Information Technology Reference
In-Depth Information
workstation with the address
y
in a segment
S
then it is transferred in the following
way: 1) at first the packet is transmitted to the host PC(
i
,1) from the host with the
address
x
in the segment
S
; 2) further the packet is transferred to the protection de-
vice PD(
i
), in which the whole packet is enciphered and encapsulated in another
packet (packets) with the sender address
s
,
after that
we consider that the packets have an identical length and that other packet format
parameters, but addresses cannot be used for construction of any covert channel;
3) the new packet from PD(
i
) is transferred to the host PC(
i
,2) of a global network,
which sends it through a global network to the similar host PC(
j
,2); 4) further the
packet is transferred to the protection device PD(
j
), where it is restored as the initial
packet which the source address
x
and the destination address
y
and is sent to PC(
j
,1);
5) PC(
j
,1) sends the packet to the host with destination address
y
in the segment
S
and the destination address
s
.
There are hardware/software adversary agents in a global network and in each
segment
S
. Each adversary agent in a segment needs the instructions
from the adversary in the global network. Let's consider, that the adversary in the
global network completely supervises computers PC(
j
,2),
j
= 0, 1, …,
m
. The adver-
sary hardware/software agents inside segments
S
, S
,…,S
supervise computers
PC(
j
,1),
j
= 0, 1, …,
m
. The protection devices are made correctly, so that no adver-
sary can supervise them. Thus, the communication of the hardware/software agent in
any of the segments with the adversary in the global network depends on the possibil-
ity of construction of the communication channel from PC(
j
,2) to PC(
j
,1). All hosts in
any segment do not know the addresses
s
, S
,…,S
. Also any of the hosts in a
global network (in particular, all hosts PC(
j
,2),
j
= 0, 1, …,
m
) does not know internal
addresses in segments. The encryption occur in the protection device, the adversary
cannot construct the channel of interaction with the hardware/software agent in a
segment using cipher text or service attributes of packets. Thus, we assume, that
unique dependent parameters, known for PC(
j
,2) and PC(
j
,1) in an entrance flow of
packets, are the source addresses, and in a target flow - destination addresses. This
dependence is expressed as function
s
=
f
(
x
), which maps the set of internal addresses
of each segment on the external address s of the appropriate gateway. The total num-
ber of possible addresses in
S
=
S
,
s
, …,
s
is equal
M.
Let us construct examples of languages for communication from the adversary
hardware/software agent in PC(0,2) to the adversary hardware/software agent in
PC(0,1) and back on the basis of dependence
s
=
f
(
x
).
We should invent a signal, which can be recognized by tracing system of the agent
in PC(0,1) and make active the agent in PC(0,1).
The simplest way consists of the following. Let
S
= {
s
∪…∪
S
} be divided into
two parts
S
(1) and
S
(2) in such a way that intensity of packet flow from the sources
S
(1) approximately equals to intensity of such flows from the sources
S
(2). Let
PC(0,2) send packets to PD(0) in turn from
S
(1) and
S
(2). The tracing system of the
agent in PC(0,1) calculates distances between packets coming from one address irre-
spective of the addressee of packets. If the packets in PD(0) are sent by the mentioned
above rule, all calculated distances are even (except for mistakes connected with in-
,…,
s