| As the primary tool for specific network users and malware to transmit secret information,network covert channel has become an important research point in the field of cyberspace security.The traditional network covert channel uses Internet protocol data packet as the carrier of secret information transmission.Its hidden domain and hidden methods are well known by the public,which can't meet the needs of covert transmission of confidential information.With the large-scale construction of the new generation of information science and technology Internet of Things,a large number of communication data packets circulating in the Internet of Things provide a natural barrier for the establishment of covert channel.Therefore,the research on the new covert channel is of great significance for discovering the weaknesses in network communication and promoting the construction of the network-side security system.To overcome the shortage of traditional network covert channel,a multi-mode adaptive covert channel oriented to maturity model is proposed in the thesis.Firstly,the maturity model is introduced into the field of covert channel metrics,and its communication essence is regressed from the five-tuple definition of the proposed covert channel sender,receiver,shared resource,security policy and embedding mechanism.A covert channel maturity model M2 CC covering measurement dimension,life cycle and maturity level is designed to measure the state,function and uncertainty of covert channel.Based on M2 CC,a measurement system of covert channel maturity is proposed.Fifteen multi-dimensional indicators are used to measure the degree of information that covert channel specific ability meets the needs of relevant personnel.Then according to the development trend of covert channel,using the Internet of Things application layer CoAP and MQTT protocols as carriers,two single modal new covert channels are designed based on Josephus algorithm and block coding algorithm respectively,and the network covert channel carrier is successfully migrated to the Internet of Things protocol for the first time.And the maturity model is used to measure the two new covert channels,which verifies the application value of the maturity model.According to the analysis results of single-mode covert channel maturity,aiming at the problem that its anti-blocking and robustness still need to be strengthened,a multi-mode adaptive covert channel based on protocol frequency hopping is designed and implemented by WinPcap on the basis of CoAP and MQTT covert channel,and its communication scheme and adaptive strategy are elaborated in detail.The covert channel takes the network environment as an adaptive object.The carrier of the covert channel dynamically adjusts according to the changes of the network environment,and the protocol carrier with high capacity and short-term success rate is selected for transmission.It improves the success rate of covert communication under the interference of packet loss,replay and blocking,extending the network range of the covert channel.The experimental results show that the maturity of multi-mode adaptive covert channel is 0.83,which achieves a high maturity level.Compared with traditional network covert channel,its capacity,consistency and robustness are improved,and it can still transmit information when there are blocking factors,which effectively improves the success rate of covert channel communication. |
PDF Full Text Request