Abstract
A novel class of covert channel, out-of-band covert channels, is presented by extending Simmons’ prisoners’ problem. This new class of covert channel is established by surveying the existing covert channel, device-pairing, and side-channel research. Terminology as well as a taxonomy for out-of-band covert channels is also given. Additionally, a more comprehensive adversarial model based on a knowledgeable passive adversary and a capable active adversary is proposed in place of the current adversarial model, which relies on an oblivious passive adversary. Last, general protection mechanisms are presented, and an argument for a general measure of “covertness” to effectively compare covert channels is given.
- Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2003. The EM sidechannel (s). In Cryptographic Hardware and Embedded Systems-CHES 2002. Springer, Berlin, 29--45. Google ScholarDigital Library
- Ahmed Al-Haiqi, Mahamod Ismail, and Rosdiadee Nordin. 2014. A new sensors-based covert channel on android. The Scientific World Journal 2014, Article ID 969628, 14 pages.Google Scholar
- Ross Anderson, Mike Bond, Jolyon Clulow, and Sergei Skorobogatov. 2006. Cryptographic processors-a survey. Proc. IEEE 94, 2 (2006), 357--369.Google ScholarCross Ref
- Ross Anderson, Serge Vaudenay, Bart Preneel, and Kaisa Nyberg. 1996. The Newton channel. In Information Hiding (Lecture Notes in Computer Science), Ross Anderson (Ed.), Vol. 1174. Springer, Berlin, 151--156. Google ScholarDigital Library
- Ross J. Anderson and Markus G. Kuhn. 1999. Soft tempest--An opportunity for NATO. Protecting NATO Information Systems in the 21st Century (1999).Google Scholar
- Ross J. Anderson and Fabien A. P. Petitcolas. 1998. On the limits of steganography. IEEE J. Select. Areas Commun. 16, 4 (1998), 474--481. Google ScholarDigital Library
- Micahel Backes, Tongbo Chen, Markus Duermuth, Hendrik Lensch, and Martin Welk. 2009. Tempest in a teapot: Compromising reflections revisited. In 2009 30th IEEE Symposium on Security and Privacy. IEEE Los Alamitos, CA, 315--327. Google ScholarDigital Library
- Michael Backes, Markus Durmuth, and Dominique Unruh. 2008. Compromising reflections-or-how to read LCD monitors around the corner. In IEEE Symposium on Security and Privacy, 2008 (SP 2008). IEEE, Los Alamitos, CA, 158--169. Google ScholarDigital Library
- Dirk Balfanz, Diana K. Smetters, Paul Stewart, and H. Chi Wong. 2002. Talking to strangers: Authentication in ad-hoc wireless networks. In Network and Distributed System Security Symposium.Google Scholar
- D. Elliott Bell and Leonard J. LaPadula. 1973. Secure Computer Systems: Mathematical Foundations. Technical Report. Defense Technical Information Center Document.Google Scholar
- Krista Bennett. 2004. Linguistic Steganography: Survey, Analysis, and Robustness Concerns for Hiding Information in Text. Technical Report. Purdue University. CERIAS TR 2004-13.Google Scholar
- Kenneth J. Biba. 1977. Integrity Considerations for Secure Computer Systems. Technical Report. Defense Technical Information Center Document.Google Scholar
- Brent Carrara and Carlisle Adams. 2015a. On acoustic covert channels between air-gapped systems. In Foundations and Practice of Security, Frdric Cuppens, Joaquin Garcia-Alfaro, Nur Zincir Heywood, and Philip W. L. Fong (Eds.). Lecture Notes in Computer Science, Vol. 8930. Springer International Publishing, Berlin, 3--16.Google Scholar
- Brent C. Carrara and Carlisle Adams. 2015b. On characterizing and measuring out-of-band covert channels. In Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security (IH&MMSec’’15). ACM, New York, NY, 43--54. Google ScholarDigital Library
- Rajarathnam Chandramouli, Mehdi Kharrazi, and Nasir Memon. 2004. Image steganography and steganalysis: Concepts and practice. In Digital Watermarking. Springer, Berlin, 35--49.Google Scholar
- Suresh Chari, Josyula R. Rao, and Pankaj Rohatgi. 2003. Template attacks. In Cryptographic Hardware and Embedded Systems-CHES 2002. Springer, Berlin, 13--28. Google ScholarDigital Library
- David L. Chaum. 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 2 (1981), 84--90. Google ScholarDigital Library
- Pak Hou Che, S. Kadhe, M. Bakshi, Chung Chan, S. Jaggi, and A. Sprintson. 2014. Reliable, deniable and hidable communication: A quick survey. In Information Theory Workshop (ITW), 2014 IEEE. 227--231.Google Scholar
- David D. Clark and David R. Wilson. 1987. A comparison of commercial and military computer security policies. In 2012 IEEE Symposium on Security and Privacy. IEEE Computer Society, 184--184.Google Scholar
- Alexander J. Cohen, Edward K. Y. Jung, Royce A. Levien, Robert W. Lord, Mark A. Malamud, and John D. Rinaldo Jr. 2011. Device pairing via device to device contact. (April 12 2011). US Patent 7,925,022.Google Scholar
- George Danezis and Claudia Diaz. 2008. A Survey of Anonymous Communication Channels. Technical Report. Technical Report MSR-TR-2008-35, Microsoft Research.Google Scholar
- Luke Deshotels. 2014. Inaudible sound as a covert channel in mobile devices. In Proceedings of the 8th USENIX Conference on Offensive Technologies (WOOT’14). USENIX Association, Berkeley, CA, USA, 16--16. http://dl.acm.org/citation.cfm?id=2671293.2671309. Google ScholarDigital Library
- Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Second-Generation Onion Router. Technical Report. Defense Technical Information Center Document.Google ScholarCross Ref
- Natacha Domingues, Joao Lacerda, Pedro M. Q. Aguiar, and Cristina V. Lopes. 2002. Aerial communications using piano, clarinet, and bells. In 2002 IEEE Workshop on Multimedia Signal Processing. IEEE, 460--463.Google Scholar
- Shiwei Dong, Xu Jiadong, Haobin Zhang, and Wu Changying. 2002. On compromising emanations from computer VDU and its interception. In Electromagnetic Compatibility, 2002 3rd International Symposium on. IEEE, Los Alamitos, CA, 692--695.Google ScholarCross Ref
- Fürkan Elibol, Uğur Sarac, and Işin Erer. 2012. Realistic eavesdropping attacks on computer displays with low-cost and mobile receiver system. In Signal Processing Conference (EUSIPCO), 2012 Proceedings of the 20th European. IEEE, Los Alamitos, CA, 1767--1771.Google Scholar
- Karine Gandolfi, Christophe Mourtel, and Francis Olivier. 2001. Electromagnetic analysis: Concrete results. In Cryptographic Hardware and Embedded Systems CHES 2001 (Lecture Notes in Computer Science), Vol. 2162. Springer, Berlin, 251--261. Google ScholarDigital Library
- Matthias Gauger, Olga Saukh, and Pedro J. Marron. 2009. Enlighten me! Secure key assignment in wireless sensor networks. In Mobile Adhoc and Sensor Systems, 2009. MASS’09. IEEE 6th International Conference on. IEEE, Los Alamitos, Ca, 246--255.Google Scholar
- Daniel Genkin, Adi Shamir, and Eran Tromer. 2013. RSA key extraction via low-bandwidth acoustic cryptanalysis. IACR Cryptology ePrint Archive 2013 (2013), 857.Google Scholar
- Vadim Gerasimov and Walter Bender. 2000. Things that talk: Using sound for device-to-device and device-to-human communication. IBM Syst. J. 39, 3.4 (2000), 530--546. Google ScholarDigital Library
- Annarita Giani, Vincent H. Berk, and George V. Cybenko. 2006. Data exfiltration and covert channels. Proc. SPIE 6201 (2006), 620103--620103--11.Google Scholar
- Christophe Giraud and Hugues Thiebeauld. 2004. A survey on fault attacks. In Smart Card Research and Advanced Applications VI. Springer, Berlin, 159--176.Google Scholar
- C. Gray Girling. 1987. Covert channels in LAN’s. IEEE Trans. Softw. Eng. 2 (1987), 292--296. Google ScholarDigital Library
- Alvin Glenn. 1983. Low probability of intercept. IEEE Commun. Mag. 21, 4 (1983), 26--33. Google ScholarDigital Library
- Virgil D. Gligor. 1994. A Guide to Understanding Covert Channel Analysis of Trusted Systems. National Computer Security Center.Google Scholar
- Joseph A. Goguen and José Meseguer. 1982. Security policies and security models. In 2012 IEEE Symposium on Security and Privacy. IEEE Computer Society, 11--11.Google Scholar
- David Jeffrey Griffiths and Reed College. 1999. Introduction to Electrodynamics. Vol. 3. Prentice Hall, Upper Saddle River, NJ.Google Scholar
- Mordechai Guri, Gabi Kedma, Assaf Kachlon, and Yuval Elovici. 2014. AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies. In 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE). 58--67.Google ScholarCross Ref
- J. Thomas Haigh, Richard A. Kemmerer, John McHugh, and William D. Young. 1987. An experience using two covert channel analysis techniques on a real system design. IEEE Trans. Softw. Eng. 2 (1987), 157--168. Google ScholarDigital Library
- Tzipora Halevi and Nitesh Saxena. 2010. On pairing constrained wireless devices based on secrecy of auxiliary channels: The case of acoustic eavesdropping. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS’10). ACM, New York, NY, 97--108. Google ScholarDigital Library
- George S. Hanna, Robert J. Higgins, John B. Preston, and Daniel A. Tealdi. 2009. Method and system for near-field wireless device pairing. (Aug. 3 2009). US Patent App. 12/534,246.Google Scholar
- Michael Hanspach and Michael Goetz. 2013. On covert acoustical mesh networks in air. J. Commun. 8, 11 (2013).Google ScholarCross Ref
- Michael Hanspach and Michael Goetz. 2014. Recent developments in covert acoustical communications. In Sicherheit (Safety) 2014 (Lecture Notes in Informatics). 243--254.Google Scholar
- Michael Hanspach and Jörg Keller. 2014. A taxonomy for attack patterns on information flows in component-based operating systems. Computing Research Repository abs/1403.1165 (2014). http://arxiv.org/abs/1403.1165.Google Scholar
- Ragib Hasan, Nitesh Saxena, Tzipora Haleviz, Shams Zawoad, and Dustin Rinehart. 2013. Sensing-enabled channels for hard-to-detect command and control of mobile devices. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (ASIA CCS’13). ACM, New York, NY, 469--480. Google ScholarDigital Library
- Jingsha He and Virgil D. Gligor. 1990. Information-flow analysis for covert-channel identification in multilevel secure operating systems. In Computer Security Foundations Workshop III, 1990. Proceedings. IEEE, 139--148.Google Scholar
- Harold Joseph Highland. 1988. The tempest over leaking computers. Abacus 5, 2 (1988), 10--18. Google ScholarDigital Library
- Zhang Hongxin, Huang Yuewang, Wang Jianxin, Lu Yinghua, and Zhang Jinling. 2009. Recognition of electro-magnetic leakage information from computer radiation with SVM. Comput. Security 28, 1 (2009), 72--76. Google ScholarDigital Library
- Wei-Ming Hu. 1992. Reducing timing channels with fuzzy time. J. Comput. Security 1, 3 (1992), 233--254. Google ScholarDigital Library
- P. Jayaram, H. R. Ranganatha, and H. S. Anupama. 2011. Information hiding using audio steganography--A survey. Int. J. Multimed. Appl. 3 (2011), 86--96.Google Scholar
- Neil F. Johnson and Stefan Katzenbeisser. 2000. A survey of steganographic techniques. In Information Hiding. Artech House, Norwood, MA, 43--78.Google Scholar
- Myong H. Kang and Ira S. Moskowitz. 1993. A pump for rapid, reliable, secure communication. In Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS’93). ACM, New York, NY 119--129. Google ScholarDigital Library
- Paul A. Karger and John C. Wray. 1991. Storage channels in disk arm optimization. In 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 1991, Proceedings.. IEEE Computer Society, 52--61.Google Scholar
- Richard A. Kemmerer. 1983. Shared resource matrix methodology: An approach to identifying storage and timing channels. ACM Trans. Comput. Syst. 1, 3 (1983), 256--277. Google ScholarDigital Library
- Richard A. Kemmerer and Phillip A. Porras. 1991. Covert flow trees: A visual approach to analyzing covert storage channels. IEEE Trans. Softw. Eng. 17, 11 (1991), 1166--1185. Google ScholarDigital Library
- Auguste Kerckhoffs. 1883. La Cryptographie Militaire. Vol. 9. 5--38 pages.Google Scholar
- Fouad Kiamilev, Ryan Hoover, Ray Delvecchio, Nicholas Waite, Stephen Janansky, Rodney McGee, Corey Lange, and Michael Stamat. 2008. Demonstration of hardware Trojans. DEFCON 16 (2008).Google Scholar
- Alfred Kobsa, Rahim Sonawalla, Gene Tsudik, Ersin Uzun, and Yang Wang. 2009. Serial hook-ups: A comparative usability study of secure device pairing methods. In Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS’09). ACM, New York, NY, Article 10, 12 pages. Google ScholarDigital Library
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Advances in Cryptology CRYPTO 99 (Lecture Notes in Computer Science), Michael Wiener (Ed.), Vol. 1666. Springer, Berlin, 388--397. Google ScholarDigital Library
- N. E. Köksaldi, S. S. Şeker, and B. Sankur. 1998. Information extraction from the radiation of VDUs by pattern recognition methods. In EMC’98: Electromagnetic Compatibility Conference. 678--683.Google Scholar
- Markus G. Kuhn. 2002. Optical time-domain eavesdropping risks of CRT displays. In Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on. IEEE, Los Alamitos, CA, 3--18. Google ScholarDigital Library
- Markus G. Kuhn. 2005. Electromagnetic eavesdropping risks of flat-panel displays. In Privacy Enhancing Technologies (Lecture Notes in Computer Science), David Martin and Andrei Serjantov (Eds.), Vol. 3424. Springer, Berlin, 88--107. Google ScholarDigital Library
- Markus G. Kuhn. 2006. Eavesdropping attacks on computer displays. Information Security Summit (2006).Google Scholar
- Markus G. Kuhn and Ross J. Anderson. 1998. Soft tempest: Hidden data transmission using electromagnetic emanations. In Information Hiding (Lecture Notes in Computer Science), Vol. 1525. Springer, Berlin, 124--142.Google Scholar
- Arun Kumar, Nitesh Saxena, Gene Tsudik, and Ersin Uzun. 2009. Caveat eptor: A comparative study of secure device pairing methods. In Pervasive Computing and Communications, 2009. PerCom 2009. IEEE International Conference on. IEEE, Los Alamitos, CA, 1--10. Google ScholarDigital Library
- Butler W. Lampson. 1973. A note on the confinement problem. Commun. ACM 16, 10 (1973), 613--615. Google ScholarDigital Library
- Ulf Landström. 1990. Noise and fatigue in working environments. Environ. Int. 16, 4 (1990), 471--476.Google ScholarCross Ref
- Donald C. Latham. 1986. Department of Defense Trusted Computer System Evaluation Criteria. National Computer Security Center.Google Scholar
- Ki-Seung Lee and Richard V. Cox. 2001. A very low bit rate speech coder based on a recognition/synthesis paradigm. IEEE Trans. Speech Audio Process. 9, 5 (2001), 482--491.Google ScholarCross Ref
- Michael LeMay and Jack Tan. 2006. Acoustic surveillance of physically unmodified PCs. In Security and Management. Citeseer, 328--334.Google Scholar
- Geert Leus and Paul A. van Walree. 2008. Multiband OFDM for covert acoustic communications. IEEE J. Select. Areas Commun. 26, 9 (2008), 1662--1673. Google ScholarDigital Library
- Yang Li, Kazuo Ohta, and Kazuo Sakiyama. 2012. New fault-based side-channel attack using fault sensitivity. IEEE Trans. Forens. Security 7, 1 (2012), 88--97. Google ScholarDigital Library
- Michael Libes. 2002. Method and system for communication between two wireless-enabled devices. (February 2002). US Patent App. 10/087,536.Google Scholar
- Lang Lin, Markus Kasper, Tim Güneysu, Christof Paar, and Wayne Burleson. 2009. Trojan side-channels: Lightweight hardware Trojans through side-channel engineering. In Cryptographic Hardware and Embedded Systems-CHES 2009. Springer, Berlin, 382--395. Google ScholarDigital Library
- Jun Ling, Hao He, Jian Li, William Roberts, and Petre Stoica. 2010. Covert underwater acoustic communications. J. Acoust. Soc. Am. 128, 5 (2010), 2898--2909.Google ScholarCross Ref
- Lu Ling, Nie Yan, and Zhang Hongjin. 1997. The electromagnetic leakage and protection for computer. In Electromagnetic Compatibility Proceedings, 1997 International Symposium on. IEEE, Los Alamitos, CA, 378--382.Google ScholarCross Ref
- Steven B. Lipner. 1975. A comment on the confinement problem. SIGOPS Oper. Syst. Rev. 9, 5 (Nov. 1975), 192--196. Google ScholarDigital Library
- Keith Loepere. 1985. Resolving covert channels within a B2 class secure system. ACM SIGOPS Operat. Syst. Rev. 19, 3 (1985), 9--28. Google ScholarDigital Library
- Cristina V. Lopes and Pedro M. Q. Aguiar. 2001. Aerial acoustic communications. In Applications of Signal Processing to Audio and Acoustics, 2001 IEEE Workshop on the. IEEE, Los Alamitos, CA, 219--222.Google Scholar
- Cristina Videira Lopes and Pedro M. Q. Aguiar. 2003. Acoustic modems for ubiquitous computing. IEEE Perv. Comput. 2, 3 (2003), 62--71. Google ScholarDigital Library
- Cristina Videira Lopes and Pedro M. Q. Aguiar. 2010. Alternatives to speech in low bit rate communication systems. Computing Research Repository abs/1010.3951 (2010). http://arxiv.org/abs/1010.3951.Google Scholar
- Joe Loughry and David A. Umphress. 2002. Information leakage from optical emanations. ACM Trans. Inform. Syst. Security 5, 3 (2002), 262--289. Google ScholarDigital Library
- Anil Madhavapeddy, David Scott, and Richard Sharp. 2003. Context-aware computing with sound. In UbiComp 2003: Ubiquitous Computing (Lecture Notes in Computer Science), AnindK. Dey, Albrecht Schmidt, and JosephF. McCarthy (Eds.), Vol. 2864. Springer, Berlin, 315--332.Google Scholar
- A. Madhavapeddy, R. Sharp, D. Scott, and A. Tse. 2005. Audio networking: The forgotten wireless technology. IEEE Perv. Comput. 4, 3 (July 2005), 55--60. Google ScholarDigital Library
- Claudio Marforio, Hubert Ritzdorf, Aurélien Francillon, and Srdjan Capkun. 2012. Analysis of the communication between colluding applications on modern smartphones. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC’12). ACM, New York, NY, 51--60. Google ScholarDigital Library
- Philip Marquardt, Arunabh Verma, Henry Carter, and Patrick Traynor. 2011. (Sp)iPhone: Decoding vibrations from nearby keyboards using mobile phone accelerometers. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM, New York, NY, 551--562. Google ScholarDigital Library
- Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. 2005. Seeing-is-believing: Using camera phones for human-verifiable authentication. In Security and Privacy, 2005 IEEE Symposium on. IEEE, Los Alamitos, CA, 110--124. Google ScholarDigital Library
- John McDermott. 1994. The B2/C3 Problem: How Big Buffers Overcome Covert Channel Cynicism in Trusted Database Systems. Technical Report. Defense Technical Information Center Document.Google Scholar
- Catherine Meadows and Ira S. Moskowitz. 1996. Covert channels - A context-based view. In Information Hiding (Lecture Notes in Computer Science), Ross Anderson (Ed.), Vol. 1174. Springer, Berlin, 73--93. Google ScholarDigital Library
- Peter M. Melliar-Smith and Louise E. Moser. 1991. Protection against covert storage and timing channels. In Computer Security Foundations Workshop IV, 1991. Proceedings. IEEE, Los Alamitos, 209--214.Google Scholar
- Jonathan K. Millen. 1976. Security kernel validation in practice. Commun. ACM 19, 5 (1976), 243--250. Google ScholarDigital Library
- Jonathan K. Millen. 1989. Finite-state noiseless covert channels. In Computer Security Foundations Workshop II, 1989., Proceedings of the. IEEE, Los Alamitos, CA, 81--86.Google ScholarCross Ref
- Jonathan K. Millen. 1999. 20 years of covert channel modeling and analysis. In Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on. IEEE, Los Alamitos, CA, 113--114.Google ScholarCross Ref
- I. S. Moskowitz and A. R. Miller. 1994. Simple timing channels. In Research in Security and Privacy, 1994. Proceedings., 1994 IEEE Computer Society Symposium on. IEEE, Los Alamitos, CA, 56--64. Google ScholarDigital Library
- Ira S. Moskowitz and Myong H. Kang. 1994. Covert channels-here to stay? In Computer Assurance, 1994. COMPASS’94 Safety, Reliability, Fault Tolerance, Concurrency and Real Time, Security. Proceedings of the Ninth Annual Conference on. IEEE, Los Alamitos, CA, 235--243.Google Scholar
- Ira S. Moskowitz and Allen R. Miller. 1992. The channel capacity of a certain noisy timing channel. IEEE Trans. Inform. Theor. 38, 4 (1992), 1339--1344. Google ScholarDigital Library
- Steven J. Murdoch. 2006. Hot or not: Revealing hidden services by their clock skew. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06). ACM, New York, NY, 27--36. Google ScholarDigital Library
- Rajalakshmi Nandakumar, Krishna Kant Chintalapudi, Venkat Padmanabhan, and Ramarathnam Venkatesan. 2013. Dhwani: Secure peer-to-peer acoustic NFC. SIGCOMM Comput. Commun. Rev. 43, 4 (Aug. 2013), 63--74. Google ScholarDigital Library
- NetDocuments. 2014. File Sizes and Types. (2014). http://help.netdocuments.com/file-sizes/.Google Scholar
- Ed Novak, Yutao Tang, Zijiang Hao, Qun Li, and Yifan Zhang. 2015. Physical media covert channels on smart mobile devices. In Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp’15). ACM, New York, NY, 367--378. Google ScholarDigital Library
- NSA. 2013. NSA’s ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware. (2013). http://leaksource.info/2013/12/30/nsas-ant-division-catalog-of-exploits-for-nearly-every-major-software-hardware-firmware/Google Scholar
- Samuel Joseph OMalley and Kim-Kwang Raymond Choo. 2014. Bridging the air gap: Inaudible data exfiltration by insiders. In 20th Americas Conference on Information Systems (AMCIS 2014). To appear.Google Scholar
- Toni Perković, Ivo Stančić, Luka Mališa, and Mario Čagalj. 2009. Multichannel protocols for user-friendly and scalable initialization of sensor networks. In Security and Privacy in Communication Networks. Springer, Berlin, 228--247.Google Scholar
- Roger L. Peterson, Rodger E. Ziemer, and David E. Borth. 1995. Introduction to Spread-Spectrum Communications. Vol. 995. Prentice Hall, Upper Saddle River, NJ. Google ScholarDigital Library
- Fabien A. P. Petitcolas, Ross J. Anderson, and Markus G. Kuhn. 1999. Information hiding-a survey. Proc. IEEE 87, 7 (1999), 1062--1078.Google ScholarCross Ref
- Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management. http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf. (Aug. 2010). v0.34.Google Scholar
- Andreas Pfitzmann and Michael Waidner. 1987. Networks without user observability. Comput. Security 6, 2 (1987), 158--166. Google ScholarDigital Library
- Birgit Pfitzmann. 1996. Information hiding terminology - results of an informal plenary meeting and additional proposals. In Proceedings of the First International Workshop on Information Hiding. Springer-Verlag, London, 347--350. http://dl.acm.org/citation.cfm?id=647594.731530. Google ScholarDigital Library
- Andreas Polydoros and Charles L. Weber. 1985. Detection performance considerations for direct-sequence and time-hopping LPI waveforms. IEEE J. Select. Areas Commun. 3, 5 (1985), 727--744. Google ScholarDigital Library
- John G. Proakis. 2008. Digital Communications. McGraw-Hill, New York.Google Scholar
- Niels Provos and Peter Honeyman. 2003. Hide and seek: An introduction to steganography. IEEE Security Priv. 1, 3 (2003), 32--44. Google ScholarDigital Library
- Rahul Raguram, Andrew M. White, Dibyendusekhar Goswami, Fabian Monrose, and Jan-Michael Frahm. 2011. iSpy: Automatic reconstruction of typed input from compromising reflections. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM, New York, NY, 527--536. Google ScholarDigital Library
- Michael K. Reiter and Aviel D. Rubin. 1998. Crowds: Anonymity for web transactions. ACM Trans. Inform. Syst. Security 1, 1 (1998), 66--92. Google ScholarDigital Library
- James W. Gray III. 1993. On introducing noise into the bus-contention channel. In Research in Security and Privacy, 1993. Proceedings. 1993 IEEE Computer Society Symposium on. IEEE, Los Alamitos, CA, 90--98. Google ScholarDigital Library
- John Rinaldo, Royce Levien, Robert Lord, Alexander Cohen, Mark Malamud, Edward Jung, and others. 2005. Device pairing via human initiated contact. (May 24 2005). US Patent App. 11/137,859.Google Scholar
- Rodrigo Roman and Javier Lopez. 2008. KeyLED - transmitting sensitive data over out-of-band channels in wireless sensor networks. In Mobile Ad Hoc and Sensor Systems, 2008. MASS 2008. 5th IEEE International Conference on. IEEE, Los Alamitos, CA, 796--801.Google ScholarCross Ref
- David Samyde, Sergei Skorobogatov, Ross Anderson, and Jean-Jacques Quisquater. 2002. On a new way to read data from memory. In Security in Storage Workshop, 2002. Proceedings. First International IEEE. IEEE, Los Alamitos, CA, 65--69. Google ScholarDigital Library
- Nitesh Saxena, J.-E. Ekberg, Kari Kostiainen, and N. Asokan. 2011. Secure device pairing based on a visual channel: Design and usability study. IEEE Trans. Inform. Forens. Security 6, 1 (2011), 28--38. Google ScholarDigital Library
- Nitesh Saxena, Md. Borhan Uddin, and Jonathan Voris. 2008. Universal device pairing using an auxiliary device. In Proceedings of the 4th Symposium on Usable Privacy and Security (SOUPS’08). ACM, New York, NY, 56--67. Google ScholarDigital Library
- Nitesh Saxena, Md Borhan Uddin, and Jonathan Voris. 2009. Treat’em like other devices: User authentication of multiple personal RFID tags. In SOUPS, Vol. 9. Citeseer, 1--1. Google ScholarDigital Library
- Marvin Schaefer, Barry Gold, Richard Linde, and John Scheid. 1977. Program confinement in KVM/370. In Proceedings of the 1977 Annual Conference (ACM’77). ACM, New York, NY, 404--410. Google ScholarDigital Library
- Ralph Schoolcraft. 1991. Low probability of detection communications-LPD waveform design and detection techniques. In Military Communications Conference, 1991. MILCOM’91, Conference Record, Military Communications in a Changing World. IEEE, Los Alamitos, CA, 832--840 vol.2.Google ScholarCross Ref
- Hidenori Sekiguchi. 2009. Measurement of radiated computer RGB signals. Progr. Electromagn. Res. C 7 (2009), 1--12.Google ScholarCross Ref
- Shiuh-Pyng Shieh and Arbee L. P. Chen. 1999. Estimating and measuring covert channel bandwidth in multilevel secure operating systems. J. Inf. Sci. Eng. 15, 1 (1999), 91--106.Google Scholar
- Gustavus J. Simmons. 1984. The prisoners problem and the subliminal channel. In Advances in Cryptology, David Chaum (Ed.). Springer, Berlin, 51--67.Google Scholar
- Gustavus J. Simmons. 1985. The subliminal channel and digital signatures. In Advances in Cryptology (Lecture Notes in Computer Science), Thomas Beth, Norbert Cot, and Ingemar Ingemarsson (Eds.), Vol. 209. Springer, Berlin, 364--378. Google ScholarDigital Library
- Gustavus J. Simmons. 1994. Subliminal communication is easy using the DSA. In Advances in Cryptology EUROCRYPT 93 (Lecture Notes in Computer Science), Tor Helleseth (Ed.), Vol. 765. Springer, Berlin, 218--232. Google ScholarDigital Library
- Hitesh Singh, Pradeep Kumar Singh, and Kriti Saroha. 2009. A survey on text based steganography. In Proceedings of the 3rd National Conference. 3--9.Google Scholar
- Peter Smulders. 1990. The threat of information theft by reception of electromagnetic radiation from RS-232 cables. Comput. Security 9, 1 (1990), 53--58. Google ScholarDigital Library
- Sang Hyuk Son, Ravi Mukkamala, and Rasikan David. 2000. Integrating security and real-time requirements using covert channel capacity. IEEE Knowl. Data Eng. 12, 6 (2000), 865--879. Google ScholarDigital Library
- Ahren Studer, Timothy Passaro, and Lujo Bauer. 2011. Don’t bump, shake on it: The exploitation of a popular accelerometer-based smart phone exchange and its secure replacement. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC’11). ACM, New York, NY, 333--342. Google ScholarDigital Library
- Venkatachalam Subramanian, Selcuk Uluagac, Hasan Cam, and Raheem Beyah. 2013. Examining the characteristics and implications of sensor side channels. In 2013 IEEE International Conference on Communications (ICC). IEEE, Los Alamitos, CA, 2205--2210.Google ScholarCross Ref
- Hidema Tanaka. 2007. Information leakage via electromagnetic emanations and evaluation of tempest countermeasures. In Information Systems Security. Springer, Berlin, 167--179. Google ScholarDigital Library
- Hidema Tanaka, Osamu Takizawa, and Akihiro Yamamura. 2005. Evaluation and improvement of the tempest fonts. In Information Security Applications. Springer, 457--469. Google ScholarDigital Library
- Eran Tromer. 2004. Acoustic cryptanalysis: On nosy people and noisy machines. Eurocrypt2004 Rump Session, May (2004).Google Scholar
- Eran Tromer. 2007. Hardware-based Cryptanalysis. Ph. D. Dissertation. Weizmann Institute of Science, Tese de Doutorado. http://www.tau.ac.il/tromer/papers/tromer-phd.pdf (Date last accessed: October 20, 2015).Google Scholar
- Jonathan T. Trostle. 1993. Modelling a fuzzy time system. J. Comput. Security 2, 4 (1993), 291--309. Google ScholarDigital Library
- C.-R. Tsai, Virgil D. Gligor, and C. Sekar Chandersekaran. 1990. On the identification of covert storage channels in secure systems. IEEE Trans. Softw. Eng. 16, 6 (1990), 569--580. Google ScholarDigital Library
- Wim Van Eck. 1985. Electromagnetic radiation from video display units: An eavesdropping risk? Comput. Security 4, 4 (1985), 269--286. Google ScholarDigital Library
- Paul A. van Walree, Thorsten Ludwig, Connie Solberg, Erland Sangfelt, Arto Laine, Giacomo Bertolotto, and Anders Ishøy. 2009. UUV covert acoustic communications. In Proceedings of the 3rd Conference on Underwater Acoustic Measurements: Technologies and Results.Google Scholar
- Serge Vaudenay. 2005. Secure communications over insecure channels based on short authenticated strings. In Advances in Cryptology CRYPTO 2005 (Lecture Notes in Computer Science), Victor Shoup (Ed.), Vol. 3621. Springer, Berlin, 309--326. Google ScholarDigital Library
- Steffen Wendzel, Sebastian Zander, Bernhard Fechner, and Christian Herdin. 2015. Pattern-based survey and categorization of network covert channel techniques. ACM Comput. Surv. 47, 3, Article 50 (April 2015), 26 pages. Google ScholarDigital Library
- Wikipedia. 2014. Bump (application). (2014). https://en.wikipedia.org/wiki/Bump_(application)Google Scholar
- John C. Wray. 1992. An analysis of covert timing channels. J. Comput. Security 1, 3 (1992), 219--232. Google ScholarDigital Library
- Sebastian Zander, Grenville J. Armitage, and Philip Branch. 2007. A survey of covert channels and countermeasures in computer network protocols. IEEE Commun. Surv. Tutorials 9, 1-4 (2007), 44--57. Google ScholarDigital Library
- Sebastian Zander, Philip Branch, and Grenville Armitage. 2011. Capacity of temperature-based covert channels. IEEE Commun. Lett. 15, 1 (2011), 82--84.Google ScholarCross Ref
- Yong Bin Zhou and Deng Guo Feng. 2005. Side-channel attacks: Ten years after its publication and the impacts on cryptographic module security testing. IACR Cryptology ePrint Archive (2005), 388.Google Scholar
Index Terms
- Out-of-Band Covert Channels—A Survey
Recommendations
Pattern-Based Survey and Categorization of Network Covert Channel Techniques
Network covert channels are used to hide communication inside network protocols. Various techniques for covert channels have arisen in the past few decades. We surveyed and analyzed 109 techniques developed between 1987 and 2013 and show that these ...
A Survey and Taxonomy Aimed at the Detection and Measurement of Covert Channels
IH&MMSec '16: Proceedings of the 4th ACM Workshop on Information Hiding and Multimedia SecurityNew viewpoints of covert channels are presented in this work. First, the origin of covert channels is traced back to acc ess control and a new class of covert channel, air-gap covert channels, is presented. Second, we study the design of covert channels ...
IP Covert Channel Detection
A covert channel can occur when an attacker finds and exploits a shared resource that is not designed to be a communication mechanism. A network covert channel operates by altering the timing of otherwise legitimate network traffic so that the arrival ...
Comments