A Method For Realizing Covert Communication At Router Driving Layer

The Internet is a double-edged sword.While bringing convenience to people's lives,it also endangers everyone's information security.In the study of protecting network information,the traditional method is to encrypt the information.However,because the encrypted data format is messy and different from ordinary data,it is easy to cause suspicion by the enemy.At present,information hiding,as another important research area of information security,is very popular in this field.Different from the encryption technology,the information hiding hides the existence of the information when the content of the information is hidden,and utilizes the redundant space of the carrier for concealment.However,the encryption only hides the content of the information.As an implementation of information hiding,the covert channel is real-time and dynamic.In order to protect the secret information from the network environment monitored by the adversary to the destination securely,we propose a method for constructing a covert channel at the kernel layer of the router based on the voice telephony of instant messaging software.For the router platform,we design a covert channel model based on dynamic kernel.According to the model,the secret transmission protocol is implemented,and the secret connection is constructed to ensure the integrity and reliability of the secret information.After the secret connection is established,the data packet is blocked,modified,and transmitted by the kernel transmission mechanism.In the transmission mechanism,the sender kernel module intercepts the voice packet of the instant messaging software by the hook mechanism in the Netfilter framework of the Linux system,and uses this as a meta-model for homomorphism construction.The payload information is split into the valid data portion of the construction package and mixed into the voice packets.Reconfigure the SK?BUFF structure that can be sent at the kernel layer of the router to the destination device.The receiving kernel module identifies the forged package,extracts the secret information,and releases the voice packet,thereby not affecting the normal conversation of both voices.When the sending kernel module sends the forged packet and the voice packet,the number of bytes and the number of packets are leveled for all the data packets,thereby further improving the concealment.Compared with the information hiding based on the Android mobile phone,the covert channel at the kernel layer of the router is less restricted to the electronic device.Its terminal is not only a mobile phone,but also various electronic devices equipped with the instant messaging software,such as a smart phone and a computer,tablet and other equipments.It has strong versatility.As a kind of P2 P software,the instant messaging software is often used to make voice calls for communication,thus providing massive carrier traffic for constructing a covert channel in this paper.Among a large amount of carrier traffic,the embedded secret information traffic accounts for a small proportion and is not easily noticeable.It is more concealed than the information hiding based on pictures,texts,audio and video,etc.,with large capacity and high real-time performance.We used a dual network card notebook to install the grass soft route analog security gateway function to detect the covert channel in the experiments.It is proved that the covert channel can protect the secure transmission of secret information without affecting the conversation between the two parties,and does not generate abnormality in the number of data packets,network traffic,network connection,etc.,and has a high concealment.The transmission rate is increased by 4 times compared with the VoIP-based hidden channel,and a large storage capacity can be provided at one time.