Information Technology Reference
In-Depth Information
Statistical Covert Channels Through
PROXY Server
Alexei Galatenko
1
, Alexander Grusho
2
, Alexander Kniazev
3
,
and Elena Timonina
2
1
Moscow State University, GSP-2, Leninskie Gory,
Moscow, 119992, Russian Federation
agalat@msu.ru
2
Russian State University for Humanity, 25 Kirovogradskaya,
Moscow, Russian Federation
aaotee@mail.infotel.ru
eltimon@yandex.ru
3
Russian Academy of Sciences Lebedev Institute of Precise Mechanics and
Computer Technology, 51 Leninsky Prospekt, Moscow, Russian Federation
avk@ipmce.ru
Abstract.
The paper
1
is devoted to creating a covert channel through
a PROXY server. The channel is based upon data permutation in server
buffer using the sequence of packets coming from the router connected to
the PROXY server. The resulting data flow allows to create a statistical
covert channel that transfers information by manipulating expectation
and dispersion of the number of increasing pairs in the sequence of net-
work addresses.
1
Introduction
In [1,2] the problem of building an attack targeted at a secure global network
segment via a covert channel was investigated. The main tool for providing
security was IPSec protocol.
In this paper we consider security provided by a PROXY-server, which is
invulnerable to attacks and provides reliable data encryption. Like in [1,2], we
create a covert channel via modulating the address sequence in packets trans-
mitted by the PROXY-server.
The rest of the paper is organized as follows. Section 2 describes the main
idea of covert channel creation. Section 3 shows how symbols 1, 0 and
x
can be
extracted from transmitted data with the help of statistical methods. Conclu-
sions are provided in section 4.
2
Covert Channel Trough PROXY Server
Let us consider
m
+ 1 local networks segments
S
0
,S
1
, ..., S
m
containing work-
stations with local addresses and gateways connecting local networks with a
1
This work was supported by the Russian Foundation for Basic Research, grant 04-
01-00089.
