Research Of Adaptive Covert Channel Based On IM

As a means of secret communication, network covert channel is becoming a hot spot in the field of network security research. At present, most of the existing single covert channels are based on P2 P, limited by NAT device, on the one hand one public IP end of covert channel can not take the initiative to connect the other end of the covert channel which is located in the internal network, on the other hand they will not be able to communicate with each other when both sides of the communication are located in the NAT router' s internal network. The existing covert channels usually use a method of direct communication, thus both sides of the communication will be exposed when the communication behavior is detected. Most of the existing covert channels do not consider the influence of the network environment factors on the communication behavior, the communication will be doomed to failure when the single covert channel is blocked by the interference factors in the network environment, therefore, there is room to improve the probability of successful communication in the environment with a strong defense system.In this paper, a new adaptive covert channel based on IM is proposed to address the problem of the traditional single P2 P mode covert channel. Two totally new covert channels is raised by studying the Fetion and QQ instant communication principle:Fetion covert channel based on M method and QQ sequence number covert channel, in order to construct the IM adaptive covert channel, after studying the Fetion and QQ protocol, this paper presents a method to adapt the covert channel tothe network environment, the method takes the value of EC(expected capacity) as the quantitative index of the protocol selection, the calculation of EC combines the network traffic, the successful communication history and the interference factors in the network environment. According to the value of EC, these protocols who has network flow and history of successful communication tend to be used for communication, while these protocols who has been blocked tend to no longer be chosen. In this paper, the rules of reliable communication, the embedding and extraction of secret information of IM adaptive covert channel are designed in detail.Finally, the sender and the receiver of the IM adaptive covert channel has been realized based on WinPcap, which can run in Windows platform.Experiments show that the adaptive covert channel based on IM has much advantage comparing to conventional single P2 P covert channel. Firstly, the adaptive covert channel based on IM can choose the protocol to communicate according to the interference factors in the network environment, therefore there is a higher probability of successful communication Compared with a single covert channel.Secondly, the adaptive covert channel based on IM has the strong ability of NAT traversal. Thirdly, anonymous communication is realized at a low cost by the adaptive covert channel based on IM due to the IM server is used to act as relay node.Last but not least, the bandwidth of adaptive covert channel based on IM up to21 Bytes,which is higher than most of the existing storage covert channels.