Design And Implementation Of The Multi-dimensional Covert Channel Based On HTTP

TCP / IP covert channel technology is a combination of steganography in information security and tunneling in computer networks.It takes computer network protocol message as carrier and uses the design redundancy of TCP / IP protocol to carry hidden information.The use of network covert channel transmission of information is an illegal communication behavior,the current methods of network covert channel progress,so the design of network covert channel not only to achieve the transmission of information,but also pay attention to its covert,and take various measures to prevent firewalls,Intrusion detection systems found covert channels exist.The existing TCP / IP covert channels are distributed on all layers of the TCP / IP protocol stack.Although numerous and numerous,they can be divided into time covert channels and spatial covert channels from the perspective of their implementation.By studying the existing covert channel technology of TCP / IP,it is pointed out that existing covert channels are all single dimension,that is,the concealment technique is implemented only in the time dimension or the spatial dimension,and the concept and model of multidimensional covert channel are proposed accordingly.By studying the HTTP communication process and combining with the concept and model of multi-dimensional covert channel,a two-dimensional covert channel based on HTTP protocol is designed.The two-dimensional covert channel based on HTTP protocol consists of sender and receiver.The covert channel transmits covert information from two dimensions of time and space.Therefore,the corresponding information separation and aggregation algorithm is designed.The information separation algorithm at the sender sends the covert message Separated into time-hidden channels and spatial covert channel transmission of information;the receiving end of the information aggregation algorithm will be two channels of information aggregation into the original information.In the spatial dimension,concealed information is stored in the message field;in the temporal dimension,concealed information is stored in the transmission mode.In order to enhance the concealment of the two-dimensional covert channel based on the HTTP protocol,the sender simulates the normal user surfing behavior through frequency hopping,which can avoid the behavior analysis of the intrusion detection system.There are three criteria for evaluating the effectiveness of a covert channel: reliability,security,and channel bandwidth.After evaluation and experiment,the reliability,security and channel bandwidth of the two-dimensional covert channel based on HTTP protocol are better than the traditional one-dimensional covert channel.