Applying covert channel in TCP Fast Open (TFO) / Mohamed Azran Aziz

Mohamed Azran , Aziz (2019) Applying covert channel in TCP Fast Open (TFO) / Mohamed Azran Aziz. Masters thesis, University of Malaya.

	PDF (The Candidate's Agreement) Restricted to Repository staff only Download (219Kb)
Preview	PDF (Thesis M.A) Download (1611Kb) | Preview

Abstract

Covert channel is one of the techniques that is used in information hiding. It uses communication channel as a medium for transmitting hidden information. There are two main categories in covert channel namely storage covert channel and timing covert channel. Storage covert channel basically manipulate existing data and/or encode hidden messages within legitimate data. Whereas, timing covert channel intentionally manipulate timing behaviour of resources e.g. delaying between packets to create codes. There are many implementations of covert channel in TCP that use various fields in the TCP header such as Sequence Number, Urgent Pointer and reserved fields. Techniques such as field replacement, create intended delays and manipulating random values are used in implementing covert channel in TCP. Moreover, covert channel implementations also extended to optional fields such as Maximum Segment Size (MSS) and Timestamps. From time to time these optional fields (TCP Options) get evolved (e.g. Quick-Start Response - 2007, TCP Authentication Option – 2010 and TCP Fast Open -2014) and thus more potential covert channel implementations can be discovered. TCP Fast Open (TFO) is one of the latest TCP options that offers faster transmission performances between nodes. It utilises up to 16 bytes in allocated options field in TCP header as its message authentication code (MAC). Previous covert channel implementations cover various fields in the TCP header but not TFO. The aim of this study is to introduce covert channel in TFO by manipulating allocated options field in the TCP header known as TFO cookie. Subsequent to this, observation on performances are investigated as to detect any changes in semantic as well as syntax of TFO transactions. To conduct this study, tools are built to manipulate incoming and outgoing packet transactions and create covert content in allocated options field in TCP header. Further, performance test is conducted to observe any changes in transactions between implemented covert channel TFO and ordinary TFO. The results of the tests show covert content is transferred successfully between receiver and sender without breaking TFO transaction. Moreover, the results also show there are no significance performance degradation when applying covert channel into TFO. These results indicate that covert channel can be created in TFO and works normally as ordinary TFO. On this basis, it would make covert channel in TFO as one of latest alternative methods in implementation of covert channel in TCP.

Actions (For repository staff only : Login required)