Authors : Dhananjay M. Dakhane and Prashant R. Deshmukh
Page Nos : 70-73
Description :
Covert channel is a transfer of unintended information. It allows an attacker to send and receive the secrete message without being identified or detected by the network administrator. It is observed that, covert channels can easily implemented by embedding the covert message in the various header fields seemingly filled with “Random” data. Network covert channel generally use for leak the information by violating the security policies. These channels can be created as a part of Storage covert channel and Timing covert channel. However there is always some possibility of these covert channels being identified depending on their behaviour. In this paper, we propose, an active warden defence model, which normalizes all incoming and outgoing network traffic and eliminating all possible storage based covert channels. It is specially design for TCP sequence number and IP Identification field, because these field has a maximum capacity vehicle for storage based covert channel. Our experimental result shows that propose model eliminates covert communication up to 99%, and overt communication is as intact.
Keywords: Active Warden, Covert channel, IP Identification, Network Covert channel, TCP Sequence Number, Traffic Normalization.
