We propose a covert channel and its implementation in Windows OS. This storage channel uses the Initial Sequence Number of TCP to hide four characters of text, and the identification field to "sign"the message and thus understand if it has been altered during the transmission. The secret is sent in the first SYN packet to open a connection, and an ACK-RST response acknowledges the receipt. Designed error-correction codes make the protocol more robust and able to handle (IP) packet drops and transmission errors. In this paper, we provide a detailed discussion of the implementation and an evaluation of the stealthiness of the proposed channel.
A TCP-based Covert Channel with Integrity Check and Retransmission
Bistarelli S.;Santini F.
2023
Abstract
We propose a covert channel and its implementation in Windows OS. This storage channel uses the Initial Sequence Number of TCP to hide four characters of text, and the identification field to "sign"the message and thus understand if it has been altered during the transmission. The secret is sent in the first SYN packet to open a connection, and an ACK-RST response acknowledges the receipt. Designed error-correction codes make the protocol more robust and able to handle (IP) packet drops and transmission errors. In this paper, we provide a detailed discussion of the implementation and an evaluation of the stealthiness of the proposed channel.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.