survey

Out-of-Band Covert Channels—A Survey

Authors:
Brent Carrara

University of Ottawa, Ontario, Canada

University of Ottawa, Ontario, Canada
View Profile

,
Carlisle Adams

University of Ottawa, Ontario, Canada

University of Ottawa, Ontario, Canada
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 49 Issue 2Article No.: 23pp 1–36https://doi.org/10.1145/2938370

Published:30 June 2016Publication History

ACM Computing Surveys

Abstract

A novel class of covert channel, out-of-band covert channels, is presented by extending Simmons’ prisoners’ problem. This new class of covert channel is established by surveying the existing covert channel, device-pairing, and side-channel research. Terminology as well as a taxonomy for out-of-band covert channels is also given. Additionally, a more comprehensive adversarial model based on a knowledgeable passive adversary and a capable active adversary is proposed in place of the current adversarial model, which relies on an oblivious passive adversary. Last, general protection mechanisms are presented, and an argument for a general measure of “covertness” to effectively compare covert channels is given.

References

Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2003. The EM sidechannel (s). In Cryptographic Hardware and Embedded Systems-CHES 2002. Springer, Berlin, 29--45. Google ScholarDigital Library
Ahmed Al-Haiqi, Mahamod Ismail, and Rosdiadee Nordin. 2014. A new sensors-based covert channel on android. The Scientific World Journal 2014, Article ID 969628, 14 pages.Google Scholar
Ross Anderson, Mike Bond, Jolyon Clulow, and Sergei Skorobogatov. 2006. Cryptographic processors-a survey. Proc. IEEE 94, 2 (2006), 357--369.Google ScholarCross Ref
Ross Anderson, Serge Vaudenay, Bart Preneel, and Kaisa Nyberg. 1996. The Newton channel. In Information Hiding (Lecture Notes in Computer Science), Ross Anderson (Ed.), Vol. 1174. Springer, Berlin, 151--156. Google ScholarDigital Library
Ross J. Anderson and Markus G. Kuhn. 1999. Soft tempest--An opportunity for NATO. Protecting NATO Information Systems in the 21st Century (1999).Google Scholar
Ross J. Anderson and Fabien A. P. Petitcolas. 1998. On the limits of steganography. IEEE J. Select. Areas Commun. 16, 4 (1998), 474--481. Google ScholarDigital Library
Micahel Backes, Tongbo Chen, Markus Duermuth, Hendrik Lensch, and Martin Welk. 2009. Tempest in a teapot: Compromising reflections revisited. In 2009 30th IEEE Symposium on Security and Privacy. IEEE Los Alamitos, CA, 315--327. Google ScholarDigital Library
Michael Backes, Markus Durmuth, and Dominique Unruh. 2008. Compromising reflections-or-how to read LCD monitors around the corner. In IEEE Symposium on Security and Privacy, 2008 (SP 2008). IEEE, Los Alamitos, CA, 158--169. Google ScholarDigital Library
Dirk Balfanz, Diana K. Smetters, Paul Stewart, and H. Chi Wong. 2002. Talking to strangers: Authentication in ad-hoc wireless networks. In Network and Distributed System Security Symposium.Google Scholar
D. Elliott Bell and Leonard J. LaPadula. 1973. Secure Computer Systems: Mathematical Foundations. Technical Report. Defense Technical Information Center Document.Google Scholar
Krista Bennett. 2004. Linguistic Steganography: Survey, Analysis, and Robustness Concerns for Hiding Information in Text. Technical Report. Purdue University. CERIAS TR 2004-13.Google Scholar
Kenneth J. Biba. 1977. Integrity Considerations for Secure Computer Systems. Technical Report. Defense Technical Information Center Document.Google Scholar
Brent Carrara and Carlisle Adams. 2015a. On acoustic covert channels between air-gapped systems. In Foundations and Practice of Security, Frdric Cuppens, Joaquin Garcia-Alfaro, Nur Zincir Heywood, and Philip W. L. Fong (Eds.). Lecture Notes in Computer Science, Vol. 8930. Springer International Publishing, Berlin, 3--16.Google Scholar
Brent C. Carrara and Carlisle Adams. 2015b. On characterizing and measuring out-of-band covert channels. In Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security (IH&MMSec’’15). ACM, New York, NY, 43--54. Google ScholarDigital Library
Rajarathnam Chandramouli, Mehdi Kharrazi, and Nasir Memon. 2004. Image steganography and steganalysis: Concepts and practice. In Digital Watermarking. Springer, Berlin, 35--49.Google Scholar
Suresh Chari, Josyula R. Rao, and Pankaj Rohatgi. 2003. Template attacks. In Cryptographic Hardware and Embedded Systems-CHES 2002. Springer, Berlin, 13--28. Google ScholarDigital Library
David L. Chaum. 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 2 (1981), 84--90. Google ScholarDigital Library
Pak Hou Che, S. Kadhe, M. Bakshi, Chung Chan, S. Jaggi, and A. Sprintson. 2014. Reliable, deniable and hidable communication: A quick survey. In Information Theory Workshop (ITW), 2014 IEEE. 227--231.Google Scholar
David D. Clark and David R. Wilson. 1987. A comparison of commercial and military computer security policies. In 2012 IEEE Symposium on Security and Privacy. IEEE Computer Society, 184--184.Google Scholar
Alexander J. Cohen, Edward K. Y. Jung, Royce A. Levien, Robert W. Lord, Mark A. Malamud, and John D. Rinaldo Jr. 2011. Device pairing via device to device contact. (April 12 2011). US Patent 7,925,022.Google Scholar
George Danezis and Claudia Diaz. 2008. A Survey of Anonymous Communication Channels. Technical Report. Technical Report MSR-TR-2008-35, Microsoft Research.Google Scholar
Luke Deshotels. 2014. Inaudible sound as a covert channel in mobile devices. In Proceedings of the 8th USENIX Conference on Offensive Technologies (WOOT’14). USENIX Association, Berkeley, CA, USA, 16--16. http://dl.acm.org/citation.cfm?id=2671293.2671309. Google ScholarDigital Library
Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Second-Generation Onion Router. Technical Report. Defense Technical Information Center Document.Google ScholarCross Ref
Natacha Domingues, Joao Lacerda, Pedro M. Q. Aguiar, and Cristina V. Lopes. 2002. Aerial communications using piano, clarinet, and bells. In 2002 IEEE Workshop on Multimedia Signal Processing. IEEE, 460--463.Google Scholar
Shiwei Dong, Xu Jiadong, Haobin Zhang, and Wu Changying. 2002. On compromising emanations from computer VDU and its interception. In Electromagnetic Compatibility, 2002 3rd International Symposium on. IEEE, Los Alamitos, CA, 692--695.Google ScholarCross Ref
Fürkan Elibol, Uğur Sarac, and Işin Erer. 2012. Realistic eavesdropping attacks on computer displays with low-cost and mobile receiver system. In Signal Processing Conference (EUSIPCO), 2012 Proceedings of the 20th European. IEEE, Los Alamitos, CA, 1767--1771.Google Scholar
Karine Gandolfi, Christophe Mourtel, and Francis Olivier. 2001. Electromagnetic analysis: Concrete results. In Cryptographic Hardware and Embedded Systems CHES 2001 (Lecture Notes in Computer Science), Vol. 2162. Springer, Berlin, 251--261. Google ScholarDigital Library
Matthias Gauger, Olga Saukh, and Pedro J. Marron. 2009. Enlighten me&excl; Secure key assignment in wireless sensor networks. In Mobile Adhoc and Sensor Systems, 2009. MASS’09. IEEE 6th International Conference on. IEEE, Los Alamitos, Ca, 246--255.Google Scholar
Daniel Genkin, Adi Shamir, and Eran Tromer. 2013. RSA key extraction via low-bandwidth acoustic cryptanalysis. IACR Cryptology ePrint Archive 2013 (2013), 857.Google Scholar
Vadim Gerasimov and Walter Bender. 2000. Things that talk: Using sound for device-to-device and device-to-human communication. IBM Syst. J. 39, 3.4 (2000), 530--546. Google ScholarDigital Library
Annarita Giani, Vincent H. Berk, and George V. Cybenko. 2006. Data exfiltration and covert channels. Proc. SPIE 6201 (2006), 620103--620103--11.Google Scholar
Christophe Giraud and Hugues Thiebeauld. 2004. A survey on fault attacks. In Smart Card Research and Advanced Applications VI. Springer, Berlin, 159--176.Google Scholar
C. Gray Girling. 1987. Covert channels in LAN’s. IEEE Trans. Softw. Eng. 2 (1987), 292--296. Google ScholarDigital Library
Alvin Glenn. 1983. Low probability of intercept. IEEE Commun. Mag. 21, 4 (1983), 26--33. Google ScholarDigital Library
Virgil D. Gligor. 1994. A Guide to Understanding Covert Channel Analysis of Trusted Systems. National Computer Security Center.Google Scholar
Joseph A. Goguen and José Meseguer. 1982. Security policies and security models. In 2012 IEEE Symposium on Security and Privacy. IEEE Computer Society, 11--11.Google Scholar
David Jeffrey Griffiths and Reed College. 1999. Introduction to Electrodynamics. Vol. 3. Prentice Hall, Upper Saddle River, NJ.Google Scholar
Mordechai Guri, Gabi Kedma, Assaf Kachlon, and Yuval Elovici. 2014. AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies. In 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE). 58--67.Google ScholarCross Ref
J. Thomas Haigh, Richard A. Kemmerer, John McHugh, and William D. Young. 1987. An experience using two covert channel analysis techniques on a real system design. IEEE Trans. Softw. Eng. 2 (1987), 157--168. Google ScholarDigital Library
Tzipora Halevi and Nitesh Saxena. 2010. On pairing constrained wireless devices based on secrecy of auxiliary channels: The case of acoustic eavesdropping. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS’10). ACM, New York, NY, 97--108. Google ScholarDigital Library
George S. Hanna, Robert J. Higgins, John B. Preston, and Daniel A. Tealdi. 2009. Method and system for near-field wireless device pairing. (Aug. 3 2009). US Patent App. 12/534,246.Google Scholar
Michael Hanspach and Michael Goetz. 2013. On covert acoustical mesh networks in air. J. Commun. 8, 11 (2013).Google ScholarCross Ref
Michael Hanspach and Michael Goetz. 2014. Recent developments in covert acoustical communications. In Sicherheit (Safety) 2014 (Lecture Notes in Informatics). 243--254.Google Scholar
Michael Hanspach and Jörg Keller. 2014. A taxonomy for attack patterns on information flows in component-based operating systems. Computing Research Repository abs/1403.1165 (2014). http://arxiv.org/abs/1403.1165.Google Scholar
Ragib Hasan, Nitesh Saxena, Tzipora Haleviz, Shams Zawoad, and Dustin Rinehart. 2013. Sensing-enabled channels for hard-to-detect command and control of mobile devices. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (ASIA CCS’13). ACM, New York, NY, 469--480. Google ScholarDigital Library
Jingsha He and Virgil D. Gligor. 1990. Information-flow analysis for covert-channel identification in multilevel secure operating systems. In Computer Security Foundations Workshop III, 1990. Proceedings. IEEE, 139--148.Google Scholar
Harold Joseph Highland. 1988. The tempest over leaking computers. Abacus 5, 2 (1988), 10--18. Google ScholarDigital Library
Zhang Hongxin, Huang Yuewang, Wang Jianxin, Lu Yinghua, and Zhang Jinling. 2009. Recognition of electro-magnetic leakage information from computer radiation with SVM. Comput. Security 28, 1 (2009), 72--76. Google ScholarDigital Library
Wei-Ming Hu. 1992. Reducing timing channels with fuzzy time. J. Comput. Security 1, 3 (1992), 233--254. Google ScholarDigital Library
P. Jayaram, H. R. Ranganatha, and H. S. Anupama. 2011. Information hiding using audio steganography--A survey. Int. J. Multimed. Appl. 3 (2011), 86--96.Google Scholar
Neil F. Johnson and Stefan Katzenbeisser. 2000. A survey of steganographic techniques. In Information Hiding. Artech House, Norwood, MA, 43--78.Google Scholar
Myong H. Kang and Ira S. Moskowitz. 1993. A pump for rapid, reliable, secure communication. In Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS’93). ACM, New York, NY 119--129. Google ScholarDigital Library
Paul A. Karger and John C. Wray. 1991. Storage channels in disk arm optimization. In 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 1991, Proceedings.. IEEE Computer Society, 52--61.Google Scholar
Richard A. Kemmerer. 1983. Shared resource matrix methodology: An approach to identifying storage and timing channels. ACM Trans. Comput. Syst. 1, 3 (1983), 256--277. Google ScholarDigital Library
Richard A. Kemmerer and Phillip A. Porras. 1991. Covert flow trees: A visual approach to analyzing covert storage channels. IEEE Trans. Softw. Eng. 17, 11 (1991), 1166--1185. Google ScholarDigital Library
Auguste Kerckhoffs. 1883. La Cryptographie Militaire. Vol. 9. 5--38 pages.Google Scholar
Fouad Kiamilev, Ryan Hoover, Ray Delvecchio, Nicholas Waite, Stephen Janansky, Rodney McGee, Corey Lange, and Michael Stamat. 2008. Demonstration of hardware Trojans. DEFCON 16 (2008).Google Scholar
Alfred Kobsa, Rahim Sonawalla, Gene Tsudik, Ersin Uzun, and Yang Wang. 2009. Serial hook-ups: A comparative usability study of secure device pairing methods. In Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS’09). ACM, New York, NY, Article 10, 12 pages. Google ScholarDigital Library
Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Advances in Cryptology CRYPTO 99 (Lecture Notes in Computer Science), Michael Wiener (Ed.), Vol. 1666. Springer, Berlin, 388--397. Google ScholarDigital Library
N. E. Köksaldi, S. S. Şeker, and B. Sankur. 1998. Information extraction from the radiation of VDUs by pattern recognition methods. In EMC’98: Electromagnetic Compatibility Conference. 678--683.Google Scholar
Markus G. Kuhn. 2002. Optical time-domain eavesdropping risks of CRT displays. In Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on. IEEE, Los Alamitos, CA, 3--18. Google ScholarDigital Library
Markus G. Kuhn. 2005. Electromagnetic eavesdropping risks of flat-panel displays. In Privacy Enhancing Technologies (Lecture Notes in Computer Science), David Martin and Andrei Serjantov (Eds.), Vol. 3424. Springer, Berlin, 88--107. Google ScholarDigital Library
Markus G. Kuhn. 2006. Eavesdropping attacks on computer displays. Information Security Summit (2006).Google Scholar
Markus G. Kuhn and Ross J. Anderson. 1998. Soft tempest: Hidden data transmission using electromagnetic emanations. In Information Hiding (Lecture Notes in Computer Science), Vol. 1525. Springer, Berlin, 124--142.Google Scholar
Arun Kumar, Nitesh Saxena, Gene Tsudik, and Ersin Uzun. 2009. Caveat eptor: A comparative study of secure device pairing methods. In Pervasive Computing and Communications, 2009. PerCom 2009. IEEE International Conference on. IEEE, Los Alamitos, CA, 1--10. Google ScholarDigital Library
Butler W. Lampson. 1973. A note on the confinement problem. Commun. ACM 16, 10 (1973), 613--615. Google ScholarDigital Library
Ulf Landström. 1990. Noise and fatigue in working environments. Environ. Int. 16, 4 (1990), 471--476.Google ScholarCross Ref
Donald C. Latham. 1986. Department of Defense Trusted Computer System Evaluation Criteria. National Computer Security Center.Google Scholar
Ki-Seung Lee and Richard V. Cox. 2001. A very low bit rate speech coder based on a recognition/synthesis paradigm. IEEE Trans. Speech Audio Process. 9, 5 (2001), 482--491.Google ScholarCross Ref
Michael LeMay and Jack Tan. 2006. Acoustic surveillance of physically unmodified PCs. In Security and Management. Citeseer, 328--334.Google Scholar
Geert Leus and Paul A. van Walree. 2008. Multiband OFDM for covert acoustic communications. IEEE J. Select. Areas Commun. 26, 9 (2008), 1662--1673. Google ScholarDigital Library
Yang Li, Kazuo Ohta, and Kazuo Sakiyama. 2012. New fault-based side-channel attack using fault sensitivity. IEEE Trans. Forens. Security 7, 1 (2012), 88--97. Google ScholarDigital Library
Michael Libes. 2002. Method and system for communication between two wireless-enabled devices. (February 2002). US Patent App. 10/087,536.Google Scholar
Lang Lin, Markus Kasper, Tim Güneysu, Christof Paar, and Wayne Burleson. 2009. Trojan side-channels: Lightweight hardware Trojans through side-channel engineering. In Cryptographic Hardware and Embedded Systems-CHES 2009. Springer, Berlin, 382--395. Google ScholarDigital Library
Jun Ling, Hao He, Jian Li, William Roberts, and Petre Stoica. 2010. Covert underwater acoustic communications. J. Acoust. Soc. Am. 128, 5 (2010), 2898--2909.Google ScholarCross Ref
Lu Ling, Nie Yan, and Zhang Hongjin. 1997. The electromagnetic leakage and protection for computer. In Electromagnetic Compatibility Proceedings, 1997 International Symposium on. IEEE, Los Alamitos, CA, 378--382.Google ScholarCross Ref
Steven B. Lipner. 1975. A comment on the confinement problem. SIGOPS Oper. Syst. Rev. 9, 5 (Nov. 1975), 192--196. Google ScholarDigital Library
Keith Loepere. 1985. Resolving covert channels within a B2 class secure system. ACM SIGOPS Operat. Syst. Rev. 19, 3 (1985), 9--28. Google ScholarDigital Library
Cristina V. Lopes and Pedro M. Q. Aguiar. 2001. Aerial acoustic communications. In Applications of Signal Processing to Audio and Acoustics, 2001 IEEE Workshop on the. IEEE, Los Alamitos, CA, 219--222.Google Scholar
Cristina Videira Lopes and Pedro M. Q. Aguiar. 2003. Acoustic modems for ubiquitous computing. IEEE Perv. Comput. 2, 3 (2003), 62--71. Google ScholarDigital Library
Cristina Videira Lopes and Pedro M. Q. Aguiar. 2010. Alternatives to speech in low bit rate communication systems. Computing Research Repository abs/1010.3951 (2010). http://arxiv.org/abs/1010.3951.Google Scholar
Joe Loughry and David A. Umphress. 2002. Information leakage from optical emanations. ACM Trans. Inform. Syst. Security 5, 3 (2002), 262--289. Google ScholarDigital Library
Anil Madhavapeddy, David Scott, and Richard Sharp. 2003. Context-aware computing with sound. In UbiComp 2003: Ubiquitous Computing (Lecture Notes in Computer Science), AnindK. Dey, Albrecht Schmidt, and JosephF. McCarthy (Eds.), Vol. 2864. Springer, Berlin, 315--332.Google Scholar
A. Madhavapeddy, R. Sharp, D. Scott, and A. Tse. 2005. Audio networking: The forgotten wireless technology. IEEE Perv. Comput. 4, 3 (July 2005), 55--60. Google ScholarDigital Library
Claudio Marforio, Hubert Ritzdorf, Aurélien Francillon, and Srdjan Capkun. 2012. Analysis of the communication between colluding applications on modern smartphones. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC’12). ACM, New York, NY, 51--60. Google ScholarDigital Library
Philip Marquardt, Arunabh Verma, Henry Carter, and Patrick Traynor. 2011. (Sp)iPhone: Decoding vibrations from nearby keyboards using mobile phone accelerometers. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM, New York, NY, 551--562. Google ScholarDigital Library
Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. 2005. Seeing-is-believing: Using camera phones for human-verifiable authentication. In Security and Privacy, 2005 IEEE Symposium on. IEEE, Los Alamitos, CA, 110--124. Google ScholarDigital Library
John McDermott. 1994. The B2/C3 Problem: How Big Buffers Overcome Covert Channel Cynicism in Trusted Database Systems. Technical Report. Defense Technical Information Center Document.Google Scholar
Catherine Meadows and Ira S. Moskowitz. 1996. Covert channels - A context-based view. In Information Hiding (Lecture Notes in Computer Science), Ross Anderson (Ed.), Vol. 1174. Springer, Berlin, 73--93. Google ScholarDigital Library
Peter M. Melliar-Smith and Louise E. Moser. 1991. Protection against covert storage and timing channels. In Computer Security Foundations Workshop IV, 1991. Proceedings. IEEE, Los Alamitos, 209--214.Google Scholar
Jonathan K. Millen. 1976. Security kernel validation in practice. Commun. ACM 19, 5 (1976), 243--250. Google ScholarDigital Library
Jonathan K. Millen. 1989. Finite-state noiseless covert channels. In Computer Security Foundations Workshop II, 1989., Proceedings of the. IEEE, Los Alamitos, CA, 81--86.Google ScholarCross Ref
Jonathan K. Millen. 1999. 20 years of covert channel modeling and analysis. In Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on. IEEE, Los Alamitos, CA, 113--114.Google ScholarCross Ref
I. S. Moskowitz and A. R. Miller. 1994. Simple timing channels. In Research in Security and Privacy, 1994. Proceedings., 1994 IEEE Computer Society Symposium on. IEEE, Los Alamitos, CA, 56--64. Google ScholarDigital Library
Ira S. Moskowitz and Myong H. Kang. 1994. Covert channels-here to stay? In Computer Assurance, 1994. COMPASS’94 Safety, Reliability, Fault Tolerance, Concurrency and Real Time, Security. Proceedings of the Ninth Annual Conference on. IEEE, Los Alamitos, CA, 235--243.Google Scholar
Ira S. Moskowitz and Allen R. Miller. 1992. The channel capacity of a certain noisy timing channel. IEEE Trans. Inform. Theor. 38, 4 (1992), 1339--1344. Google ScholarDigital Library
Steven J. Murdoch. 2006. Hot or not: Revealing hidden services by their clock skew. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06). ACM, New York, NY, 27--36. Google ScholarDigital Library
Rajalakshmi Nandakumar, Krishna Kant Chintalapudi, Venkat Padmanabhan, and Ramarathnam Venkatesan. 2013. Dhwani: Secure peer-to-peer acoustic NFC. SIGCOMM Comput. Commun. Rev. 43, 4 (Aug. 2013), 63--74. Google ScholarDigital Library
NetDocuments. 2014. File Sizes and Types. (2014). http://help.netdocuments.com/file-sizes/.Google Scholar
Ed Novak, Yutao Tang, Zijiang Hao, Qun Li, and Yifan Zhang. 2015. Physical media covert channels on smart mobile devices. In Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp’15). ACM, New York, NY, 367--378. Google ScholarDigital Library
NSA. 2013. NSA’s ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware. (2013). http://leaksource.info/2013/12/30/nsas-ant-division-catalog-of-exploits-for-nearly-every-major-software-hardware-firmware/Google Scholar
Samuel Joseph OMalley and Kim-Kwang Raymond Choo. 2014. Bridging the air gap: Inaudible data exfiltration by insiders. In 20th Americas Conference on Information Systems (AMCIS 2014). To appear.Google Scholar
Toni Perković, Ivo Stančić, Luka Mališa, and Mario Čagalj. 2009. Multichannel protocols for user-friendly and scalable initialization of sensor networks. In Security and Privacy in Communication Networks. Springer, Berlin, 228--247.Google Scholar
Roger L. Peterson, Rodger E. Ziemer, and David E. Borth. 1995. Introduction to Spread-Spectrum Communications. Vol. 995. Prentice Hall, Upper Saddle River, NJ. Google ScholarDigital Library
Fabien A. P. Petitcolas, Ross J. Anderson, and Markus G. Kuhn. 1999. Information hiding-a survey. Proc. IEEE 87, 7 (1999), 1062--1078.Google ScholarCross Ref
Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management. http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf. (Aug. 2010). v0.34.Google Scholar
Andreas Pfitzmann and Michael Waidner. 1987. Networks without user observability. Comput. Security 6, 2 (1987), 158--166. Google ScholarDigital Library
Birgit Pfitzmann. 1996. Information hiding terminology - results of an informal plenary meeting and additional proposals. In Proceedings of the First International Workshop on Information Hiding. Springer-Verlag, London, 347--350. http://dl.acm.org/citation.cfm?id=647594.731530. Google ScholarDigital Library
Andreas Polydoros and Charles L. Weber. 1985. Detection performance considerations for direct-sequence and time-hopping LPI waveforms. IEEE J. Select. Areas Commun. 3, 5 (1985), 727--744. Google ScholarDigital Library
John G. Proakis. 2008. Digital Communications. McGraw-Hill, New York.Google Scholar
Niels Provos and Peter Honeyman. 2003. Hide and seek: An introduction to steganography. IEEE Security Priv. 1, 3 (2003), 32--44. Google ScholarDigital Library
Rahul Raguram, Andrew M. White, Dibyendusekhar Goswami, Fabian Monrose, and Jan-Michael Frahm. 2011. iSpy: Automatic reconstruction of typed input from compromising reflections. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM, New York, NY, 527--536. Google ScholarDigital Library
Michael K. Reiter and Aviel D. Rubin. 1998. Crowds: Anonymity for web transactions. ACM Trans. Inform. Syst. Security 1, 1 (1998), 66--92. Google ScholarDigital Library
James W. Gray III. 1993. On introducing noise into the bus-contention channel. In Research in Security and Privacy, 1993. Proceedings. 1993 IEEE Computer Society Symposium on. IEEE, Los Alamitos, CA, 90--98. Google ScholarDigital Library
John Rinaldo, Royce Levien, Robert Lord, Alexander Cohen, Mark Malamud, Edward Jung, and others. 2005. Device pairing via human initiated contact. (May 24 2005). US Patent App. 11/137,859.Google Scholar
Rodrigo Roman and Javier Lopez. 2008. KeyLED - transmitting sensitive data over out-of-band channels in wireless sensor networks. In Mobile Ad Hoc and Sensor Systems, 2008. MASS 2008. 5th IEEE International Conference on. IEEE, Los Alamitos, CA, 796--801.Google ScholarCross Ref
David Samyde, Sergei Skorobogatov, Ross Anderson, and Jean-Jacques Quisquater. 2002. On a new way to read data from memory. In Security in Storage Workshop, 2002. Proceedings. First International IEEE. IEEE, Los Alamitos, CA, 65--69. Google ScholarDigital Library
Nitesh Saxena, J.-E. Ekberg, Kari Kostiainen, and N. Asokan. 2011. Secure device pairing based on a visual channel: Design and usability study. IEEE Trans. Inform. Forens. Security 6, 1 (2011), 28--38. Google ScholarDigital Library
Nitesh Saxena, Md. Borhan Uddin, and Jonathan Voris. 2008. Universal device pairing using an auxiliary device. In Proceedings of the 4th Symposium on Usable Privacy and Security (SOUPS’08). ACM, New York, NY, 56--67. Google ScholarDigital Library
Nitesh Saxena, Md Borhan Uddin, and Jonathan Voris. 2009. Treat’em like other devices: User authentication of multiple personal RFID tags. In SOUPS, Vol. 9. Citeseer, 1--1. Google ScholarDigital Library
Marvin Schaefer, Barry Gold, Richard Linde, and John Scheid. 1977. Program confinement in KVM/370. In Proceedings of the 1977 Annual Conference (ACM’77). ACM, New York, NY, 404--410. Google ScholarDigital Library
Ralph Schoolcraft. 1991. Low probability of detection communications-LPD waveform design and detection techniques. In Military Communications Conference, 1991. MILCOM’91, Conference Record, Military Communications in a Changing World. IEEE, Los Alamitos, CA, 832--840 vol.2.Google ScholarCross Ref
Hidenori Sekiguchi. 2009. Measurement of radiated computer RGB signals. Progr. Electromagn. Res. C 7 (2009), 1--12.Google ScholarCross Ref
Shiuh-Pyng Shieh and Arbee L. P. Chen. 1999. Estimating and measuring covert channel bandwidth in multilevel secure operating systems. J. Inf. Sci. Eng. 15, 1 (1999), 91--106.Google Scholar
Gustavus J. Simmons. 1984. The prisoners problem and the subliminal channel. In Advances in Cryptology, David Chaum (Ed.). Springer, Berlin, 51--67.Google Scholar
Gustavus J. Simmons. 1985. The subliminal channel and digital signatures. In Advances in Cryptology (Lecture Notes in Computer Science), Thomas Beth, Norbert Cot, and Ingemar Ingemarsson (Eds.), Vol. 209. Springer, Berlin, 364--378. Google ScholarDigital Library
Gustavus J. Simmons. 1994. Subliminal communication is easy using the DSA. In Advances in Cryptology EUROCRYPT 93 (Lecture Notes in Computer Science), Tor Helleseth (Ed.), Vol. 765. Springer, Berlin, 218--232. Google ScholarDigital Library
Hitesh Singh, Pradeep Kumar Singh, and Kriti Saroha. 2009. A survey on text based steganography. In Proceedings of the 3rd National Conference. 3--9.Google Scholar
Peter Smulders. 1990. The threat of information theft by reception of electromagnetic radiation from RS-232 cables. Comput. Security 9, 1 (1990), 53--58. Google ScholarDigital Library
Sang Hyuk Son, Ravi Mukkamala, and Rasikan David. 2000. Integrating security and real-time requirements using covert channel capacity. IEEE Knowl. Data Eng. 12, 6 (2000), 865--879. Google ScholarDigital Library
Ahren Studer, Timothy Passaro, and Lujo Bauer. 2011. Don’t bump, shake on it: The exploitation of a popular accelerometer-based smart phone exchange and its secure replacement. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC’11). ACM, New York, NY, 333--342. Google ScholarDigital Library
Venkatachalam Subramanian, Selcuk Uluagac, Hasan Cam, and Raheem Beyah. 2013. Examining the characteristics and implications of sensor side channels. In 2013 IEEE International Conference on Communications (ICC). IEEE, Los Alamitos, CA, 2205--2210.Google ScholarCross Ref
Hidema Tanaka. 2007. Information leakage via electromagnetic emanations and evaluation of tempest countermeasures. In Information Systems Security. Springer, Berlin, 167--179. Google ScholarDigital Library
Hidema Tanaka, Osamu Takizawa, and Akihiro Yamamura. 2005. Evaluation and improvement of the tempest fonts. In Information Security Applications. Springer, 457--469. Google ScholarDigital Library
Eran Tromer. 2004. Acoustic cryptanalysis: On nosy people and noisy machines. Eurocrypt2004 Rump Session, May (2004).Google Scholar
Eran Tromer. 2007. Hardware-based Cryptanalysis. Ph. D. Dissertation. Weizmann Institute of Science, Tese de Doutorado. http://www.tau.ac.il/tromer/papers/tromer-phd.pdf (Date last accessed: October 20, 2015).Google Scholar
Jonathan T. Trostle. 1993. Modelling a fuzzy time system. J. Comput. Security 2, 4 (1993), 291--309. Google ScholarDigital Library
C.-R. Tsai, Virgil D. Gligor, and C. Sekar Chandersekaran. 1990. On the identification of covert storage channels in secure systems. IEEE Trans. Softw. Eng. 16, 6 (1990), 569--580. Google ScholarDigital Library
Wim Van Eck. 1985. Electromagnetic radiation from video display units: An eavesdropping risk? Comput. Security 4, 4 (1985), 269--286. Google ScholarDigital Library
Paul A. van Walree, Thorsten Ludwig, Connie Solberg, Erland Sangfelt, Arto Laine, Giacomo Bertolotto, and Anders Ishøy. 2009. UUV covert acoustic communications. In Proceedings of the 3rd Conference on Underwater Acoustic Measurements: Technologies and Results.Google Scholar
Serge Vaudenay. 2005. Secure communications over insecure channels based on short authenticated strings. In Advances in Cryptology CRYPTO 2005 (Lecture Notes in Computer Science), Victor Shoup (Ed.), Vol. 3621. Springer, Berlin, 309--326. Google ScholarDigital Library
Steffen Wendzel, Sebastian Zander, Bernhard Fechner, and Christian Herdin. 2015. Pattern-based survey and categorization of network covert channel techniques. ACM Comput. Surv. 47, 3, Article 50 (April 2015), 26 pages. Google ScholarDigital Library
Wikipedia. 2014. Bump (application). (2014). https://en.wikipedia.org/wiki/Bump_(application)Google Scholar
John C. Wray. 1992. An analysis of covert timing channels. J. Comput. Security 1, 3 (1992), 219--232. Google ScholarDigital Library
Sebastian Zander, Grenville J. Armitage, and Philip Branch. 2007. A survey of covert channels and countermeasures in computer network protocols. IEEE Commun. Surv. Tutorials 9, 1-4 (2007), 44--57. Google ScholarDigital Library
Sebastian Zander, Philip Branch, and Grenville Armitage. 2011. Capacity of temperature-based covert channels. IEEE Commun. Lett. 15, 1 (2011), 82--84.Google ScholarCross Ref
Yong Bin Zhou and Deng Guo Feng. 2005. Side-channel attacks: Ten years after its publication and the impacts on cryptographic module security testing. IACR Cryptology ePrint Archive (2005), 388.Google Scholar

Index Terms

Out-of-Band Covert Channels—A Survey

Recommendations

Pattern-Based Survey and Categorization of Network Covert Channel Techniques

Network covert channels are used to hide communication inside network protocols. Various techniques for covert channels have arisen in the past few decades. We surveyed and analyzed 109 techniques developed between 1987 and 2013 and show that these ...
Read More
A Survey and Taxonomy Aimed at the Detection and Measurement of Covert Channels
IH&MMSec '16: Proceedings of the 4th ACM Workshop on Information Hiding and Multimedia Security

New viewpoints of covert channels are presented in this work. First, the origin of covert channels is traced back to acc ess control and a new class of covert channel, air-gap covert channels, is presented. Second, we study the design of covert channels ...
Read More
IP Covert Channel Detection

A covert channel can occur when an attacker finds and exploits a shared resource that is not designed to be a communication mechanism. A network covert channel operates by altering the timing of otherwise legitimate network traffic so that the arrival ...
Read More

Reviews

Reviewer: Steffen Wendzel

In recent years, covert channels were shifted back into the focus of research. These channels can be used to communicate in a stealthy way not recognizable by third parties. Typical application scenarios for covert channels are to hide a data exfiltration or to ensure stealthy malware communication. Among the recent domains of covert channel research are network covert channels, local covert channels (especially on smartphones), and the addressed out-of-band channels. Out-of-band covert channels transfer their hidden information using a shared medium, for example air, temperature, or light. For instance, in air, inaudible signals can be used to realize a secret data transfer. Carrara and Adams present a first survey of out-of-band covert channels. Their work introduces a modified version of Simmons' Prisoners' Problem. The work also includes terminology that places out-of-band channels into the context of other types of covert channels. Out-of-band covert channels are then studied per medium, shedding light on channels based on acoustics, light, vibration, magnetics, temperature, and radio frequency. A summary compares these channels. Finally, a novel taxonomy for out-of-band covert channels is presented. The intended audience, as mentioned by the authors, is the secure systems development community and potential users of covert channels. However, the work serves also as a good starting point for everybody interested in this evolving type of covert channel. The publication is well structured and well written and thus also accessible to people who are new to the field. However, Carrara's and Adams' core idea for a definition of out-of-band covert channels is to split out-of-band covert channels from single-host covert channels (that is, covert channels on a local host). Here lies a weak point of the proposed terminology since so-called "covert physical channels" are referred to as single-host channels by Carrara and Adams although other authors use the term "covert physical channel" also for networked air-gap channels, that is, a type of out-of-band channels. This fact weakens the paper's definition of its core term. Despite this aspect, the literature survey and analysis of out-of-band channels is a solid work that provides a comprehensive overview and taxonomy on the different types of out-of-band covert channels. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 49, Issue 2
June 2017
747 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/2966278
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL 32611
Issue’s Table of Contents
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 30 June 2016
- Accepted: 1 April 2016
- Revised: 1 November 2015
- Received: 1 November 2014
Published in csur Volume 49, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Information hiding
covert channels
covertness
network covert channels
out-of-band covert channels
physical covert channels
single-host covert channels
solitary confinement problem
steganography
subliminal channels
taxonomy
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 26
  Total Citations
  View Citations
- 1,052
  Total Downloads
- Downloads (Last 12 months)100
- Downloads (Last 6 weeks)16
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Out-of-Band Covert Channels—A Survey

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Pattern-Based Survey and Categorization of Network Covert Channel Techniques

A Survey and Taxonomy Aimed at the Detection and Measurement of Covert Channels

IP Covert Channel Detection

Reviews

Access critical reviews of Computing literature here