• 정보보호학회논문지
• /
• 제29권5호
• /
• pp.961-971
• /
• 2019

공유 자원 간섭으로 인해 가상머신 간의 격리가 위반되고 은닉 채널 구현이 가능해서 클라우드 컴퓨팅 환경에서 가상머신 간의 격리는 중요 보안 요소이다. 본 논문에서는 Hyper-V 하이퍼바이저의 구조를 분석하여 가상머신 간의 은닉 채널을 구현한다. Hyper-V는 가상머신 간의 상호 배제를 위해 mutex(mutual exclusion) 기법을 사용한다. Mutex로 인해 가상머신 간의 간섭이 발생하고 은닉 채널 구현이 가능함을 밝힌다. 구조가 복잡한 Hyper-V에 적용가능한 mutex 자원 탐색 방안을 고안하여 은닉 채널을 다수 구현하였다. Mutex 기반 은닉 채널은 하드웨어 의존적이지 않으며, 은닉 채널이 탐지되거나 방어되는 경우 다수의 은닉 채널 중에서 다른 은닉 채널을 이용하면 방어 기법 회피가 가능하다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권4호
• /
• pp.1866-1883
• /
• 2019

As the youngest branch of information hiding, network covert timing channels conceal the existence of secret messages by manipulating the timing information of the overt traffic. The popular model-based framework for constructing covert timing channels always utilizes cumulative distribution function (CDF) of the inter-packet delays (IPDs) to modulate secret messages, whereas discards high-order statistics of the IPDs completely. The consequence is the vulnerability to high-order statistical tests, e.g., entropy test. In this study, a rich security model of covert timing channels is established based on IPD chains, which can be used to measure the distortion of multi-order timing statistics of a covert timing channel. To achieve rich security, we propose two types of covert timing channels based on nested lattices. The CDF of the IPDs is used to construct dot-lattice and interval-lattice for quantization, which can ensure the cell density of the lattice consistent with the joint distribution of the IPDs. Furthermore, compensative quantization and guard band strategy are employed to eliminate the regularity and enhance the robustness, respectively. Experimental results on real traffic show that the proposed schemes are rich-secure, and robust to channel interference, whereas some state-of-the-art covert timing channels cannot evade detection under the rich security model.

• International journal of advanced smart convergence
• /
• 제6권4호
• /
• pp.56-59
• /
• 2017

In this paper, we design a covert channel based on instruction gadgets in smart sensing devices. Unlike the existing convert channels that usually utilize diverse physical characteristics or user behaviors or sensory data of smart sensing devices, we show that instruction gadgets could be exploited for covert channel establishment in smart sensing devices. In our devised covert channels, trojan smart sensing devices exchange attack packets in such a way that they encode an attack bit in attack packet to a series of addresses of instruction gadgets and decode an attack bit from a series of addresses of instruction gadgets.

• International Journal of Internet, Broadcasting and Communication
• /
• 제13권1호
• /
• pp.243-248
• /
• 2021

Although many different types of covert channels have been suggested in the literature, there are little work in directly applying game theory to building up covert channel. This is because researchers have mainly focused on tailoring game theory for covert channel analysis, identification, and covert channel problem solving. Unlike typical adaptation of game theory to covert channel, we show that game theory can be utilized to establish a new type of covert channel in IoT devices. More specifically, we propose a covert channel that can be constructed by utilizing the Nash Equilibrium with sensor data collected from IoT devices. For covert channel construction, we set random seed to the value of sensor data and make payoff from random number created by running pseudo random number generator with the configured random seed. We generate I × J (I ≥ 2, J ≥ 2) matrix game with these generated payoffs and attempt to obtain the Nash Equilibrium. Covert channel construction method is distinctly determined in accordance with whether or not to acquire the Nash Equilibrium.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권8호
• /
• pp.3550-3566
• /
• 2020

As a widely used way to exfiltrate information, wireless covert channel (WCC) brings a serious threat to communication security, which enables the wireless communication process to bypass the authorized access control mechanism to disclose information. Unlike the covert channel on the network layer, wireless covert channels on the physical layer (WCC-P) is a new covert communication mode to implement and improve covert wireless communication. Existing WCC-P scheme modulates the secret message bits into the Gaussian noise, which is also called covert digital communication system based on the joint normal distribution (CJND). Finding the existence of this type of covert channel remains a challenging work due to its high undetectability. In this paper, we exploit the square autocorrelation coefficient (SAC) characteristic of the CJND signal to distinguish the covert communication from legitimate communication. We study the sharp increase of the SAC value when the offset is equal to the symbol length, which is caused by embedding secret information. Then, the SAC value of the measured sample is compared with the threshold value to determine whether the measured sample is CJND sample. When the signal-to-noise ratio reaches 20db, the detection accuracy can reach more than 90%.

• 정보보호학회논문지
• /
• 제14권1호
• /
• pp.35-45
• /
• 2004

폭발적으로 증가하는 인터넷 환경에서 정보보호는 가장 중요한 고려사항 중의 하나이다. 현재 이에 대한 대응방안으로 IDS, 방화벽, VPN 등 여러 보안 솔루션들이 사용되고 있지만 TCP/IP를 근간으로 하는 인터넷 환경은 기본적으로 프로토콜 자체의 취약성을 가지고 있다. 그 중에서도, TCP/IP 헤더 중 ICMP Payload. Identification(ID), Sequence Number(SEQ), Acknowledge(ACK). Timestamp의 필드 내용을 조작함으로써 특정 정보를 전송할 수 있는 은닉채널이 가능하다고 이미 알려져 있다. 특히 본 논문에서는 TCP/IP 헤더의 여러 필드들 중에서도 IP 헤더의 ID 필드, TCP 헤더의 SEQ 필드를 이용한 은닉채널 탐지에 초점을 맞추었으며, 이러한 은닉채널의 탐지를 위하여, 패턴분류 문제 있어서 우수한 성능을 보이는 것으로 알려져 있는 Support Vector Machine(SVM)을 사용하였다. 본 논문의 실험결과에서는 제안된 탐지방안이 정상 TCP/IP 트래픽으로부터 은닉채널이 포함된 TCP/IP 패킷을 구분할 수 있음을 보여주었다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권4호
• /
• pp.1927-1943
• /
• 2016

Jitterbug is a passive network covert timing channel supplying reliable stealthy transmission. It is also the basic manner of some improved covert timing channels designed for higher undetectability. The existing entropy-based detection scheme based on training sample binning may suffer from model mismatching, which results in detection performance deterioration. In this paper, a new detection method based on the feature of Jitterbug covert channel traffic is proposed. A fixed binning strategy without training samples is used to obtain bins distribution feature. Coefficient of variation (CV) is calculated for several sets of selected bins and the weighted mean is used to calculate the final CV value to distinguish Jitterbug from normal traffic. Furthermore, the timing window parameter of Jitterbug is estimated based on the detected traffic. Experimental results show that the proposed detection method can achieve high detection performance even with interference of network jitter, and the parameter estimation method can provide accurate values after accumulating plenty of detected samples.

• 한국정보통신학회논문지
• /
• 제20권8호
• /
• pp.1422-1430
• /
• 2016

전송되는 정보들의 가로채기 확률을 감소시키기 위한 피감청 기술 중 대표적인 대역확산통신 기법을 적용함으로써 통신 성능에 미치는 영향을 분석하고, 이를 통해 최적의 은밀 수중음향통신 시스템의 모델을 제안한다. 대역확산 통신 된 신호의 레벨이 낮아져 주변의 배경소음과 같은 레벨로 전송하기 때문에 피탐지 확률이 감소하고 은밀성의 특징을 갖게 된다. 본 논문에서는 BCJR(Bahl, Cocke, Jelinek, Raviv) 복호방법과 대역 확산 기법 중 직접 수열 대역 확산 기법을 적용하였으며, 은밀 수중 통신에서 고려되는 송수신 모델은 크게 두 가지로 나뉘는데, 경판정 기반의 송수신 모델과 반복기반의 터보 등화 모델의 성능을 시뮬레이션과 호수 실험을 통해 성능을 비교 분석하였다.

• Asian Journal for Public Opinion Research
• /
• 제9권3호
• /
• pp.293-306
• /
• 2021

The news and views of Pakistani television channels are extensively shared on digital media for information or analysis where the general public discusses overt and covert agendas by mentioning their factual and presentational style. This study contributes to the contemporary studies of media perception through focus group interviews with 72 randomly selected master's and bachelor's students studying Media and Communication at the School of Media and Communication Studies, University of Management and Technology, Lahore, Pakistan to provide information about the feelings and observations of future journalists and media literates. In summary, the findings of our research exposed the negative perception of Pakistani electronic media among the participants due to what they perceived as biased, inaccurate, and unethical reporting.

• Journal of Information Processing Systems
• /
• 제9권2호
• /
• pp.189-204
• /
• 2013

The confinement problem was first noted four decades ago. Since then, a huge amount of efforts have been spent on defining and mitigating the problem. The evolution of technologies from traditional operating systems to mobile and cloud computing brings about new security challenges. It is perhaps timely that we review the work that has been done. We discuss the foundational principles from classical works, as well as the efforts towards solving the confinement problem in three domains: operating systems, mobile computing, and cloud computing. While common issues exist across all three domains, unique challenges arise for each of them, which we discuss.