Covert channel

From Wikipedia, the free encyclopedia

In information theory, a covert channel is a parasitic communications channel that draws bandwidth from another channel in order to transmit information without the authorization or knowledge of the latter channel's designer, owner, or operator.

Contents

A covert channel is so called because it is hidden within the medium of a legitimate communications channel. Covert channels typically manipulate certain properties of the communications medium in an unexpected, unconventional, or unforeseen way in order to transmit information through the medium without detection by anyone other than the entities operating the covert channel.

All covert channels draw their bandwidth (information-carrying capacity) from a legitimate channel, thus reducing the capacity of the latter; however, the bandwidth drawn from the channel is often unused, anyway, and so the covert channel may still be well hidden.

For example, steganography is a form of covert channel in which very small details of images are subtly altered in order to communicate information in a way not immediately obvious to anyone casually examining the images.

  • One type of steganography uses the low-order bit of the data for each pixel in an image to carry the information of a covert channel: these bits carry the covert message, while the rest of the bits carry the legitimate image. The very slight change in the image caused by modification of the low-order bit in each pixel is imperceptible in most cases to anyone who isn't already looking for such a change.
  • Background audio noise can hide signals like MT63, but other more complex audio watermarking technologies exist for the protection of mass marketed audio CDs.

Because any bandwidth used by the covert channel is “stolen” from the legitimate channel, the greater the bandwidth used by the covert channel, the more likely it is that it will be obvious to users of the legitimate channel.

  • A steganography system that uses only the low-order bit of every pixel has a low bandwidth (compared to the bandwidth consumed by transmission of the image itself), but is very discreet.
  • A steganography system that uses all but the highest-order bit of each pixel has very high bandwidth -- but will be instantly obvious to anyone looking at the image used to carry the covert channel.

The Trusted Computer Security Evaluation Criteria (TCSEC) is a set of criteria established by the National Computer Security Center, an agency managed by the United States' National Security Agency.

The term covert channel is defined in the TCSEC [1] specifically to refer to ways of transferring information from a higher classification compartment to a lower classification. The TCSEC defines two kinds of covert channels:

  • Storage channels - Communicate by modifying a stored object
  • Timing channels - Transmit information by affecting the relative timing of events

The TCSEC, also known as the Orange Book, [2] requires analysis of covert storage channels to be classified as a B2 system and analysis of covert timing channels is a requirement for class B3.

The possibility of covert channels cannot be completely eliminated, although it can be significantly reduced by careful design and analysis. There will always be some unused portion of the bandwidth of a legitimate communications channel that can be diverted to provide a covert channel.

The detection of a covert channel can be made more difficult by using characteristics of the communications medium for the legitimate channel that are never controlled or examined by legitimate users. For example, a file can be opened and closed by a program in a specific, timed pattern that can be detected by another program, and the pattern can be interpreted as a string of bits, forming a covert channel. Since it is unlikely that legitimate users will check for patterns of file opening and closing operations, this type of covert channel can remain undetected for long periods.

A similar case is port knocking. In usual communications the timing of requests is irrelevant and unwatched. Port knocking makes it significant.

  1. ^ NCSC-TG-030, Covert Channel Analysis of Trusted Systems (Light Pink Book) from the United States Department of Defense (DoD) Rainbow Series publications.
  2. ^ 5200.28-STD, Trusted Computer System Evaluation Criteria (Orange Book) from the DoD Rainbow Series publications

Retrieved from "http://en.wikipedia.org../../../c/o/v/Covert_channel.html"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.