Covert channels in TCP/IP protocol stack - extended version-

[1] B. Lampson, A Note on the Confinement Problem, Communications of the ACM 16(10), 613–615, 1973 http://dx.doi.org/10.1145/362375.36238910.1145/362375.362389Search in Google Scholar

[2] Department of Defence, Department of defence trusted computer system evaluation criteria, Technical Report DOD 5200.28-ST., Supersedes CSC-STD-001-83, December 1985 Search in Google Scholar

[3] J. Gray, Countermeasures and tradeoffs for a class of covert timing channels, 1994, Available at: http://repository.ust.hk/dspace/bitstream/1783.1/25/1/tr94-18.pdf Search in Google Scholar

[4] P. R. Gallagher, A Guide to Understanding Covert Channel Analysis of Trusted Systems (National Computer Security Center, USA, 1993) Search in Google Scholar

[5] G. J. Simmons, In: D. Chaum (ed.), The prisoners problem and the subliminal channel, Crypto’ 83, Advances in Cryptography (Springer, US, 1984) pp. 51–67 10.1007/978-1-4684-4730-9_5Search in Google Scholar

[6] W. Mazurczyk, K. Szczypiorski, In: Z. Tari (ed.), Steganography of VoIP Streams On the Move to Meaningful Internet Systems (OTM 2008), Monterrey, Mexico, November 9–14, 2008, LNCS vol. 5332, 1001–1018 10.1007/978-3-540-88873-4_6Search in Google Scholar

[7] M. Wolf, In: T. A. Berson, Covert channels in LAN protocols, Beth, T. (Eds.) proceedings of: Workshop on Local Area Network Security (LANSEC 89), Karlsruhe, FRG, April 3–6, 1989, LNCS vol. 396, 91–102 Search in Google Scholar

[8] T. Handel, M. Sandford, In Anderson R. (ed.), Hiding data in the OSI network model, Information Hiding, Cambridge, U.K., May 30–June 1, 1996, LNCS vol. 1174, 23–38 10.1007/3-540-61996-8_29Search in Google Scholar

[9] S. J. Murdoch, S. Lewis, In M. Barni, J. Herrera Joancomartí, S. Katzenbeisser, F. Pérez-González (Eds.), Embedding Covert Channels into TCP/IP, proceedings of: 7th Information Hiding Workshop, Barcelona, Spain, June 6–8, 2005, LNCS vol. 3727, 247–261 10.1007/11558859_19Search in Google Scholar

[10] C. H. Rowland, Covert channels in the TCP/IP protocol suite, DoIS Documents in Information Science, May 1997 10.5210/fm.v2i5.528Search in Google Scholar

[11] D. V. Forte, SecSyslog: An Approach to Secure Logging Based on Covert Channels, In proceedings of: First International Workshop of Systematic Approaches to Digital Forensic Engineering (SADFE 2005), Taipei, Taiwan, November 7–10, 2005, 248–263 Search in Google Scholar

[12] R. deGraaf, J. Aycock, M. Jacobson Jr., Improved Port Knocking with Strong Authentication, In proceedings of: the 21st Annual Computer Security Applications Conference (ACSAC 2005), Tucson, AZ, December 5–9, 2005 Search in Google Scholar

[13] N. Feamster, M. Balazinska, G. Harfst, H. Balakrishnan, D. Karger, Infranet: Circumventing Web Censorship and Surveillance, In proceedings of: the 11th USENIX Security Symposium, San Francisco, CA, August 8–12, 2002, 247–262 Search in Google Scholar

[14] S. Burnett, N. Feamster, S. Vempala, Chipping Away at Censorship Firewalls with User-Generated Content, In proceedings of: the 19th USENIX conference on Security (USENIX Security’10), Washington, DC, August 11–13, 2010 Search in Google Scholar

[15] A. Houmansadr, T. Riedl, N. Borisov, E. Singer, I want my voice to be heard: IP over Voice-over-IP for unobservable censorship circumvention, In proceedings of: the 20th NDSS Symposium 2013, San Diego, USA, February 24–27, 2013 Search in Google Scholar

[16] W. Mazurczyk, Z. Kotulski, In: J. Górski (ed.), New VoIP Traffic Security Scheme with Digital Watermarking, proceedings of: SafeComp 2006, Gdansk, Poland, September 26–29, 2006, LNCS vol. 4166, 170–181 Search in Google Scholar

[17] W. Mazurczyk, Z. Kotulski, New Security and Control Protocol for VoIP Based on Steganography and Digital Watermarking, Ann. UMCS Inform. 5, 417–426, 2006 Search in Google Scholar

[18] A. Houmansadr, N. Kiyavash, N. Borisov, RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows, In proceedings of: the 16th NDSS Symposium 2009, San Diego, USA, February 8–11, 2009 Search in Google Scholar

[19] A. Houmansadr, N. Borisov, SWIRL: A scalable watermark to detect correlated network flows, In proceedings of: the 18th NDSS Symposium 2009, San Diego, USA, February 6–9, 2011 Search in Google Scholar

[20] X. Wang, S. Chen, S. Jajodia, Tracking anonymous peer-to-peer voip calls on the internet, in proceedings of: the 2005 ACM Conference on Computer and Communications Security, November 2005 10.1145/1102120.1102133Search in Google Scholar

[21] X. Wang, D. S. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of inter packet delays, in proceedings of: the 2003 ACM Conference on Computer and Communications Security, October 2003 10.1145/948109.948115Search in Google Scholar

[22] E. Jones, O. Le Moigne, J.-M. Robert, IP Traceback Solutions Based on Time to Live Covert Channel, In proceedings of: 12th IEEE International Conference on Networks (ICON 2004), November 16–19, 2004, 451–457 Search in Google Scholar

[23] W. Mazurczyk, M. Karas, K. Szczypiorski, SkyDe: a Skype-based Steganographic Method, Int. J. Comput. Commun. Control 8(3), 389–400, 2013 10.15837/ijccc.2013.3.469Search in Google Scholar

[24] P. Kopiczko, W. Mazurczyk, K. Szczypiorski, StegTorrent: a steganographic method for P2P files sharing service, in proceedings of: IEEE Symposium on Security and Privacy Workshops 2013, San Francisco, CA, May 23–24, 2013, 151–157 10.1109/SPW.2013.11Search in Google Scholar

[25] P. Bialczak, W. Mazurczyk, K. Szczypiorski, Sending Hidden Data via Google Suggest, arXiv:1107.4062 Search in Google Scholar

[26] X. Luo, E. Chan, R. Chang, Crafting Web Counters into Covert Channels, in proceedings of: IFIP 2007, Sandton, South Africa, 2007, 337–348 10.1007/978-0-387-72367-9_29Search in Google Scholar

[27] E. Zielinska, W. Mazurczyk, K. Szczypiorski, Development Trends in Steganography, Commun. ACM 57(2), 2014 (in press) 10.1145/2566590.2566610Search in Google Scholar

[28] S. Zander, G. Armitage, P. Branch, A survey of covert channels and countermeasures in computer network protocols, IEEE Communications Surveys and Tutorials 9(3), 44–57, 2007 http://dx.doi.org/10.1109/COMST.2007.431762010.1109/COMST.2007.4317620Search in Google Scholar

[29] P. Peng, P. Ning, D. Reeves, On the secrecy of timing-based active watermarking trace-back techniques, in proceedings of: the 2006 IEEE Symposium on Security and Privacy, Oakland, USA, May 2006 10.1109/SP.2006.28Search in Google Scholar

[30] D. Llamas, C. Allison, A. Miller, Covert Channels in Internet Protocols: A Survey, In proceedings of: the 6th Annual Postgraduate Symposium about the Convergence of Telecommunications, Networking and Broadcasting (PGNET), Liverpool, UK, June 27–28, 2005 Search in Google Scholar

[31] M. Smeets, M. Koot, Covert Channels, Research Report (University of Amsterdam, Amsterdam, 2006) Search in Google Scholar

[32] P. Allix, Covert channels analysis in TCP/IP networks, IFIPS School of Engineering, University of Paris-Sud XI, Orsay, France, 2007 Search in Google Scholar

[33] J. C. Smith, Covert Shells, SANS GIAC Reading Room, 2000 Search in Google Scholar

[34] M. C. Perkins, Hiding out in Plaintext: Covert Messaging with Bitwise Summations, Master thesis (Iowa State University, 2005) Search in Google Scholar

[35] B. Jankowski, W. Mazurczyk, K. Szczypiorski, PadSteg: Introducing Inter-Protocol Steganography, Telecomm. Syst. 52(2), 1101–1111, 2013 Search in Google Scholar

[36] P. Dong, H. Qian, Z. Lu, S. Lan, A Network Covert Channel Based on Packet Classification, Int. J. Network Security 14(2), 109–116, 2012 Search in Google Scholar

[37] K. Ahsan, D. Kundur, Practical data hiding in TCP/IP, In proceedings of: Multimedia and Security Workshop at ACM Multimedia 2002, Juan-les-Pins, France, December 1–6, 2002 Search in Google Scholar

[38] K. Ahsan, Covert channel analysis and data hiding in TCP/IP, Master thesis (University of Toronto, 2002) Search in Google Scholar

[39] E. Cauich, R. Gómez, R. Watanabe, In: F. F. Ramos, V. L. Rosillo, H. Unger (Eds.), Data Hiding in Identification and Offset IP Fields, Proceedings of 5th International School and Symposium of Advanced Distributed Systems (ISSADS) 2005, LNCS vol. 3563, (Springer, Berlin, Heidelberg, 2005) pp. 118–125 10.1007/11533962_11Search in Google Scholar

[40] W. Mazurczyk, K. Szczypiorski, Steganography in handling oversized IP packets, In proceedings of: First International Workshop on Network Steganography (IWNS 2009), Wuhan, China, November 18–20, 2009 10.1109/MINES.2009.246Search in Google Scholar

[41] H. Qu, P. Su, D. Feng, A Typical Noisy Covert Channel in the IP Protocol, In proceedings of: the 38th Annual International Carnahan Conference of Security Technology, October 11–14, 2004, 189–192 Search in Google Scholar

[42] S. Zander, G. Armitage, P. Branch, Covert Channels in the IP Time To Live Field, In proceedings of: the Australian Telecommunication Networks and Applications Conference (ATNAC), Melbourne, December 4–6, 2006 Search in Google Scholar

[43] vecna, B0CK, Butchered From Inside, 2000, 7(2) Search in Google Scholar

[44] C. Abad, IP checksum covert channels and selected hash collision, Technical report (University of California, 2001) Search in Google Scholar

[45] Z. Trabelsi, H. El-Sayed, L. Frikha, T. Rabie, Traceroute Based IP Channel for Sending Hidden Short Messages, In proceedings of: First International Workshop on Security Advances in Information and Computer Security (IWSEC 2006), Kyoto, Japan, October 23–24, 2006, LNCS vol. 4266, 421–436 10.1007/11908739_30Search in Google Scholar

[46] Z. Trabelsi, H. El-Sayed, L. Frikha, T. Rabie, A novel covert channel based on the IP header record route option, Int. J. Adv. Media Commun 1(4), 328–350, 2007 http://dx.doi.org/10.1504/IJAMC.2007.01481110.1504/IJAMC.2007.014811Search in Google Scholar

[47] W. Mazurczyk, K. Szczypiorski, Evaluation of steganographic methods for oversized IP packets, Telecommun. Syst. 49, 207–217, 2012 http://dx.doi.org/10.1007/s11235-010-9362-710.1007/s11235-010-9362-7Search in Google Scholar

[48] S. D. Servetto, M. Vetterli, Communication using phantoms: covert channels in the Internet. In proceedings of: IEEE International Symposium on Information Theory (ISIT), Washington, DC, June 24–29, 2001 Search in Google Scholar

[49] A. El-Atawy, E. Al-Shaer, Building Covert Channels over the Packet Reordering Phenomenon, in proceedings of: IEEE INFOCOM 2009, 2186–2194 10.1109/INFCOM.2009.5062143Search in Google Scholar

[50] A. Galatenko, A. Grusho, A. Kniazev, E. Timonina, Statistical Covert Channels Through PROXY Server, In proceedings of: Third International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, St. Petersburg, Russia, 2005, LNCS vol. 3685, 424–429 10.1007/11560326_34Search in Google Scholar

[51] M. A. Padlipsky, D. W. Snow, P. A. Karger, Limitations of End-to-End Encryption in Secure Computer Networks, Technical Report ESD-TR-78-158, Mitre Corporation, August 1978 10.21236/ADA059221Search in Google Scholar

[52] S. Cabuk, C. E. Brodley, C. Shields, IP covert timing channels: Design and detection, In Proceedings of: the 11th ACM Conference on Computer and Communications Security, Washington DC, USA, 2004, ACM Press, 178–187 10.1145/1030083.1030108Search in Google Scholar

[53] V. Berk, A. Giani, G. Cybenko, Detection of Covert Channel Encoding in Network Packet Delays, Technical Report TR2005-536, Department of Computer Science, Dartmouth College, 2005 Search in Google Scholar

[54] G. Shah, A. Molina, M. Blaze, Keyboards and Covert Channels, In proceedings of: 15th USENIX Security Symposium, Vancouver, Canada, August 2006, 59–75 Search in Google Scholar

[55] S. Cabuk, Network covert channels: design, analysis, detection and elimination, PhD thesis (Purdue University, 2006) Search in Google Scholar

[56] S. Gianvecchio, H. Wang, D. Wijesekera, S. Jajodia, Model-based covert timing channels: Automated modeling and evasion, in: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008, LNCS, vol. 5230 (Springer, 2008) pp. 211–230 10.1007/978-3-540-87403-4_12Search in Google Scholar

[57] S. H. Sellke, C.-C. Wang, S. Bagchi, N. Shroff, TCP/IP Timing Channels: Theory to Implementation, In proceedings of: the 28th Conference on Computer Communications (IEEE INFOCOM), Rio de Janeiro, Brazil, April 19–25, 2009 10.1109/INFCOM.2009.5062145Search in Google Scholar

[58] V. Paxson, S. Floyd, Wide-area traffic: the failure of Poisson modeling, IEEE/ACM T. Network. 3(3), 226–244, 1995 http://dx.doi.org/10.1109/90.39238310.1109/90.392383Search in Google Scholar

[59] S. Zander, G. Armitage, P. Branch, Stealthier Inter-packet Timing Covert Channels, in proceedings of: 10th International IFIP TC 6 Networking Conference, Valencia, Spain, May 9–13, 2011, LNCS vol. 6640, 458–470 10.1007/978-3-642-20757-0_36Search in Google Scholar

[60] Z. Trabelsi, I. Jawhar, Covert File Transfer Protocol Based on the IP Record Route Option, J. Inform. Assurance Security 5, 64–73, 2010 Search in Google Scholar

[61] S. Gianvecchio, H. Wang, An Entropy-Based Approach to Detecting Covert Timing Channels, IEEE T. Dependable and Secure Computing 8(6), 785–797, 2011 http://dx.doi.org/10.1109/TDSC.2010.4610.1109/TDSC.2010.46Search in Google Scholar

[62] T. Graf, Messaging over IPv6 Destination Options, Swiss Unix User Group, 2003 Search in Google Scholar

[63] N. B. Lucena, G. Lewandowski, S. J. Chapin, In: G. Danezis, D. Martin (Eds.), Covert Channels in IPv6, Proceedings of: the 5th International Workshop Privacy Enhancing Technologies (PET 2005), Dubrovnik, May 30–June 1, 2005, 147–166 Search in Google Scholar

[64] daemon9, AKA, and route, Project Loki, Phrack Magazine 49, 6, 1996 Search in Google Scholar

[65] daemon9, Loki2 (the implementation), Phrack Magazine 51, 6, 1997 Search in Google Scholar

[66] A. Singh, C. Lu, O. Nordstrom, A. L. M. dos Santos, In: Y. Mu, W. Susilo, J. Seberry (Eds.), Malicious ICMP Tunneling: Defense against the Vulnerability, proceedings of: the 8th Australasian Conference on Information Security and Privacy (ACISP), Wollongong, Australia, July 9–11, 2003, LNCS vol. 5107 (Springer, 2003) pp. 226–236 Search in Google Scholar

[67] M. Muench, ICMP-Chat, 2003, Available at http://icmpchat.sourceforge.net/ Search in Google Scholar

[68] L. Zelenchuk, Skeeve — ICMP Bounce Tunnel, 2004, available at: http://www.gray-world.net/poc_skeeve.shtml Search in Google Scholar

[69] G. Thomer, IP-over-ICMP using ICMPTX, 2005, available at: http://thomer.com/icmptx/ Search in Google Scholar

[70] D. Stødle, Ping Tunnel, 2011, Available at: http://www.cs.uit.no/~daniels/PingTunnel/ Search in Google Scholar

[71] R. Murphy, V00d00n3t — Ipv6 / ICMPv6 Covert Channel, DefCon, Las Vegas, 2006 Search in Google Scholar

[72] K. Stokes, B. Yuan, D. Johnson, P. Lutz, In: K. Elleithy, T. Sobh, M. Iskander, V. Kapila, M. A. Karim, A. Mahmood (Eds.), ICMP covert channel resiliency, Technological Developments in Networking, Education and Automation, 2010, 503–506 10.1007/978-90-481-9151-2_87Search in Google Scholar

[73] B. Ray, S. Mishra, In: L. Korba, S. Marsh, R. Safavi-Naini (Eds.), A Protocol for Building Secure and Reliable Covert Channel, proceedings of: the Sixth Annual Conference on Privacy, Security and Trust (PST 2008), Fredericton, New Brunswick, Canada, October 1–3, 2008, 246–253 Search in Google Scholar

[74] C. Scott, Network Covert Channels: Review of Current State and Analysis of Viability of the use of X.509 Certificates for Covert Communications, Technical Report RHUL-MA-2008-11, Department of Mathematics, Roal Holloway, University of London, 2008 Search in Google Scholar

[75] R. Rios, J. A. Onieva, J. Lopez, HIDE_DHCP: Covert Communications Through Network Configuration Messages, In proceedings of: 27th IFIP TC 11 Information Security and Privacy Conference, Heraklion, Crete, Greece, June 4–6, 2012, IFIP Adv. Inform. Commun. Technol. 376, 162–173, 2012 10.1007/978-3-642-30436-1_14Search in Google Scholar

[76] J. Giffin, R. Greenstadt, P. Litwack, R. Tibbetts, In: R. Dingledine, P. Syverson (Eds.), Covert Messaging Through TCP Timestamps, Proceedings of the 2nd international conference on Privacy enhancing technologies (PET 2002), San Francisco, CA, April 14–15, 2002, 194–208 10.1007/3-540-36467-6_15Search in Google Scholar

[77] L. Ji, Y. Fan, C. Ma, Covert channel for local area network, In proceedings of: IEEE International Conference of Wireless Communications, Networking and Information Security (WCNIS 2010), 2010, 316–319 Search in Google Scholar

[78] J. Rutkowska, The Implementation of Passive Covert Channels in the Linux Kernel, Chaos Communication Congress, 2004 Search in Google Scholar

[79] A. Hintz, Covert Channels in TCP and IP Headers, DefCon 10, Las Vegas, Nevada, August 2–4, 2003 Search in Google Scholar

[80] E. Tumoian, M. Anikeev, Detecting NUSHU Covert Channels Using Neural Networks, Technical report (Taganrog State University of Radio Engineering, 2005) Search in Google Scholar

[81] R. Chakinala, A. Kumarasubramanian, R. Manokaran, G. Noubir, C. Pandu Rangan, R. Sundaram, Steganographic communication in ordered channels, In proceedings of: the 8th International Conference on Information Hiding Workshop, Alexandria, VA, USA, July 10–12, 2006 (Springer-Verlag Berlin, Heidelberg, 2006) pp. 42–57 10.1007/978-3-540-74124-4_4Search in Google Scholar

[82] X. Luo, E. Chan, R. Chang, Cloak: A ten-fold way for reliable covert communications, in proceedings of: ESORICS 2007, Dresden, Germany, September 24–26, 2007, LNCS vol. 4734, 283–298 10.1007/978-3-540-74835-9_19Search in Google Scholar

[83] X. Luo, E. Chan, R. Chang, TCP Covert Timing Channels: Design and Detection, In proceedings of: IEEE International Conference on Dependable Systems and Networks With FTCS and DCC, Anchorage, Alaska, June 24–27, 2008, 420–429 Search in Google Scholar

[84] X. Luo, E. Chan, R. Chang, CLACK: A network covert channel based on partial acknowledgement encoding, In proceedings of: IEEE International Conference on Communications, Dresden, Germany, June 14–18, 2009, 1–5 10.1109/ICC.2009.5198826Search in Google Scholar

[85] X. Luo, P. Zhou, E. Chan, R. Chang, W. Lee, A Combinatorial Approach to Network Covert Communications with Applications in Web Leaks, In proceedings of: IEEE/IFIP 41st International Conference on Dependable Systems and Networks (DSN 2011), Hong Kong, June 27–30, 2011, 474–485 10.1109/DSN.2011.5958260Search in Google Scholar

[86] G. Fisk, M. Fisk, C. Papadopoulos, J. Neil, In: F. A. P. Petitcolas (Ed.), Eliminating steganography in Internet traffic with active wardens, 5th International Workshop on Information Hiding (IH), 2002, LNCS vol. 2578, 18–35 10.1007/3-540-36415-3_2Search in Google Scholar

[87] J. S. Thyer, Covert Data Storage Channel Using IP Packet Headers (SANS Institute, 2008) Search in Google Scholar

[88] W. Mazurczyk, M. Smolarczyk, K. Szczypiorski, Retransmission Steganography Applied, In proceedings of: 2010 International Conference on Multimedia Information Networking and Security (MINES), Nanjing, China, November 4–6, 2010, 846–850 10.1109/MINES.2010.179Search in Google Scholar

[89] W. Mazurczyk, M. Smolarczyk, K. Szczypiorski, On Information Hiding in Retransmissions, Telecommun. Syst. Modelling, Analysis, Design and Management 52(2), 1113–1121, 2013 Search in Google Scholar

[90] K. Anjan, J. Abraham, Behavioral Analysis of Transport Layer Based Hybrid Covert Channel, In proceedings of: Third International Conference of Recent Trends in Network Security nd Applications (CNSA 2010), Chennai, India, July 23-25, 2010 (Springer Berlin Heidelberg, 2010) pp. 83–92 10.1007/978-3-642-14478-3_9Search in Google Scholar

[91] K. Anjan, J. Abraham, M. Jadhav, Design of Transport Layer Based Hybrid Covert Channel Detection Engine, arXiv:1101.0104 Search in Google Scholar

[92] vanHauser, Placing Backdoors through Firewalls, The Hacker’s Choice, 1999 Search in Google Scholar

[93] P. Pack, W. Streilein, S. Webster, R. Cunningham, Detecting http Tunneling Activities, in proceedings of: 3rd Annual Information Assurance Wksp., West Point, NY, USA, June 17–19, 2002 Search in Google Scholar

[94] K. Borders, A. Prakash, Web Tap: Detecting Covert Web Traffic, in proceedings of: 11th ACM Conf. Computer and Communications Security (CCS), 110–120, October 2004 10.1145/1030083.1030100Search in Google Scholar

[95] P. Padgett, Corkscrew, 2011, Available at http://www.agroman.net/corkscrew/ Search in Google Scholar

[96] L. Bowyer, Firewall Bypass via protocol Steganography, Network Penetration, 2002 Search in Google Scholar

[97] A. Dyatlov, S. Castro, Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the http protocol, Gray-world, USA, June, 2003 Search in Google Scholar

[98] M. Bauer, New Covert Channels in http: Adding Unwitting Web Browsers to Anonymity Sets. In Proceedings of Workshop on Privacy Electronic Society (WPES 2003), Washington, DC, USA, October 30, 2003, 72–78 10.1145/1005140.1005152Search in Google Scholar

[99] H. -G. Eßer, F. C. Freiling, Kapazitätsmessung eines verdeckten Zeitkanals über http, Technical Report TR-2005-10 (Universität Mannheim, 2005) Search in Google Scholar

[100] P. LeBoutillier, 2005, HTTunnel, Available at: http://sourceforge.net/projects/httunnel/ Search in Google Scholar

[101] Z. Kwecka, Application Layer Covert Channel Analysis and Detection, Technical Report (Napier University Edinburgh, 2006) Search in Google Scholar

[102] M. Van Horenbeeck, Deception on the network: thinking differently about covert channels, In proceedings of; Australian Information Warfare and Security Conference, Perth, Western Australia, December 4–5, 2006, 174–184 Search in Google Scholar

[103] S. Castro, Gray World Team: Cooking Channels, hakin9 Magazine, May 2006, 50–57 Search in Google Scholar

[104] R. Duncan, J. E. Martina, Steganographic Message Broadcasting using Web Protocols, In proceedings of: Simposio Brasilerio de Seguranca (SBSeg 2010), Fortaleza, Brasil, 2010 Search in Google Scholar

[105] Z. Kwecka, Application Layer Covert Channel Analysis and Detection, Technical Report (Napier University Edinburgh, 2006) Search in Google Scholar

[106] J. Blascoa, J. C. Hernandez-Castrob, J. M. de Fuentes, B. Ramosa, A framework for avoiding steganography usage over http, J. Network Computer Appl. 35(1), 491–501, 2012 http://dx.doi.org/10.1016/j.jnca.2011.10.00310.1016/j.jnca.2011.10.003Search in Google Scholar

[107] D. Alman, http Tunnels Though Proxies (SANS Institute, 2003) Search in Google Scholar

[108] X. Zou, Q. Li, S.-H. Sun, X. Niu, In: R. Khosla, R. J. Howlett, L. C. Jain (Eds.), The Research on Information Hiding Based on Command Sequence of FTP Protocol, proceedings of: the 9th International Conference on Knowledge-Based Intelligent Information and Engineering Systems (KES 2005), Melbourne, Australia, September 14–16, 2005, LNCS vol. 3683, 1079–1085 Search in Google Scholar

[109] savannah.nongnu.org, NSTX, 2002, Available at http://savannah.nongnu.org/projects/nstx/ Search in Google Scholar

[110] L. Nussbaum, P. Neyron, O. Richard, On Robust Covert Channels Inside DNS, In proceedings of: 24th IFIP TC 11 International Information Security Conference (SEC 2009), Pafos, Cyprus, May 182-20, 2009, 51–62 10.1007/978-3-642-01244-0_5Search in Google Scholar

[111] T. Pietraszek, 2004, DNSCat, Available at: http://tadek.pietraszek.org/projects/DNScat/ Search in Google Scholar

[112] D. Kaminsky, OzymanDNS, 2004, Available at: http://dankaminsky.com/2004/07/29/51/ Search in Google Scholar

[113] Anonymous, DNS Covert Channels and Bouncing Techniques, 2005, Available at: http://seclists.org/fulldisclosure/2005/Jul/att-452/p63_dns_worm_covert_channel.txt Search in Google Scholar

[114] O. Dembour, C. Collignon, DNS2TCP, 2008, Available at: http://hsc.fr/ressources/outils/dns2tcp/ Search in Google Scholar

[115] Kryo, iodine, 2010, Available at: http://code.kryo.se/iodine/ Search in Google Scholar

[116] L. Y. Bai, Y. Huang, G. Hou, B. Xiao, In: J. -S. Pan, X. Niu, H.-C. Huang, L. C. Jain (Eds.), Covert Channels Based on Jitter Field of the RTCP Header, Proceedings of the Fourth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IEEE Computer Society, 2008, 1388–1391 10.1109/IIH-MSP.2008.169Search in Google Scholar

[117] Y. Lizhi, H. Yongfeng, Y. Jian, L. Y. Bai, A Novel Covert Timing Channel Based on RTP/RTCP, Chinese J. Electron. 21(4), 711–714, 2012 Search in Google Scholar

[118] W. Mazurczyk, Lost Audio Packets Steganography: The First Practical Evaluation, Journal of Security and Communication Networks 5(12), 1394–1403, 2012 http://dx.doi.org/10.1002/sec.50210.1002/sec.502Search in Google Scholar

[119] W. Mazurczyk, K. Szczypiorski, Covert Channels in SIP for VoIP Signalling, Communications in Computer and Information Science 12, 65–72, 2008 http://dx.doi.org/10.1007/978-3-540-69403-8_910.1007/978-3-540-69403-8_9Search in Google Scholar

[120] N. Lucena, J. Pease, P. Yadollahpour, S. J. Chapin, Syntax and Semantics-Preserving Application-Layer Protocol Steganography, In proceedings of: 6th Information Hiding Workshop, Toronto, Canada, May 23–25, 2004, LNCS vol. 3200, 164–179 10.1007/978-3-540-30114-1_12Search in Google Scholar

[121] R. A. Kemmerer, Shared Resource Matrix Methodology: an Approach to Identifying Storage and Timing Channels, ACM T. Comput. Syst. (TOCS) 1(3), 256–277, 1983 http://dx.doi.org/10.1145/357369.35737410.1145/357369.357374Search in Google Scholar

[122] R. A. Kemmerer, A Practical Approach to Identifying Storage and Timing Channels: Twenty Years Later, in proceedings of: Annual Computer Security Applications Conference (ACSAC), Dec. 2002, 109–118 Search in Google Scholar

[123] A. L. Donaldson, J. McHugh, K. A. Nyberg, Covert Channels in Trusted LANs, in proceedings of: 11th NBS/NCSC National Computer Security Conference, October 1988, 226–232 Search in Google Scholar

[124] R. A. Kemmerer, P. Porras, Covert Flow Trees: A Visual Approach to Analysing Covert Storage Channels, IEEE Trans. Software Eng. SE-17(11), 1166–1185, 1991 http://dx.doi.org/10.1109/32.10697210.1109/32.106972Search in Google Scholar

[125] A. Giani, V. Berk, G. Cybenko, Covert channel detection using process query systems, in proceedings of: FLoCon 2005 Search in Google Scholar

[126] G. R. Malan, D. Watson, F. Jahanian, P. Howell, Transport and application protocol scrubbing, in proceedings of: the IEEE INFOCOM 2002 Conference, 1381–1390, Tel-Aviv, Israel, 2000 Search in Google Scholar

[127] S. Gianvecchio, H. Wang, Detecting Covert Timing Channels: An Entropy-Based Approach, in proceedings of: ACM CCS 2007, Alexandria, USA, October 28–31, 2007 10.1145/1315245.1315284Search in Google Scholar

[128] T. Sohn, J. Seo, J. Moon, In; P. Perner, S. Qing, D. Gollmann, J. Zhou (eds.), A study on the covert channel detection of TCP/IP header using support vector machine, Information and Communications Security, LNCS vol. 2836, 313–324 (Springer-Verlag, 2003) http://dx.doi.org/10.1007/978-3-540-39927-8_2910.1007/978-3-540-39927-8_29Search in Google Scholar

[129] M. Handley, V. Paxson, Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In proceedings of: the 10th USENIX Security Symposium, Washington, DC, August 13–17, 2001 Search in Google Scholar

[130] A. B. Jeng, M. D. Abrams, On Network Covert Channel Analysis, in proceedings of: 3rd Aerospace Computer Security Conference, Orlando, FL, USA, December 7–11, 1987 Search in Google Scholar

[131] H. Wei-Ming, Reducing Timing Channels with Fuzzy Time, in proceedings of: IEEE Computer Society Symposium Research in Security and Privacy, Oakland, CA, USA, May, 1991, 8–20 Search in Google Scholar