Covert Channel - Data Hiding in TCP/IP Protocol Suite By Covert Channels

Data Hiding in TCP/IP Protocol Suite By Covert Channels

A more specific approach is adopted by Rowland. Focusing on the IP and TCP headers of TCP/IP Protocol suite, Rowland devises proper encoding and decoding techniques by utilizing the IP identification field, the TCP initial sequence number and acknowledge sequence number fields. These techniques are implemented in a simple utility written for Linux systems running version 2.0 kernels.

Rowland simply provides a proof of concept of existence as well as exploitation of covert channels in TCP/IP protocol suite. This work can, thus, be regarded as a practical breakthrough in this specific area. The adopted encoding and decoding techniques are more pragmatic as compared to previously proposed work. These techniques are analyzed considering security mechanisms like firewall network address translation.

However, the non-detectability of these covert communication techniques is questionable. For instance, a case where sequence number field of TCP header is manipulated, the encoding scheme is adopted such that every time the same alphabet is covertly communicated, it is encoded with the same sequence number.

Moreover, the usages of sequence number field as well as the acknowledgment field cannot be made specific to the ASCII coding of English language alphabet as proposed, since both fields take in to account the receipt of data bytes pertaining to specific network packet(s).

The Data Hiding in TCP/IP Protocol suit by covert channels have following important aspects:

• Identify the existence of covert channels in a network environment.
• Point to devising satisfying techniques of embedding and extraction processes at the source and destination, respectively.
• Do not consider the effect of employing covert communications network as a whole.