Covert channel

From Free net encyclopedia

In information theory, a covert channel is a parasitic communications channel that draws bandwidth from another channel in order to transmit information without the authorization or knowledge of the latter channel's designer, owner, or operator.

Contents 1 Characteristics 1.1 TCSEC criteria 2 Eliminating covert channels 3 External links

Characteristics

A covert channel is so called because it is hidden within the medium of a legitimate communications channel. Covert channels typically manipulate certain properties of the communications medium in an unexpected, unconventional, or unforeseen way in order to transmit information through the medium without detection by anyone other than the entities operating the covert channel.

All covert channels draw their bandwidth (information-carrying capacity) from a legitimate channel, thus reducing the capacity of the latter; however, the bandwidth drawn from the channel is often unused, anyway, and so the covert channel may still be well hidden.

For example, steganography is a form of covert channel in which very small details of images are subtly altered in order to communicate information in a way not immediately obvious to anyone casually examining the images. One type of steganography uses the low-order bit of the data for each pixel in an image to carry the information of a covert channel: theese bits carry the covert message, while the rest of the bits carry the legitimate image. The very slight change in the image caused by modification of the low-order bit in each pixel is imperceptible in most cases to anyone who isn't already looking for such a change.

Because any bandwidth used by the covert channel is “stolen” from the legitimate channel, the greater the bandwidth used by the covert channel, the more likely it is that it will be obvious to users of the legitimate channel. A steganography system that uses only the low-order bit of every pixel has a low bandwidth (compared to the bandwidth consumed by transmission of the image itself), but is very discreet; a system that uses all but the highest-order bit of each pixel has very high bandwidth but will be instantly obvious to anyone looking at the image used to carry the covert channel.

TCSEC criteria

(The Trusted Computer Security Evaluation Criteria or TCSEC is a set of criteria established by the National Computer Security Center in the United States, an agency managed by that country's National Security Agency.)

The term covert channel is used in the TCSEC specifically to refer to ways of transferring information from a higher classification compartment to a lower classification. The TCSEC defines two kinds of covert channels: storage channels, which communicate by modifying a stored object; and timing channels, which transmit information by affecting the relative timing of events.

Eliminating covert channels

The possibility of covert channels cannot be completely eliminated, although it can be significantly reduced by careful design and analysis. There will always be some unused portion of the bandwidth of a legitimate communications channel that can be diverted to provide a covert channel. The detection of a covert channel can be made more difficult by using characteristics of the communications medium for the legitimate channel that are never controlled or examined by legitimate users. For example, a file can be opened and closed by a program in a specific, timed pattern that can be detected by another program, and the pattern can be interpreted as a string of bits, forming a covert channel; since it is unlikely that legitimate users will check for patterns of file opening and closing operations, this type of covert channel can remain undetected for long periods.

External links

• Timing Channels an early exploitation of a timing channel in Multics.ru:Скрытый канал