless routing protocol (S-GPSR) is proposed for mobile sensor networks by incorporating
trust based mechanism in the existing greedy perimeter stateless routing protocol (GPSR). Simulation
results prove that S-GPSR outperforms the GPSR by reducing the overhead and improving the delivery
ratio of the networks.
Mobile Ad-hoc Network is group of wireless mobile device with restricted broadcast range and no use of base Infrastructure. The secure routing model helps for reduced honest elicitation and free riding problem. The term honest elicitation means it forward high recommendation for malicious node in order to avoid itself. It means the high recommendation for colludingmalicious node. When operating in hostile or suspicious setting, MANETs require privacy and ,communication security in routing protocol. In this paper we present the type of attacks and operation on network layer with routing protocol technique i.e. based on an on-demand locationbased anonymous MANET routing protocol called SMRT (secure MANET routing technique ,with trust model) that achieves security and privacy against insider and outsider adversaries.
Prevention of Packet Hiding Methods In Selective Jamming AttackIJCERT
The sharing nature of wireless medium provides various challenging features among various set of users. It is very important in real world and it provides better transfer rate but authentication is ignored. The limitations of existing wired network are overcome by wireless network. These networks act as source for various types of jamming attacks. In analysis and detection of jamming attack various methods are available but sometime they fail. In case of external threat the analysis and reporting of jamming attack is very easy model but it is quite difficult in terms of internal threat model, these internal term uses the knowledge about network secrets and network protocols to launch various attacks with very low effort. Various cryptographic techniques are implemented to prevent these attacks. The main goal of this project is to prevent the information at the wireless physical layer and allowed the safe transmission among communicated nodes although the attacker is present.
INFRINGEMENT PRECLUSION SYSTEM VIA SADEC: STEALTHY ATTACK DETECTION AND COUNT...ijp2p
In this paper we are providing a implementation details about simulated solution of stealthy packet drop
attack. Stealthy packet drop attack is a suite of four attack types, includes colluding collision, packet
misrouting, identity delegation and power control. Stealthy packet drop attacks disrupts the packet from
reaching to it’s destination through malicious behaviour. These attacks can be easily breakdown the
multi-hop wireless ad-hoc networks. Most widely preferred method for detecting attacks in wireless
network is behaviour based detection method. In this method a normal network overhears
communication from its neighbourhood. Here we are implementing a SADEC protocol which is
proposed solution of stealthy packet drop attacks. SADEC overlaid the base line local monitoring. In
base line local monitoring each neighbour maintains additional information about routing path also it
adds some checking responsibility to all its neighbours. SADEC proves more efficient than baseline local
monitoring to mitigate successfully all the stealthy attack types.
Securing mobile cloud using finger print authenticationIJNSA Journal
Mobile cloud computing becomes part of mobile users daily life transactions. Mobile devices with Internet
capabilities have increased the use of mobile clouding computing. Due to hardware limitations in mobile
devices, these devices can't install and run applications require heavy CPU processing or extensive
memory. Cloud computing allows mobile users to synchronize their data with remote storage and utilize
applications require heavy CPU processing or extensive memory such as Microsoft Office or Adobe
Photoshop, as they run in a desktop computer.
Investigating the effects of the common control channel challenge in multicha...IJNSA Journal
Multichannel MAC protocols have become a design choice of wireless access networks as they increase the
achievable throughput. However, the implementation of a common control channel has been a challenge.
The common control channel challenge has not been investigated in opportunistic networks where the
availability of medium is temporary and unpredictable. The uncertainty of the availability of the channel
coupled with the common control channel challenge makes this area an interesting research topic.
Unfortunately, this challenge requires further investigation in Cognitive Radio Ad Hoc Networks
(CRAHN), a promising next generation technology. The challenge makes an interesting study in CRAHN
given the opportunistic access and use of channels. Given a hypothetical spectrum hole of any size coupled
with the implementation of a control channel in a multi-channel environment, how much of good put can be
realized and be effectively utilized for data transmission. We investigate the common control channel
challenge in CRAHN through network simulations. The opportunistic nature of CRAHNs in the presence of
the common control channel challenge is investigated. The simulation results show that the combination of
the control channel challenge and the size of the spectrum hole degrade gracefully the network.
Furthermore, the size of the spectrum hole has a bearing on good put. The results show that a big hole
improves performance. Unfortunately, the opportunistic attribute of CRAHNs does not guarantee desirable
spectrum holes.
A need for peer to-peer strong local authentication protocol (p2 pslap) in mo...IJNSA Journal
Mobile phones are considered to be the most common devices in history of humankind. They have involved
in financial transaction such as mobile banking and mobile payment, which include sensitive information.
Public key cryptography is the proven solution that can provide secure transaction at every point of
interaction in mobile banking value chain. This paper proposes a need for peer-to-peer Strong Local
Authentication Protocol (p2pSLAP) for Mobile Banking Transaction that implements a peer-to-peer
architecture to provide local authentication mechanism between the customer and the agent. It employs
public key infrastructure (PKI).
Multi carrier equalization by restoration of redundanc y (merry) for adaptive...IJNSA Journal
This paper proposes a new blind adaptive channel shortening approach for multi-carrier systems. The
performance of the discrete Fourier transform-DMT (DFT-DMT) system is investigated with the proposed
DST-DMT system over the standard carrier serving area (CSA) loop1. Enhanced bit rates demonstrated
and less complexity also involved by the simulation of the DST-DMT system.
Pause Photo Prose, un projet de jeu vidéo pour faire comprendre la photographieYannick Vernet
Un projet expérimental de jeu vidéo pour faire comprendre la photographie. ce projet, initié dans le cadre de l'Observatoire des pratiques de création de l'image numérique, s'appuie sur le jeu de plateau éducatif des Rencontres de la Photographie d'Arles (Pause Photo Prose).
Ce projet est fait en partenariat avec : les Rencontres de la Photographie d'Arles, l'École nationale supérieure de la photographie d'Arles, Master jeu vidéo de l'Université Paul Valéry Montpellier, l'IUT d'Arles (Aix-Marseille université) Licence Professionnelle SIL Imagerie Numérique et Diplôme Universitaire de Technologie (DUT) du MultiMédia et de l’Internet (MMI), Pôle industries culturelles et patrimoines, Goût d'idées.
ENTROPY BASED DETECTION ANDBEHAVIORAL ANALYSIS OF HYBRID COVERT CHANNELIN SEC...IJNSA Journal
Covert channels is a vital setup in the analysing the strength of security in a network. Covert Channel is illegitimate channelling over the secured channel and establishes a malicious conversation. The trap-door set in such channels proliferates making covert channel sophisticated to detect their presence in network firewall. This is due to the intricate covert scheme that enables to build robust covert channel over the network. From an attacker's perspective this will ameliorate by placing multiple such trapdoors in different protocols in the rudimentary protocol stack. This leads to a unique scenario of “Hybrid Covert Channel", where different covert channel trapdoors exist at the same instance of time in same layer of protocol stack. For detection agents to detect such event is complicated due to lack of knowledge over the different covert schemes. To improve the knowledge of the detection engine to detect the hybrid covert channel scenario it is required to explore all possible clandestine mediums used in the formation of such channels. This can be explored by different schemes available and their entropy impact on hybrid covert channel. The environment can be composed of resources and subject under at-tack and subject which have initiated the attack (attacker). The paper sets itself an objective to understand the different covert schemes and the attack scenario (modelling) and possibilities of covert mediums along with metric for detection.
A typical analysis of hybrid covert channel using constructive entropy analy...IJECEIAES
A covert timing channel is based on modulation of the timing information in the network packets in a secured communication. The delicacy of this channel is primarily viewed as single coherent channel thwart the detection from any third-party entity or network admin. The timing covert channel is strenuous to detect under many scenarios due to the intricate complexity of the channel. The exploration of timing covert channel shed light on intrinsic design aspects which elevate understanding to an advanced level. This will effectively bring out elite literature aspects of the timing covert channel for seamless implementation. Supraliminal channels are innocuous messagebased channel introduced as a trapdoor in the communication system either intentional or as vulnerability of the system. A hybrid covert channel is the existence of homogeneous or heterogeneous network covert channel variants either at same instant or at different instant of time. For instance, one of possible hybrid covert channel is the co-existence of timing covert channel in transmission control protocol (TCP) and supraliminal channel in voice over internet protocol (VoIP). This paper introduces this variant of the hybrid covert channel and their significance in network communication. The paper also refers to standard measures-entropy, covertness index to understand hybrid covert channel.
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
Cluster Based Misbehaviour Detection and Authentication Using Threshold Crypt...CSCJournals
In mobile ad hoc networks, the misbehaving nodes can cause dysfunction in the network resulting in damage of other nodes. In order to establish secure communication with the group members of a network, use of a shared group key for confidentiality and authentication is required. Distributing the shares of secret group key to the group members securely is another challenging task in MANET. In this paper, we propose a Cluster Based Misbehavior Detection and Authentication scheme using threshold cryptography in MANET. For secure data transmission, when any node requests a certificate from a cluster head (CH), it utilizes a threshold cryptographic technique to issue the certificate to the requested node for authentication. The certificate of a node is renewed or rejected by CH, based on its trust counter value. An acknowledgement scheme is also included to detect and isolate the misbehaving nodes. By simulation results, we show that the proposed approach reduces the overhead.
Robust encryption algorithm based sht in wireless sensor networksijdpsjournal
In bound applications, the locations
of events reportable by a device network have to be compelled to stay
anonymous. That is, unauthorized observers should be unable to notice the origin of such events by
analyzing the network traffic. I analyze 2 forms of downsides: Communication overhead a
nd machine load
problem. During this paper, I gift a brand new framework for modeling, analyzing, and evaluating
obscurity in device networks. The novelty of the proposed framework is twofold: initial, it introduc
es the
notion of “interval indistinguishabi
lity” and provides a quantitative live to model obscurity in wireless
device networks; second, it maps supply obscurity to the applied mathematics downside I showed that
the
present approaches for coming up with statistically anonymous systems introduce co
rrelation in real
intervals whereas faux area unit unrelated. I show however mapping supply obscurity to consecutive
hypothesis testing with nuisance Parameters ends up in changing the matter of exposing non
-
public supply
data into checking out associate d
egree applicable knowledge transformation that removes or minimize the
impact of the nuisance data victimization sturdy cryptography algorithmic rule. By doing therefore,
I
remodel the matter of analyzing real valued sample points to binary codes, that ope
ns the door for
committal to writing theory to be incorporated into the study of anonymous networks. In existing wor
k,
unable to notice unauthorized observer in network traffic. However our work in the main supported
enhances their supply obscurity against
correlation check. the most goal of supply location privacy is to
cover the existence of real events.
An ensemble model to detect packet length covert channelsIJECEIAES
Covert channel techniques have enriched the way to commit dangerous and unwatched attacks. They exploit ways that are not intended to convey information; therefore, traditional security measures cannot detect them. One class of covert channels that difficult to detect, mitigate, or eliminate is packet length covert channels. This class of covert channels takes advantage of packet length variations to convey covert information. Numerous research articles reflect the useful use of machine learning (ML) classification approaches to discover covert channels. Therefore, this study presented an efficient ensemble classification model to detect such types of attacks. The ensemble model consists of five machine learning algorithms representing the base classifiers. The base classifiers include naive Bayes (NB), decision tree (DT), support vector machine (SVM), k-nearest neighbor (KNN), and random forest (RF). Whereas, the logistic regression (LR) classifier was employed to aggregate the outputs of the base classifiers and thus to generate the ensemble classifier output. The results showed a good performance of our proposed ensemble classifier. It beats all single classification algorithms, with a 99.3% accuracy rate and negligible classification errors.
A Review of Network Layer Attacks and Countermeasures in WSNiosrjce
IOSR Journal of Electronics and Communication Engineering(IOSR-JECE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of electronics and communication engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in electronics and communication engineering. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
The peer-reviewed International Journal of Engineering Inventions (IJEI) is started with a mission to encourage contribution to research in Science and Technology. Encourage and motivate researchers in challenging areas of Sciences and Technology.
TRIDNT: THE TRUST-BASED ROUTING PROTOCOL WITH CONTROLLED DEGREE OF NODE SELFI...IJNSA Journal
In Mobile ad-hoc network, nodes must cooperate to achieve the routing purposes. Node misbehaviour due to selfish or malicious intention could significantly degrade the performance of MANET because most existing routing protocols in MANET are aiming at finding most efficiency path. In this paper, we propose a Two node-disjoint Routes protocol for Isolating Dropper Node in MANET (TRIDNT) to deal with misbehaviour in MANET. TRIDNT allows some degree of selfishness to give an incentive to the selfish nodes to declare itself to its neighbours, which reduce the misbehaving nodes searching time. In TRIDNT two node-disjoint routes between the source and destination are selected based on their trust values. We use both DLL-ACK and end-to-end TCP-ACK to monitor the behaviour of routing path nodes: if a malicious behaviour is detected then the path searching tool starts to identify the malicious nodes and isolate them. Finally by using a mathematical analysis we find that our proposed protocol reduces the searching time of malicious nodes comparing to the route expected life time, and avoids the isolated misbehaving node from sharing in all future routes, which improve the overall network throughput.
Message Authentication And Source Privacy Using BAC Technique In Wireless Sen...theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
A Secure Payment Scheme with Low Communication and Processing Overhead for Mu...Editor IJMTER
In this proposed work a trust-based routing protocol is developed to route messages through the
highly trusted nodes to minimize the probability of dropping the messages. Thus improve the network
performance in terms of throughput and packet delivery ratio. The proposed design contains a novel secure
reactive routing protocol for Mobile ad hoc networks (MANETs), called TRIUMF (Trust-Based Routing
Protocol with controlled degree of Selfishness for Securing MANET against Packet Dropping Attack). In the
proposed protocol trust among nodes is represented by trust value, which consists of cooperation score, direct
trust and indirect trust. The proposed trust routing allows controlled degree of selfishness to give an incentive to
the selfish nodes to declare its selfishness behavior to its neighbor nodes, which reduce the searching time of
misbehaving nodes to search for the malicious nodes only. In the proposed routing protocol two node-disjoint
routes between the source and destination nodes are selected based on their path trust values, one marked as
primary and the other as secondary. In this work both DLL-ACK and end- to-end TCP-ACK as monitoring
tools to monitor the behavior of routing path nodes: if the data packet successfully transmitted, then the path
nodes trust value are updated positively; otherwise, if a malicious behavior is detected then the path searching
tool starts to identify the malicious nodes and isolate them from the routing path and the network. Finally this
scheme reduces the searching time of malicious nodes, and the routing protocol avoids the isolated misbehaving
node from sharing in all future routes, which improves the overall network throughput.
A Survey on Secure Hierarchical LEACH Protocol over Wireless Sensor NetworkIJERD Editor
Wireless Sensor Network contain number of nodes. Lifetime of Sensor nodes depend on their battery
power, which cannot be reenergize. Thus, to save the node energy & lifetime of the Network energy efficient
LEACH protocol is introduced. Wireless sensor networks are facing many experiments such as the partial source
in processing power, storage and energy. The inadequate energy source is one of the main tasks facing the security
in such networks. LEACH doesn’t shield the safety harms. So we want to improve security scenario of Secure
LEACH protocol. Hierarchical or cluster base routing protocol for WSNs is the most energy-efficient among other
routing protocols. This paper shows different security mechanism used in LEACH protocol. This all protocol is
based on Hierarchical routing protocol. This paper shows basic scenario of security in LEACH.
Similar to Performance analysis of transport layer basedhybrid covert channel detection engine (20)
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Essentials of Automations: Optimizing FME Workflows with Parameters
Performance analysis of transport layer basedhybrid covert channel detection engine
1. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
PERFORMANCE ANALYSIS OF TRANSPORT LAYER
BASED Hybrid Covert Channel Detection Engine
Anjan K1, Srinath N K1, Jibi Abraham2
1
Department Of Computer Science and Engineering,
R V College of Engineering,
Bangalore,India
2
College of Engineering, Pune, India
ABSTRACT
Computer network is unpredictable due to information warfareand is prone to various attacks. Such attacks
on network compromiseson the most important attribute, the privacy. Most of such attacksare devised using
special communication channel called Covert Channel".The word Covert" stands for hidden or nontransparent.Network Covert Channel is concealed communication paths within legitimatenetwork
communication that clearly violates security policies laiddown. Non-transparency in covert channel is also
referred to as trapdoor.A trapdoor is unintended design within legitimate communication whosemotto is
leak information. Subliminal channel, a variant of covert channelworks similarly as network covert channel
except that trapdoor is setin cryptographic algorithm. A composition of covert channel with
subliminalchannel is the Hybrid Covert Channel". Hybrid covert channelis the homogeneous or
heterogeneous mixture of two or more variantsof covert channel either active at same instance or at
different instanceof time. Detecting such malicious channel activity plays a vital role inremoving threat to
legitimate network.In this paper, we introduce new detection engine for hybrid covert channelin transport
layer visualized in TCP and SSL. A setup made onexperimental test bed (DE-HCC9) in RD Lab of our
department. Thepurpose of this study is to introduce few performance metrics to evaluatedetection engine
and also to understand the multi-trapdoor natureof covert channel.
KEYWORDS
Covert Channel, Subliminal Channel, Hybrid Covert Channel,Network Security, Trapdoors
1. INTRODUCTION
Recent tremendous growth in network has increased more awareness about security aspects
amongst spectrum of technical fraternity. It’s unfortunate that there are too few people working
on securing channel against threat of covert channel. Detection methods are still at its infancy and
depend on the structure of network under consideration.
Covert Channel[1,2,3] is a malicious conversation within a legitimate network communication.
Covert Channels clearly violate the security policies laid down by the network environment
allowing the information leak to the unauthorized or unknown receiver. Covert Channels do not
have concrete definition and are scenario oriented. Covertness in these channels exhibit behaviors
like multi-trapdoor and protocol hopped where in which channeling is not constrained to pair of
communication entities. A fundamental covert channel can be visualized in the figure.1 depicting
the covert communication model employed in the covert channel with pre-shared information
encoding and decoding scheme between the covert users.
DOI : 10.5121/ijnsa.2013.5605
55
2. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
Figure 1:Covert Channel Visualization
Covert channel can also exist between threads in process or processes in operating system or
amongst distributed entities. The focus here is on the design exploration in the specific network
protocol and in security protocol. Covert channel is associated with similar terminologies like
side channel or stegnographic channel or supraliminal channel, these literature terms are
indifferent to each other and stand on the motto of promoting covertness in different forms or
scenarios in a communication model over legitimate network.
Covert Channels in general exhibit some characteristics: Bandwidth and Covertness Index. The
bandwidth is the amount of covert data sent in the network as per the figure 1. This can be
formulated using the Shannon’s Channel Capacity –
ܶ
ܥ௩௧ ൌ ݈݃ଶ ൬1 ൰
ܰ
Where T is the flow of Covert data and N is the Noise in the channel during transmission. For the
network channel with covert communication the total bandwidth of the channel C always will be
ܥ௩௧ ൏ ܥ
The Covertness index [16] is the strength of the detection of the trapdoor placed in the network
protocols which determines the appropriate detection methods to be employed. The covert
channels are broad classification is described in [5].
Hybrid Covert Channel(HCC) [5], a variant of covert channel is defined as homogeneous or
heterogeneous composition of two or more covert channel variants existing either at same
instance or at different instance of time. Hybrid Covert Channel may be composed of many covert
channels and does not have fixed composition. Due to this it is impossible to detect all the
possible channels in HCC at real time. HCC can also behave as single coherent channel with
characteristics as multi-trapdoor and protocol hopped [10]. Hybrid Covert Channel here as shown
in figure 2 is visualized as a combination of simple network covert channel in TCP and subliminal
channel in SSL, both being transport layer protocols.
56
3. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
Figure 2: Hybrid Covert Channel in Transport Layer
Further section of this paper covers various detection methods and system totackle the hybrid
covert channel based on the proper detection method. Section2 explores related work. Section 4
gives brief insight about various detectionmethodology and chosen detection method for hybrid
covert channel scenario.Section 5 delineates about the system design and implementation. Section
6gives testing of the system in DE-HCC9. Conclusion and future enhancementsis provided in
section 7.
2. RELATED WORK
Extensive work has been done to devise better detection methods to detect only covert channel
either on live wire or on a dataset. In [7] is based on detecting covert shells by monitoring the
unusual traffic in the network stream. Covert timing channels are design and detecting in [8]
based on packet inter-arrival and modelling whole process as Poisson's distribution. Illegal
information flows in covert channels are tracked by tracing the Message Sequence Charts (MSC)
in [9]. This paper employs a statistical protocol based detection [11] to detect hybrid covert
channel based on analysis made on packet headers.
3. DETECTION METHODS
Detection methods [11] are based on the anomaly or signature match in the protocols of the
network stack. However, there is new covert language encoding schemes in the protocols that
make sit sophisticated to detect it. The channel detection scheme must follow various rounds of
checks before the alert is flashed to the administrator of the network and must actively scan the
flow of information in the channel. If the same process is carried in after an attack event then the
procedure is purely under Network Forensics. If the detection schemes are capable identifying a
victimized resource then the process is termed as Covert Channel Identification. There are
different methods used to detect a covert channel and it presented below –
3.1. Signature Based Detection
Signature-based is also termed as misuse based detection and is carried out actively on the
network streams by searching specific patterns or signature of standard protocol. In such cases the
algorithm alarms the network of a breach. The popular tool which can detect is NetCat - which is
a reverse-shell communication between the internal network and a public network.
57
4. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
3.2. Protocol Based Detection
Protocol based detection scheme is simple profiling of each protocol used in communication.
This is refereed to a deep packet analysis where the each header is scanned to understand its
standard values. The standard profile of a protocol is the protocol specification described in their
RFC's. Covert_TCPtool manipulates sequence number field, ACK Field in TCP and IP ID in IPv4
packet for the covert communication.
3.3. Behavioral Based Detection
Behavioural based detection scheme is sophisticated scheme as it monitors user profiles, resource
profiles and reference profiles. It detects the unusual behaviour in the network and is performed in
real-time. The detection is based on deviation of usage of the network from normal scenarios. A
simple instance can be multiple packet transmission from a source with same sequence number
and keeping the traffic of the network it is peak.
3.4. Other Approaches
Other Approaches includes detection based on the supervised learning schemes like neural
network. Neural network approach involves training the network for `T' period until required
accurate values to trigger the alarm process by the detection engine. Scenario based Bayes
interference is to set up a system in which each suspicious matched signature (hypothetical attack)
found in the monitored data stream is part of a global set (symptoms) and use each global set to
calculate, with a Bayes inference, the probability for a known attack to be on hold knowing the
P(Hypothetical attack / Symptoms) probability.If the detection engine finds a suspicious scenario
which probability value is greater than a set threshold, an alarm process is triggered by the
detection engine.
Above categorization can also behave as either statistical or probabilistic. A statistical approach is
to run the detection engine for `t' hours and record an amount of data `D'. This period is called as
learning period and such approach helps to increase the accuracy and also to set the threshold
value for the alarm process. A probabilistic approach is to set a probability for the specific event S
that occurs after P, Q and R as Y%. This helps the detection engine to tune itself to such event in
its running period.
4. SYSTEM DESIGN AND IMPLEMENTATION
Major Design Criteria
HCC in transport layer is combination of trapdoors placed in TCP and backdoors placed in TLS.
The design of the channels with respect to TCP and TLS are different. It works on simple packet
capture utility and then analysis of payload and headers. TCP payload will content – TLS/SSL
content and process forming the content is specified in the figure 3.
58
5. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
Figure 3:Hybrid Covert Channel Formation
In figure 3, words marked with red refer to covert process and those with black refer to legitimate
process. Channel has to constructed to test the detection engines accuracy and its covertness
index. This would suggest the best suited detection schemes to be used for achieve positive
detections. The approach here can be combination of Protocol and Signature based schemes also
referred to as Statistical Protocol Based Detection.
Designing Hybrid Covert Channel takes two different routes discussed in the coming subsections. With reference to figure 3, flow of design follows first subliminal channel in SSL and
then the simple network covert channel in TCP.
4.1Designing Subliminal Channel in TLS/ SSL
SSL had wide range of cipher algorithm that assist in secured communication. One such
algorithm is the DSA that provide authentication service. Subliminal Channel is created in DSA
as per [13]. Practically this can done in following ways 1. Covert user generates a random number and provides it during the signature generation
process.
2. Covert user replaces system generated public-private keys with the keys that covert
process has generated. This may even content bit and bytes of the covert message to be
communicated.
3. The Signature component used in the TLS will content the subliminal message generated
in 2. This will be sued as communication medium for the reciver to understand the
message sent by the covert sender.
4. Programmatically this can be accomplished either with OpenSSL or JSSE secure sockets.
4.2Designing Simple Network Covert Channel in TCP
The process of the covert channel generation in network protocol as described in [5] where the
covert sender places his covert data in covert vulnerable fields like Sequence Number, Flags,
Ack, options and reserved. The focus here is on constructing simple network covert channel, with
59
6. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
specific focus on Sequence number, padding and Flags fields of the TCP. Direct access of the
network card is required to send this TCP packet by the covert user. This can accomplished in
following ways –
1. Jpcap libraries in Java that gives direct control of the interface to developer, here a covert
user.
2. BSD socket in Linux where socket creation can be done in the raw mode of operation to
create custom packet and informing the kernel not append checksum as this done the
developer.
4.3 Design and Implementation of Detection Engine
The design of the detection engine takes two stages- one for detecting the subliminal channel in
TLS/SSL and the other is for the simple network covert channel in TCP. In TCP based covert
channel, TCP packet must be available for diagnosis; this can be accomplished by employing a
protocol sniffer. In TLS/ SSL payload, it assumed that covert user has replaced the original
supplied keys and also random number is manipulated. In such cases randomness test for both
keys and the random number will prove that fact of trapdoor placed by covert party.
Detection Engine Algorithm:
Step 1: Capture TCP packets from Network Interface using protocol
sniffer fromuser specified network device
Step 2: Store the TCP packet in database by parsing each fields.
Step 3: Analyse the TCP header for the covert vulnerable fields.
Step 4: Analyse the signature component in the TLS which is a
payload in TCP payload and testifythe key against Randomness
tester
Step 5: Log the entries of the covert and subliminal activity.
Step
6:
Compute
the
performance
graph
and
contentcomputation from the each session data set.
detection
5. TESTING
Testing results are based on the design consideration made in [6]. DE-HCC9 test bed performance
will be based on its detection rate and detection content under different circumstances. The
variables to be considered for the performance analysis are listed as follows for `n' nodes in the
experimental test bed with `s' sample count and for the session `t'. Let
-
αbe the total number of packet captured.
-
β be the number of TCP packets captured
-
γ cardinality of dataset previously collected
-
T be the total number of detection made
-
tbe total number of available TCP packets in database.
60
7. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
-
Φ Relative Detection Content with respect to β.
-
η Absolute Detection Content with respect to α
Total number of TCP in database or dataset is
ݐൌ ߛ ߚ
(1)
In the equation 1 if ߛ ൌ 0 and ݐൌ ߚ
The calculations for detection content are performed using the expressions.
ܶ
߶ൌ
ߚ
ߟൌ
ܶ
ݐ
The threshold value for γ is 10000 packets.
߶ߟ
2
Experiments made on DE-HCC9 indicate that packet capturing from thenetwork interface has
uniform increase with respect to time. This is visualizedin graph obtained from the test bed show
in figure 4.
ߠ ݁ݐܽݎ ݊݅ݐܿ݁ݐ݁ܦ ݁݃ܽݎ݁ݒܣൌ
Figure 4: Total No. of Packets (α) Vs Time
61
8. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
Figure 5: TCP PacktsVs Time
This figure 5 completely depends on the traffic in the subnet and node count.The detection
content in TCP for 5 nodes varies between 15% - 30% and average detection rate at 70% - 97% as
depicts in the figure 6. Also that detection content depends on number of times covert channel is
invoked in that session. If sampling is done for infinity then these percentages decrease to small
number or even negligible, which is true in the real network scenario.
Figure 6: Average Detection Rate Vs No. of Runs
5. CONCLUSION AND FUTURE WORK
Hard Compromise on confidential information and is clearly unacceptable in presence of security
measures for legitimate network. Conspiracy between communication parties is not legitimate
(Covert Parties) and existence of Hybrid Covert Channel is the strongest threat in communication
which should be decommissioned. Conclusion is to build system to detect the activity of Hybrid
covert channel in a small scale LAN. This paper has focused such system and also introduces
performance metrics to evaluate such system in experimental test bed (DE-HCC9).
62
9. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
The project develop is primitive attempt to detect the hybrid covet channel and further
improvements include the adding following features
-
To cover most of the possible covert fields in TCP packet header like acknowledgment
bounce and options.
Include elimination protocol especially suited for the scenario considered in this project
called ``Spoofed Pump'' protocol.
Further to include possible hybrid combination of covert in the TCP/IP protocol stack.
Analyse the similar possibility of hybrid channelling in case of Ad hoc wireless network
since existing of covert channel in routing algorithm headers is possible.
ACKNOWLEDGEMENT
Anjan K would like to thank Late Dr. V.K Ananthashayana, Erstwhile Head, Department of
Computer Science and Engineering, M.S.Ramaiah Institute of Technology, Bangalore, for
igniting the passion for research.
REFERENCES
[1]
Vishal Bharti, Practical Development and Deployment of Covert Communication in IPv4, Journal on
Theoretical and Applied Information Technology, Apr 2007.
[2]
Sebastian Zander et.al.: Covert Channels and Counter Measures in Computer Network Protocols,
IEEE communication Magazine on survey an tutorials, December 2007.
[3]
SweetyChauhan, Analysis and Detection of Network Covert channel, Technical Report by
Department of computer science and Electrical Engineering,University of Maryland Baltimore
County, Dec 2005.
[4]
EnpingLi , Scott Craver, A supraliminal channel in a wireless phone application, Proceedings of the
11th ACM workshop on Multimedia and security, September 07-08, 2009, Princeton, New Jersey,
USA.
[5]
KoundinyaAnjan and Jibi Abraham, Behaviour Analysis of Transport Layer based Hybrid Covert
Channel, Third International Conference on Network Security and Application, Springer-Verlag
LNCS series, Chennai, India, Jul 2010.
[6]
Anjan K Koundinya and Jibi Abraham, Design of Transport Layer Based Hybrid Covert Channel
Detection Engine, International Journal of Ad hoc, Sensor and Ubiquitous Computing, Dec 2010.
[7]
SarderCabuk,CarlaBrodley,ClaySheilds, IP Covert Channel Detection, ACM Transaction on
Information and System Security, Vol 12, Article 22, Apr 2009.
[8]
SarderCabuk,CarlaBrodley,ClaySheilds, IP Covert Timing Channels : Design and Detection, CCS' 04,
Oct 2004.
[9]
Lo`icH'elouet., Claude Jard, Marc Zeitoun, Covert channels detection in protocols using scenarios,
SPV'03, April 2003.
[10] Steffen Wendzel, Protocol Channels, HAKIN9,Jun 2009.
[11] Description of Detection Approaches at url –http://gray-world.net/projects/papers/html/cctde.html
[12] Description of JPcap Libraries at url-http://netresearch.ics.uci.edu/kfujii/jpcap/doc/index.html
[13] Gustavus J Simmons, The Subliminal Channel and Digital Signatures, Springer-Verlag, 1998.
[14] Jerry Banks et.al. Discrete Event System Simulation, Third edition, Prentice Hall, Jan 2001
[15] Description of Randomness test suite - JRandTester at url-http://sourceforge.net/projects/jrandtest
63
10. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
[16] Anjan K, Gururaja H S et.al., Covertness Analysis of Subliminal Channelsin Legitimate
Communication, ADCONS 2011, LNCS 7135, pp. 582–591, 2012
AUTHOR’S PROFILE
Anjan K has received his B.E degree from Visveswariah Technological University,
Belgaum, India in 2007 And his master degree from from Department of Computer
Science and Engineering, M.S. Ramaiah Institute of Technology, Bangalore, India. He has
been awarded Best Performer PG 2010 for his academic excellence. His areas of research
includes Network Security and Cryptography, Adhoc Networks, Mobile Computing,
Agile Software Engineering. He is currently working as Assistant Professor in Dept. of
Computer Science and Engineering, R V College of Engineering.
Srinath N K has his M.E degree in Systems Engineering and Operations Research from
Roorkee University, in 1986 and PhD degree from AvinashLingum University, India in
2009. His areas of research interests include Operations Research, Parallel and Distributed
Computing, DBMS, Microprocessor. His is working as Professor and Head, Dept of
Computer Science and Engineering, R V College of Engineering.
Jibi Abraham has received her M.S degree in Software Systems from BITS, Rajasthan,
India in 1999 and PhD degree from VisveswariahTechnologicalUniversity, Belgaum, India
in 2008 in the area of Network Security. Her areas of research interests include Network
routing algorithms, Cryptography, Network Security of Wireless Sensor Networks and
Algorithms Design.She is working as Professor in Dept. of CEIT, College of Engineering
Pune.
64