| With the rapid development of network technique, it not only propels economic growthand social progress, providing more conveniences for our life, but also inevitably raisesmany security issues. As an effective mean of delivering the secret information, covertchannel has been widely focused on by researchers in the field of information security.Network covert channel is becoming one of the hot topics in this field due to the favorableproperties of the network flow, which is an ideal carrier of the confidential messages. So ithas critical theory and application value.Length based covert channel is a branch of network covert channel, and it conceals thesecret messages by modulating the packet length. It has relatively better performance interms of concealment and capability of anti-disturbance compared with traditional covertstorage and timing channels. After reviewing the current state and the latest progress ofnetwork covert channel, length based covert channel is studied profoundly. This articlemainly covers the following contents:1. In order to study and analyze the existing length-based schemes, the experimentplatform of length based covert channel, which contains three typical length-based schemesof better concealment—Covert Channel based on Reference Length, DNS Reference CovertChannel and Chat Application Covert Channel, is designed and implemented.2. The three existing length-based schemes—Covert Channel based on ReferenceLength, DNS Reference Covert Channel and Chat Application Covert Channel, are detectedusing entropy-based and statistical feature-based methods in the security experiment. Theresults show that the schemes above cannot resist the detection methods, presenting poorconealment and lack of security.3. The packet length models of four common network services are constructed by usinghistogram statistical method. According to the built length model of HTTP file transfer, amodel-based length covert channel is proposed and implemented. The detection resultsindicated that the proposed scheme is able to resist detections effectively, which has betterconcealment than the previous ones.Finally, the whole article is concluded and the drawbacks in our research are pointedout. Then the future research work is envisioned. |
PDF Full Text Request