Covert channel

A covert channel (English covert channel) is in IT security, a parasitic communications channel bandwidth ( information capacity ) of a legitimate communication channel used to transmit information.

Properties

All covert channels require the bandwidth of a legitimate communication channel. Thus they either reduce the bandwidth of the legitimate channel, or invite him without reducing the bandwidth more information on. The covert channel is hidden cleverly in the legitimate channel, making it difficult or impossible to discover.

An example is the steganography, in which a few details of an image are changed to ( text ) bring (The picture ) more information in the original data set. The additional information is not visible to the user at first glance.

  • A subspecies of steganography uses the low - order bit of each pixel to accommodate the hidden message in the picture. Just exactly these bits represent the message, all other bits form from the legitimate image. This subtle change can possibly be detected if it is explicitly looking for it.
  • The background noise in audio files can also hide other signals; this can be used as watermarking to uniquely assign sound files.

TCSEC

The Trusted Computer Security Evaluation Criteria ( TCSEC ) are a set of criteria which are used for safety-critical systems. These criteria ensure the safety properties of a computer system. Under this fall, including hidden channels, which are spread out over safety-critical systems.

A covert channel refers within the TCSEC criteria on the information flow from higher-rated compartments (classification of information ) to lower classified compartments (classification of information ), see also Mandatory Access Control.

The following types are distinguished from covert channels:

  • Memory channel ( channel storage ) - Communication on stored data.
  • Time channel (timing channel) - information may be transmitted via information technology processing temporal sequences.

A computer system having the classification B2 to TCSEC must be analyzed to the memory channels, and from B3 on time slots.

Countermeasures

The possibility that covert channels are present in a computer system can hardly be excluded nor sensible prevented. There will always be opportunities in practical systems to use a host channel.

As an example, the opening and closing of a file or setting and deleting their file attributes can according to an agreed pattern are: a program manipulates a file according to temporal criteria, another program monitors this file and interprets the conditions or time intervals between the changes as binary information. Opponents it will hardly be possible to detect such behavior.

Countermeasures can be such a divide that prevent a covered channel, limiting its capacity or detect it, and for example, the Shared Resource Matrix Methodology, Covert Flow Trees, pump, Traffic Normalization, and Covert timing channel detection include machine learning or statistical methods. Depending on the countermeasure these can be applied at a different time of the software development lifecycle or integrated into existing systems. For timing and storage channels are different countermeasures.

Bandwidth (signal processing) Digital watermarking Trusted Computer System Evaluation Criteria
205585
de