skip to main content
10.1145/2756601.2756604acmconferencesArticle/Chapter ViewAbstractPublication Pagesih-n-mmsecConference Proceedingsconference-collections
research-article

On Characterizing and Measuring Out-of-Band Covert Channels

Published: 17 June 2015 Publication History

Abstract

A methodology for characterizing and measuring out-of-band covert channels (OOB-CCs) is proposed and used to evaluate covert-acoustic channels (i.e., covert channels established using speakers and microphones). OOB-CCs are low-probability of detection/low-probability of interception channels established using commodity devices that are not traditionally used for communication (e.g., speaker and microphone, display and FM radio, etc.). To date, OOB-CCs have been declared "covert" if the signals used to establish these channels could not be perceived by a human adversary. This work examines OOB-CCs from the perspective of a passive adversary and argues that a different methodology is required in order to effectively assess OOB-CCs. Traditional communication systems are measured by their capacity and bit error rate; while important parameters, they do not capture the key measures of OOB-CCs: namely, the probability of an adversary detecting the channel and the amount of data that two covertly communicating parties can exchange without being detected. As a result, the adoption of the measure steganographic capacity is proposed and used to measure the amount of data (in bits) that can be transferred through an OOB-CC before a passive adversary's probability of detecting the channel reaches a given threshold. The theoretical steganographic capacity for discrete memoryless channels as well as additive white Gaussian noise channels is calculated in this paper and a case study is performed to measure the steganographic capacity of OOB covert-acoustic channels, when a passive adversary uses an energy detector to detect the covert communication. The case study reveals the conditions under which the covertly communicating parties can achieve perfect steganography (i.e., conditions under which data can be communicated without risk of detection).

References

[1]
A. Al-Haiqi, M. Ismail, and R. Nordin. A new sensors-based covert channel on Android. The Scientific World Journal, 2014, 2014.
[2]
R. J. Anderson and M. G. Kuhn. Soft tempest--an opportunity for NATO. Protecting NATO Information Systems in the 21st Century, 1999.
[3]
M. Backes, T. Chen, M. Duermuth, H. Lensch, and M. Welk. Tempest in a teapot: Compromising reflections revisited. In Security and Privacy, 2009 30th IEEE Symposium on, pages 315--327, May 2009.
[4]
M. Backes, M. Durmuth, and D. Unruh. Compromising reflections-or-how to read LCD monitors around the corner. In Security and Privacy, 2008. SP 2008. IEEE Symposium on, pages 158--169, May 2008.
[5]
B. Bash, D. Goeckel, and D. Towsley. Square root law for communication with low probability of detection on AWGN channels. In Information Theory Proceedings (ISIT), 2012 IEEE International Symposium on, pages 448--452, July 2012.
[6]
B. Bash, D. Goeckel, and D. Towsley. Limits of reliable communication with low probability of detection on AWGN channels. Selected Areas in Communications, IEEE Journal on, 31(9):1921--1930, September 2013.
[7]
B. A. Bash, D. Goeckel, and D. Towsley. LPD communication when the warden does not know when. CoRR, abs/1403.1013, 2014.
[8]
C. Cachin. An information-theoretic model for steganography. In Information Hiding, volume 1525 of Lecture Notes in Computer Science, pages 306--318. Springer Berlin Heidelberg, 1998.
[9]
B. Carrara and C. Adams. On acoustic covert channels between air-gapped systems. In Foundations and Practice of Security, volume 8930 of Lecture Notes in Computer Science, pages 3--16. Springer, 2015.
[10]
B. Carrara and C. Adams. Proofs for "On characterizing and measuring out-of-band covert channels". http://www.site.uottawa.ca/~cadams/papers/Appendix.pdf, 2015. Accessed: 2015-04-15.
[11]
P. H. Che, M. Bakshi, C. Chan, and S. Jaggi. Reliable, deniable and hidable communication. In Information Theory and Applications Workshop (ITA), 2014, pages 1--10, Feb 2014.
[12]
P. H. Che, M. Bakshi, C. Chan, and S. Jaggi. Reliable deniable communication with channel uncertainty. In Information Theory Workshop (ITW), 2014 IEEE, pages 30--34, Nov 2014.
[13]
P. H. Che, M. Bakshi, and S. Jaggi. Reliable deniable communication: Hiding messages in noise. In Information Theory Proceedings (ISIT), 2013 IEEE International Symposium on, pages 2945--2949, July 2013.
[14]
P. H. Che, M. Bakshi, and S. Jaggi. Reliable Deniable Communication: Hiding Messages in Noise. ArXiv e-prints, Apr. 2013.
[15]
T. M. Cover and J. A. Thomas. Elements of information theory. John Wiley & Sons, 2012.
[16]
M. J. Crocker. Handbook of acoustics. John Wiley & Sons, 1998.
[17]
L. Deshotels. Inaudible sound as a covert channel in mobile devices. In 8th USENIX Workshop on Offensive Technologies (WOOT 14), 2014.
[18]
T. Filler and J. Fridrich. Complete characterization of perfectly secure stego-systems with mutually independent embedding operation. In Acoustics, Speech and Signal Processing, 2009. ICASSP 2009. IEEE International Conference on, pages 1429--1432, April 2009.
[19]
T. Filler and J. Fridrich. Fisher information determines capacity of e-secure steganography. In Information Hiding, Lecture Notes in Computer Science, pages 31--47. Springer Berlin Heidelberg, 2009.
[20]
T. Filler, A. D. Ker, and J. Fridrich. The square root law of steganographic capacity for markov covers. In Proc. SPIE, volume 7254, pages 725408--725408--11, 2009.
[21]
V. Gerasimov and W. Bender. Things that talk: using sound for device-to-device and device-to-human communication. IBM Systems Journal, 39(3.4):530--546, 2000.
[22]
V. D. Gligor. A guide to understanding covert channel analysis of trusted systems. National Computer Security Center, 1994.
[23]
M. Guri, G. Kedma, A. Kachlon, and Y. Elovici. Airhopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies. In Malicious and Unwanted Software: The Americas (MALWARE), 2014 9th International Conference on, pages 58--67, Oct 2014.
[24]
M. Hanspach and M. Goetz. On covert acoustical mesh networks in air. CoRR, abs/1406.1213, 2014.
[25]
M. Hanspach and M. Goetz. Recent developments in covert acoustical communications. In Sicherheit, pages 243--254, 2014.
[26]
R. Hasan, N. Saxena, T. Haleviz, S. Zawoad, and D. Rinehart. Sensing-enabled channels for hard-to-detect command and control of mobile devices. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS '13, pages 469--480, 2013.
[27]
J. Hou and G. Kramer. Effective secrecy: Reliability, confusion and stealth. CoRR, abs/1311.1411, 2013.
[28]
A. Ker. Estimating steganographic fisher information in real images. In Information Hiding, volume 5806 of Lecture Notes in Computer Science, pages 73--88. Springer Berlin Heidelberg, 2009.
[29]
A. Ker. The square root law in stegosystems with imperfect information. In Information Hiding, volume 6387 of Lecture Notes in Computer Science, pages 145--160. Springer Berlin Heidelberg, 2010.
[30]
A. D. Ker. A capacity result for batch steganography. Signal Processing Letters, IEEE, 14(8):525--528, 2007.
[31]
A. D. Ker. The square root law requires a linear key. In Proceedings of the 11th ACM Workshop on Multimedia and Security, MM&Sec '09, pages 85--92. ACM, 2009.
[32]
A. D. Ker. The square root law does not require a linear key. In Proceedings of the 12th ACM Workshop on Multimedia and Security, MM&Sec '10, pages 213--224. ACM, 2010.
[33]
A. D. Ker, T. Pevny, J. Kodovsky, and J. Fridrich. The square root law of steganographic capacity. In Proceedings of the 10th ACM Workshop on Multimedia and Security, pages 107--116, 2008.
[34]
A. Kerckhoffs. La cryptographie militaire, volume 9. 1 1883.
[35]
L. E. Kinsler, A. R. Frey, A. B. Coppens, and J. V. Sanders. Fundamentals of acoustics. Fundamentals of Acoustics, 4th Edition, by Lawrence E. Kinsler, Austin R. Frey, Alan B. Coppens, James V. Sanders, pp. 560. ISBN 0-471-84789-5. Wiley-VCH, December 1999., 1, 1999.
[36]
M. Kuhn. Optical time-domain eavesdropping risks of CRT displays. In Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on, pages 3--18, 2002.
[37]
M. Kuhn and R. Anderson. Soft tempest: Hidden data transmission using electromagnetic emanations. In Information Hiding, volume 1525 of Lecture Notes in Computer Science, pages 124--142, 1998.
[38]
D. C. Latham. Department of Defense trusted computer system evaluation criteria. Department of Defense, 1986.
[39]
E. L. Lehmann and J. P. Romano. Testing statistical hypotheses. Springer, 2006.
[40]
M. LeMay and J. Tan. Acoustic surveillance of physically unmodified PCs. In Security and Management, pages 328--334, 2006.
[41]
F. J. Massey. The Kolmogorov-Smirnov test for goodness of fit. Journal of the American Statistical Association, 46(253):68--78, 1951.
[42]
I. S. Moskowitz and M. H. Kang. Covert channels-here to stay? In Computer Assurance, 1994. COMPASS'94 Safety, Reliability, Fault Tolerance, Concurrency and Real Time, Security. Proceedings of the Ninth Annual Conference on, pages 235--243. IEEE, 1994.
[43]
S. J. Murdoch. Hot or not: Revealing hidden services by their clock skew. In Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS '06, pages 27--36, 2006.
[44]
S. J. O'Malley and K.-K. R. Choo. Bridging the air gap: Inaudible data exfiltration by insiders. In 20th Americas Conference on Information Systems (AMCIS 2014), 2014.
[45]
R. L. Peterson, R. E. Ziemer, and D. E. Borth. Introduction to spread-spectrum communications, volume 995. Prentice Hall New Jersey, 1995.
[46]
J. G. Proakis. Digital communications. McGraw-Hill, New York, 2008.
[47]
I. S. Reed and G. Solomon. Polynomial codes over certain finite fields. Journal of the Society for Industrial & Applied Mathematics, 8(2):300--304, 1960.
[48]
C. E. Shannon. Communication theory of secrecy systems. Bell System Technical Journal, 28(4):656--715, 1949.
[49]
V. Subramanian, S. Uluagac, H. Cam, and R. Beyah. Examining the characteristics and implications of sensor side channels. In Communications (ICC), 2013 IEEE International Conference on, pages 2205--2210, June 2013.
[50]
E. Tromer. Acoustic cryptanalysis: on nosy people and noisy machines. Eurocrypt2004 Rump Session, May, 2004.
[51]
E. Tromer. Hardware-based cryptanalysis. Weizmann Institute of Science, Tese de Doutorado, 2007.
[52]
H. Urkowitz. Energy detection of unknown deterministic signals. Proceedings of the IEEE, 55(4):523--531, April 1967.
[53]
A. Wyner. The wire-tap channel. Bell System Technical Journal, The, 54(8):1355--1387, Oct 1975.
[54]
S. Zander, G. J. Armitage, and P. Branch. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys and Tutorials, 9(1-4):44--57, 2007.

Cited By

View all
  • (2023)Near-Ultrasonic Covert Channels Using Software-Defined Radio TechniquesProceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media10.1007/978-981-19-6414-5_10(169-189)Online publication date: 8-Mar-2023
  • (2020)Covert Communication With Polynomial Computational ComplexityIEEE Transactions on Information Theory10.1109/TIT.2019.295598766:3(1354-1384)Online publication date: Mar-2020
  • (2018)SoniControl - A Mobile Ultrasonic FirewallProceedings of the 26th ACM international conference on Multimedia10.1145/3240508.3241393(1250-1252)Online publication date: 15-Oct-2018
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
IH&MMSec '15: Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security
June 2015
182 pages
ISBN:9781450335874
DOI:10.1145/2756601
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 June 2015

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. covert channels
  2. covert-acoustic channels
  3. information hiding
  4. malware communication
  5. out-of-band covert channels
  6. steganographic capacity

Qualifiers

  • Research-article

Conference

IH&MMSec '15
Sponsor:

Acceptance Rates

IH&MMSec '15 Paper Acceptance Rate 20 of 45 submissions, 44%;
Overall Acceptance Rate 128 of 318 submissions, 40%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)7
  • Downloads (Last 6 weeks)1
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Near-Ultrasonic Covert Channels Using Software-Defined Radio TechniquesProceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media10.1007/978-981-19-6414-5_10(169-189)Online publication date: 8-Mar-2023
  • (2020)Covert Communication With Polynomial Computational ComplexityIEEE Transactions on Information Theory10.1109/TIT.2019.295598766:3(1354-1384)Online publication date: Mar-2020
  • (2018)SoniControl - A Mobile Ultrasonic FirewallProceedings of the 26th ACM international conference on Multimedia10.1145/3240508.3241393(1250-1252)Online publication date: 15-Oct-2018
  • (2016)Out-of-Band Covert Channels—A SurveyACM Computing Surveys10.1145/293837049:2(1-36)Online publication date: 30-Jun-2016
  • (2016)A Survey and Taxonomy Aimed at the Detection and Measurement of Covert ChannelsProceedings of the 4th ACM Workshop on Information Hiding and Multimedia Security10.1145/2909827.2930800(115-126)Online publication date: 20-Jun-2016
  • (2016)USBee: Air-gap covert-channel via electromagnetic emission from USB2016 14th Annual Conference on Privacy, Security and Trust (PST)10.1109/PST.2016.7906972(264-268)Online publication date: Dec-2016
  • (2016)Computationally efficient deniable communication2016 IEEE International Symposium on Information Theory (ISIT)10.1109/ISIT.2016.7541696(2234-2238)Online publication date: Jul-2016
  • (2016)Estimating the steganographic capacity of band-limited channels2016 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE)10.1109/CCECE.2016.7726723(1-5)Online publication date: May-2016

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media