An Overview of Covert Channels

E. Pennington, W. Oblitey, S. Ezekiel, J. Wolfe Covert Channels Research Group Computer Science Department IUP, Indiana, PA 15705 e.j.pennington, oblitey, sezekiel, jlwolfe@iup.edu

ABSTRACT A covert channel is any method of communication that is used to illicitly transfer information, thus breaking the security policy of the system. Any shared resource can potentially be used as a covert channel. There are many threats that modern network security must take into account. From brute force password attacks to port scanning, the issues, which system engineers and administrators must worry about, increase at a faster than normal pace. However, one of the issues that many in the field have not paid enough attention to is covert channels. In this paper, we present an overview of covert channels with examples. We explore the two types of covert channels: storage channels and timing channels. Storage channels are more commonly used than timing channels because they are easier to implement. Both constitute major security threats. Covert channels can be designed for either a single system or a network. It is important for system engineers to understand covert channels so that they will be able to preemptively overcome certain security problems. We also explore the implementation problems associated with covert channels, for example noise. The associated topic of information hiding, which includes steganography, is also presented. KEY WORDS Covert Channel, Storage Channel, Timing Channel, Steganography, Security, and Network

them hidden from the warden, they communicate with each other in code. Each word with an even number of letters is read as a 1. Each word with an odd number of letters is read as a 0. For example, if Bob sent a message to Alice asking Hey, what are you up to, Alice would interpret is as 010011. The warden, in this case, has been used as a covert channel [1]. Although no prisoners would probably attempt that in real life, it works very well as an analogy for how a covert channel operates. According to the Department of Defenses (DoD) Trusted Computer System Evaluation Criteria (TSEC), A covert channel is any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy [2]. There are two different types of covert channels, known as covert storage channels and covert timing channels, respectively. Following this introduction, we briefly discuss storage channels, timing channels, and the problem of noise in the next section. The connection between steganography and covert channels is presented in section three, and section four is our conclusion.

2. Types of Covert Channels

In this section, we discuss the basics of covert storage channels and covert timing channels, with examples of each. We also present the problem of noise in covert channels. 2.1 Storage Channels Covert storage channels are methods of communication that include all vehicles that would allow the direct or indirect writing of a storage location by one process and the direct or indirect reading of it by another [2]. In other words, one process writes to a shared resource, while another process reads from it. Storage channels can be used between processes within a single computer or between multiple computers across a network [3]. A good example of a storage channel is a printing queue. The process with higher security privileges, the sending process, either fills up the printer queue to signal a 1 or leaves it as it is to signal a 0. The process with lower security privileges, the receiving process, polls the printer queue to see whether or not it is full and determines the value accordingly.

1. Introduction
Until the 1980s, issues of network security rarely entered into the minds of system engineers that has all changed. A systems security now has top priority. Despite this fact, many system programmers have overlooked the threat of covert channels. Although they have been around since the dawn of modern computing, they are only now beginning to receive wider attention. To illustrate the problem more fully, let us use an analogy. Alice and Bob have been incarcerated and placed in two separate jail cells. They want to coordinate an escape plan. However, they have a small problem. All messages that they send to each other must first be read by the warden before being passed on. In order to be able to coordinate their plans while at the same time keeping

2.2. Timing Channels Covert timing channels are methods of communication that include all vehicles that would allow one process to signal information to another process by modulating its own use of system resources in such a way that the change in response time observed by the second process would provide information [2]. In other words, it is essentially any method that uses a clock or measurement of time to signal the value being sent over channel. Similarly to storage channels, timing channels can exist both in a single-computer setting and a network setting. However, they are less practical in a network setting [4]. An example of a timing channel can be found in a movable head I/O device, such as a hard disk. One process with higher security privileges, the sending process, has access to the entire device while another process with lower security privileges, the receiving process, only has access to a small portion of the device. Requests to the device are processed serially. To signal a 1, the sending process makes a read request far away from the section that the receiving process has access to. To signal a 0, it does nothing. The receiving process makes a read request within its own section and uses the time it takes for the head to travel to the section and finish the read request to determine the value accordingly [2]. Papers by the National Computer Security Center [5] and Van Vleck [6] provide more examples of timing channels. 2.3. Noise in Covert Channels One of the major problems in a successful implementation of a covert channel is noise. A noisy channel intentionally or accidentally corrupts the data signal with errors so that the information rate is slower than the data rate [7]. Because it is a primary problem in their implementation, it is also the best defenses against covert channels. If enough noise is introduced into a covert channel, it can hinder the use of that channel. The receiving process would have to request the same data continuously and wait for a very high level of redundancy before knowing that it is reliable. This process may take many hours for a request that would only take a few clock cycles if the channel was noise-free. Although this does not halt the covert channel, it can considerably decrease its speed [7].

done correctly, this should not alter the image enough to be noticeable to the human eye. However, the more data stored in the picture, the more the picture is altered [10].

4. Conclusion
We presented an overview of covert channels, its types, and examples of each. We also briefly discussed noise in covert channels as well as their relation to steganography. Our research will continue with further study in developing covert channel detection and defense.

Acknowledgements:
The authors would like to thank the Computer Science Department at IUP, and acknowledge the help of the Covert Channels Research Group members, Michael McFail, Robert Trimble, and Kathleen Reiland.

References:
[1] G. Simmons. The Prisoners Problem, 1983. [2] Department of Defense. Trusted Computer System Evaluation Criteria, 1985. [3] M. McFail. Covert Storage Channels: A Brief Overview. PACISE conference. Bloomsburg, PA, 2005. [4] E. Pennington. Covert Timing Channels: A Brief Overview. PACISE conference. Bloomsburg, PA, 2005. [5] National Computer Security Center. A Guide to Understanding Covert Channel Analysis of Trusted Systems, 1993. [6] T. Van Vleck. Multics Timing Channels. IEEE TCSP conference. Oakland, California, 1990. [7] N. Proctor and P. Neumann. Architectural Implications of Covert Channels. SRI International, 1992. [8] M. Owens. A Discussion of Covert Channels and Steganography. SANS Institute, 2002. [9] K. Reiland. Steganography and Covert Channels. PACISE conference. Bloomsburg, PA, 2005. [10] G. Kessler. Steganography: Hiding Data Within Data. 2001.

3. Steganography
Steganography is a method of covert communication that relates well to covert channels. It is any method used to conceal a secret object within another public object [8]. When employing any steganographic techniques, a coverfile is used to hide the information. It can be a text-file, audio, image, video, piece of software, or others [9]. A common example of steganography is known as least significant bit (LSB) insertion. In a 24-bit bitmap image, the colors red, green, and blue have one byte each that represent their intensities. A steganographer could replace the least intense bits with the hidden message. If