Information Technology Reference
In-Depth Information
are in control of the corresponding internal gateways GNH(
j
),
j
=0
,
1
, ..., m
.
Security Gateways SG(
i
) are considered to be totally secure, so they are out of
adversary agent control. Sending instruction from AGN to local agents can be
based on a channel from GNH(
j
)toLG(
j
), and information leak can be based
on a channel from LG(
j
) to GNH(
j
).
We suppose that the only dependent packet parameters known both to
GNH(
j
)andLG(
j
) are source addresses in case of incoming packets and destina-
tion addresses in case of outgoing packets. These dependencies can be expressed
by a function
s
=
f
(
a
) that maps internal addresses within a network segment
to a global network address of the corresponding gateway.
LG(
i
) can affect the order in which the packets are transmitted in the follow-
ing way. TCP protocol guarantees data recovery. If a packet is lost, TCP sends
a request to retransmit lost data. Let PROXY server have two open connec-
tions with workstations
a
1
and
a
2
passing data
A
1
and
A
2
correspondingly. It
is obvious that packets that were recovered earlier are put in SG(
i
) queue prior
to packets that were recovered later. Let an adversary agent in LG(
i
)wantto
make SG(
i
) queue equal to
A
1
A
2
. This goal can be achieved by the following
procedure. If packets containing
A
1
end earlier than packets containing
A
2
(an
adversary agent can delay packet transmissions to be sure that data transmission
is over), the agent does not do anything. Otherwise the agent in LG(
i
)delaysor
drops one of the packets transmitted by
a
2
(e.g. the final one). Then the agent
waits till
A
1
transmission is over and resends the delayed or dropped packet. So
if the assumption that the packet sequence from
a
1
to a single workstation in
some other segment contained data of a single connection
A
1
,andthepacket
sequence from
a
2
to a single workstation in some other segment contained data
of a single connection
A
2
is true, the above algorithm will change data order-
ing in SG(
i
) queue from the natural to the given order. A similar procedure is
applicable to the incoming data flow and GNH(
j
) agents. Let us note that this
procedure is stochastic because of randomness in packet arrival time — if SG(
i
)
sent
A
1
before
A
2
,
A
2
can still arive earlier, especially if
A
1
and
A
2
are small.
It is obvious that the probability of a correct permutation is greater for long
packet sequences transmitting large data segments.
Despite of possible errors we can construct a hidden language based on data
permutation in queue. Let an agent in LG(0) pass data to an agent GNH(0) in
a global network. The agent in LG(0) knows what data is being passed to the
addresses
s
j
,
j
=0
,
1
, ..., m
of SG(
j
). Let
s
j
be linearly ordered. Let
A
1
A
2
...A
k
be the data queue of length
k
at LG(0),
s
i
1
,s
i
2
, ..., s
i
k
be destination addresses.
The output queue
B
1
B
2
...B
2
r
at SG(1) is produced in the following way:
-
B
1
B
2
is equal to
A
1
A
2
,if
s
i
1
<s
i
2
;
-
B
1
B
2
is equal to
A
2
A
1
,if
s
i
1
>s
i
2
;
-
B
1
is equal to (or begins with)
A
1
A
2
,if
s
i
1
=
s
i
2
(
A
1
A
2
will be probably
transmitted in a single connection). In this case if
s
i
3
>s
i
1
,then
B
2
=
A
3
.
If
s
i
3
=
s
i
1
,then
B
1
is equal to (or begins with)
A
1
A
2
A
3
and
A
1
A
2
A
3
will
be probably transmitted in a single connection, etc.